Internet Epidemics: Attacks, Detection and Defenses, and Trends

Internet epidemics are malicious software that can self-propagate across the Internet, i.e., compromise vulnerable hosts and use them to attack other victims. Since the early stage of the Internet, epidemics have caused enormous damages and been a significant security threat. For example, the Morris worm infected 10% of all hosts in the Internet in 1988; the Code Red worm compromised at least 359,000 hosts in one day in 2001; and the Storm botnet affected tens of millions of hosts in 2007. Therefore, it is imperative to understand and characterize the problem of Internet epidemics including the methods of attacks, the ways of detection and defenses, and the trends of future evolution. Internet epidemics include viruses, worms, and bots. The past more than twenty years have witnessed the evolution of Internet epidemics. Viruses infect machines through exchanged emails or disks, and dominated 1980s and 1990s. Internet active worms compromise vulnerable hosts by automatically propagating through the Internet and have caused much attention since Code Red and Nimda worms in 2001. Botnets are zombie networks controlled by attackers through Internet relay chat (IRC) systems (e.g., GTBot) or peer-to-peer (P2P) systems (e.g., Storm) to execute coordinated attacks, and have become the number one threat to the Internet in recent years. Since Internet epidemics have evolved to become more and more virulent and stealthy, they have been identified as one of top four security problems and targeted to be eliminated before 2014 (52). The task of protecting the Internet from epidemic attacks has many significant challenges: