Online Accumulation: Reconstruction of Worm Propagation Path
نویسندگان
چکیده
Knowledge of the worm origin is necessary to forensic analysis, and knowledge of the initial causal flows supports diagnosis of how network defenses were breached. Fast and accurate online tracing network worm during its propagation, help to detect worm origin and the earliest infected nodes, and is essential for large-scale worm containment. This paper introduces the Accumulation Algorithm which can efficiently tracing worm origin and the initial propagation paths, and presents an improved online Accumulation Algorithm using sliding detection windows. We also analyzes and verifies their detection accuracy and containment efficacy through simulation experiments in large scale network. Results indicate that the online Accumulation Algorithm can accurately tracing worms and efficiently containing their propagation in an approximately real-time manner. keywords: Worm, Propagation path, Online tracing, Containment
منابع مشابه
PathCutter: Severing the Self-Propagation Path of XSS JavaScript Worms in Social Web Networks
Worms exploiting JavaScript XSS vulnerabilities rampantly infect millions of web pages, while drawing the ire of helpless users. To date, users across all the popular social networks, including Facebook, MySpace, Orkut and Twitter, have been vulnerable to XSSworms. We propose PathCutter as a new approach to severing the self-propagation path of JavaScript worms. PathCutter works by blocking two...
متن کاملLocator/Identifier Separation: Comparison and Analysis on the Mitigation of Worm Propagation
As a basic prerequisite for worm detection based on computational intelligence in networks with locator/identifier separation, it is well worth considering the influence on worm propagation due to the incoming locator/identifier separation. In this paper, according to the characteristics of locator/identifier separation, we systematically analyze the mitigation of worm propagation in three aspe...
متن کاملCorrelation Model of Worm Propagation on Scale-Free Networks
The problem of network worms is worsening despite increasing efforts and expenditure on cyber-security. Worm propagation is a random process that creates a complex system of interacting agents (worm copies) over the propagation medium – a scale-free graph, representing real-world networks. Understanding the propagation of network worms on scale-free graphs is the fi rst step towards devising ef...
متن کاملPeer-to-peer system-based active worm attacks: Modeling, analysis and defense
0140-3664/$ see front matter 2008 Elsevier B.V. A doi:10.1016/j.comcom.2008.08.008 * Corresponding author. Tel.: +1 214 208 5951. E-mail addresses: [email protected] (W. Yu), ch pan), [email protected] (X. Wang), xuan@cs Active worms continue to pose major threats to the security of today’s Internet. This is due to the ability of active worms to automatically propagate themselves and co...
متن کاملAn Optimized Online Secondary Path Modeling Method for Single-Channel Feedback ANC Systems
This paper proposes a new method for online secondary path modeling in feedback active noise control (ANC) systems. In practical cases, the secondary path is usually time-varying. For these cases, online modeling of secondary path is required to ensure convergence of the system. In literature the secondary path estimation is usually performed offline, prior to online modeling, where in the prop...
متن کامل