Pulse quarantine strategy of internet worm propagation: Modeling and analysis

Article history: Available online 6 September 2011 0045-7906/$ see front matter 2011 Elsevier Ltd doi:10.1016/j.compeleceng.2011.07.009 q Reviews processed and approved for publication ⇑ Corresponding author at: College of Information E-mail addresses: [email protected], haveb Worms can spread throughout the Internet very quickly and are a great security threat. Constant quarantine strategy is a defensive measure against worms, but its reliability in current imperfect intrusion detection systems is poor. A pulse quarantine strategy is thus proposed in the current study. The pulse quarantine strategy adopts a hybrid intrusion detection system with both misuse and anomaly detection. Through analysis of corresponding worm propagation models, its stability condition is obtained: when the basic reproduction number is less than one, the model is stable at its infection-free periodic equilibrium point where worms get eliminated. Numerical and simulation experiments show that constant quarantine strategy is inefficient because of its high demand on the patching rate at ‘‘birth’’, whereas the pulse quarantine strategy can lead to worm elimination with a relatively low value. As patching almost all hosts in the actual network is difficult, the pulse quarantine strategy is more effective in worm elimination. 2011 Elsevier Ltd. All rights reserved.