After many Internet-scale worm incidents in recent years, it is clear that a simple self-propagation worm can quickly spread across the Internet. And every worm incidents can cause severe damage to our society. So it is necessary to build a system that can detect the presence of worm as quickly as possible. This paper first analyzes the worm’s framework and its propagation model. Then, we descr...

Most well-known worms, such as Code Red, Slammer, Blaster, and Sasser, infected vulnerable computers by scanning the entire IPv4 address space. In this article, the authors present an advanced worm called the “routing worm,” which implements two new attacking techniques. First, a routing worm uses Border Gateway Protocol (BGP) routing tables to only scan the Internet-routable address space, whi...

The effort required for detecting worm viruses, that threaten the reliability and stability of network resources, is in the process of advancing, demanding increasingly sophisticated resources. Pattern-based worm virus detection systems use detection methods, which focus on pattern analysis for specific worm viruses. In the event of a different attack method, or a new attack occurs, current sys...

“War of the worms” is a war between opposing computer worms, creating complex worm interactions. For example, in September 2003 the Welchia worms were launched to terminate the Blaster worms and patch the vulnerable hosts. In this paper, we try to answer the following questions: How can we explain the dynamic of such phenomena with a simple mathematical model? How can one worm win this war? How...

In the internet, a worm is usually propagated in a random multi-hop contact manner. However, the attacker will not likely select this random multi-hop propagation approach in a mobile sensor network. This is because multi-hop worm route paths to random vulnerable targets can be often breached due to node mobility, leading to failure of fast worm spread under this strategy. Therefore, an appropr...

Worms are a common phenomenon in today’s Internet and cause tens of billions of dollars in damages to businesses around the world each year. This article first presents various concepts related to worms, and then classifies the existing worms into four types– Internet worms, P2P worms, email worms and IM (Instant Messaging) worms, based on the space in which a worm finds a victim target. The In...

Today’s computer world the Active worm’s are the major security issues in the Internet. This is because of the ability of active worms to execute in an automated fashion as they continuously attack the computers on the Internet. Here we find a new class of active worms, called as Camouflaging Worm (C-Worm). The C-Worm is different from regular worms because of its ability to change its scan tra...

This work presents our GLOWS (Gateway Level Oregon Worm Simulator) simulator, designed to produce realistic worm traffic over a broad range of scenarios. GLOWS simulates the spread of a worm across the Internet and its propagation into a single domain with the goal of capturing the worm traffic that crosses the gateway point separating the monitored domain from the Internet.