Modeling, Analysis, and Mitigation of Internet Worm Attacks
ثبت نشده
چکیده
In recent years, worms have become one of the major threats to the security of the Internet. In this talk, I will present our research on modeling, analysis, and mitigation of Internet worm attacks, which includes: (1) We present a “two-factor worm model”, which considers the impact of human counteractions and network congestion on a worm's propagation. (2) To detect the presence of an Internet worm at its early stage (to ensure us to have enough time for defense), we present a non-threshold based detection methodology, “trend detection”, to detect the exponential growth trend, not the traffic burst, of worm monitored data. (3) For defense against fast spreading worms, we present a “feedback dynamic quarantine system”. It implements two principles that have been used in the epidemic disease control in the real world: “preemptive quarantine” and “feedback adjustment”. (4) We find that a “routing worm”, which scans the IP space defined by BGP routing prefixes, propagates several times faster than a traditional worm. A routing worm could also conduct selective attacks to a specific AS, ISP, or country; and, unfortunately, it can be easily implemented by attackers. (5) We systematically model and analyze worm propagation under different scanning strategies such as local preference scan and sequential scan, and derive several interesting conclusions.
منابع مشابه
Unified Rate Limiting in Broadband Access Networks for Defeating Internet Worms and DDoS Attacks
Internet worms and DDoS attacks are considered the two most menacing attacks on today’s Internet. The traditional wisdom is that they are different beasts, and they should be dealt with independently. In this paper, however, we show that a unified rate limiting algorithm is possible, which effectively works on both Internet worms and DDoS attacks. The unified approach leads to higher worm traff...
متن کاملPeer-to-peer system-based active worm attacks: Modeling, analysis and defense
0140-3664/$ see front matter 2008 Elsevier B.V. A doi:10.1016/j.comcom.2008.08.008 * Corresponding author. Tel.: +1 214 208 5951. E-mail addresses: [email protected] (W. Yu), ch pan), [email protected] (X. Wang), xuan@cs Active worms continue to pose major threats to the security of today’s Internet. This is due to the ability of active worms to automatically propagate themselves and co...
متن کاملAnalytical Characterization of Internet Security Attacks
Sellke, Sarah H. Ph.D., Purdue University, May 2010. Analytical Characterization of Internet Security Attacks. Major Professors: Saurabh Bagchi and Ness B. Shroff. Internet security attacks have drawn significant attention due to their enormously adverse impact. These attacks includes Malware (Viruses, Worms, Trojan Horse), Denial of Service, Packet Sniffer, and Password Attacks. There is an in...
متن کاملMultiscale Modeling and Simulation of Worm Effects on the Internet Routing Infrastructure
An unexpected consequence of recent worm attacks on the Internet was that the routing infrastructure showed evidence of increased BGP announcement churn. As worm propagation dynamics are a function of the topology of a very large-scale network, a faithful simulation model must capture salient features at a variety of resolution scales. This paper describes our efforts to model worm propagation ...
متن کاملInvestigating the Effect of Uniform Random Distribution of Nodes in Wireless Sensor Networks Using an Epidemic Worm Model
The emergence of malicious codes that attack Wireless Sensor Networks (WSN) made it necessary to direct research attention to security. These attacks arising from worms pose devastating threats to networks which can lead to substantial losses or damages. However, recent models developed for the purpose of understanding worm transmission patterns and ensuring its containment did not account for ...
متن کامل