On the performance of Internet worm scanning strategies
نویسندگان
چکیده
In recent years, fast spreading worms have become one of the major threats to the security of the Internet. In order to defend against future worms, it is important to understand how worms propagate and how different scanning strategies affect their propagation. In this paper, we model and analyze worm propagation under various scanning strategies, such as idealized scan, uniform scan, divide-andconquer scan, local preference scan, sequential scan, target scan, etc. We also analyze and discuss how attackers could optimize their scanning strategies, and provide some guidelines for building up a monitoring infrastructure to defend against future worms.
منابع مشابه
Potential Strategies for High Speed Active Worms: A Worst Case Analysis
Active worms, malicious programs which spread in a completely autonomous manner, have the potential to rapidly spread across the internet. Two important questions which must be answered when constructing defenses is how fast a worm can spread and how long a given worm can remain a significant threat on the Internet, as these answers dictate requirements for defenses. There are multiple obvious ...
متن کاملOptimal worm-scanning method using vulnerable-host distributions
Most Internet worms use random scanning. The distribution of vulnerable hosts on the Internet, however, is highly non-uniform over the IP-address space. This implies that random scanning wastes many scans on invulnerable addresses, and more virulent scanning schemes may take advantage of the non-uniformity of a vulnerablehost distribution. Questions then arise as to how attackers may exploit su...
متن کاملModeling, Analysis, and Mitigation of Internet Worm Attacks
In recent years, worms have become one of the major threats to the security of the Internet. In this talk, I will present our research on modeling, analysis, and mitigation of Internet worm attacks, which includes: (1) We present a “two-factor worm model”, which considers the impact of human counteractions and network congestion on a worm's propagation. (2) To detect the presence of an Internet...
متن کاملEmulating sequential scanning worms on the DETER testbed
Internet worm security threats have increased with their more advanced scanning strategies and malicious payloads. In this article, we extend our existing KMSim worm model to account for the self-destructive or removal/death behavior of worms. The modified model is then used to simulate the Witty and Blaster worms. Also in this paper we describe our experience of running worm emulation experime...
متن کاملEmulation of “single-packet” UDP Scanning Worms in Large Enterprises
Worms are a serious threat to Internet security. The past research on worm has been focused on mathematical modeling, numerical analysis, and simulation in addition to proposed defense strategies. We believe a fine-grained, packet-level emulation of worm propagation in enterprise networks is highly beneficial for the deep understanding of worm dynamics and a prerequisite for worm containment an...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
- Perform. Eval.
دوره 63 شماره
صفحات -
تاریخ انتشار 2006