Nothing Special   »   [go: up one dir, main page]
Skip to main content
Springer Nature Link
Log in

A stochastic worm model

  • Published:
Telecommunication Systems Aims and scope Submit manuscript

Abstract

Internet worm infection continues to be one of top security threats and has been widely used by botnets to recruit newbots. In order to defend against future worms, it is important to understand how worms propagate and how different scanning strategies affect worm propagation dynamics. In our study, we present a (stochastic) continuous-time Markov chain model for characterizing the propagation of Internet worms. The model is developed for uniform scanning worms, and further for local preference scanning worms and flash worms. Specifically, for uniform and local preference scanning worms, we are able to (1) provide a precise condition that determines whether the worm spread would eventually stop and (2) obtain the distribution of the total number of infected hosts. By using the same modeling approach, we reveal the underlying similarity and relationship between uniform scanning and local preference scanning worms. Finally, we validate the model by simulating the propagation of worms.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5

Similar content being viewed by others

Explore related subjects

Discover the latest articles, news and stories from top researchers in related subjects.

References

  1. Moore, D., Shannon, C., & Brown, J. (2002). Code-red: A case study on the spread and victims of an internet worm. In Proceedings of the 2nd Internet Measurement Workshop (IMW), Marseille, France.

  2. Moore, D., Paxson, V., & Savage, S. (2003). Inside the slammer worm. IEEE Magazine of Security and Privacy, 4(1), 33–39.

    Article  Google Scholar 

  3. Casado, M., Garfinkel, T., Cui, W., Paxson, V., & Savage, S. (2005). Opportunistic measurement: Extracting insight from spurious traffic. In Proceedings of the 4th ACM SIGCOMM HotNets Workshop (HotNets), College Park, MD.

  4. Zargar, S. T., Joshi, J., & Tipper, D. (2013). A survey of defense mechanisms against distributed denial of service (DDoS) flooding attacks. IEEE Communications Surveys & Tutorials, 15(4), 2046–2069.

    Article  Google Scholar 

  5. Khonji, M., Iraqi, Y., & Jones, A. (2013). Phishing detection: A literature survey. IEEE Communications Surveys & Tutorials, 15(4), 2091–2121.

    Article  Google Scholar 

  6. Wu, M. W., Wang, Y. M., Kuo, S.-Y., & Huang, Y. (2007). Self healing spyware: Detection, and remediation. IEEE Transactions on Reliability, 56(4), 588–596.

    Article  Google Scholar 

  7. Staniford, S., Paxson, V., & Weaver, N. (2002). How to own the Internet in your spare time. In Bonehed. Proceedings of the 11th Usenix Security Symposium, San Francisco.

  8. Zou, C. C., Gong, W., & Towsley, D. (2002). Code red worm propagation modeling and analysis. In Proceedings of the 9th ACM conference on computer and communication security (CCS’02), Washington, DC (pp. 138–147).

  9. Kesidis, G., Hamadeh, I., & Jiwasurat, S. (2005). Coupled kermack-mckendrick models for randomly scanning and bandwidth-saturating internet worms. In Proceedings of 3rd international workshop on QoS in multiservice IP networks QoS-IP (pp. 101–109).

  10. Chen, Z., Gao, L., & Kwiat, K. (2003). Modeling the spread of active worms. In Proceedings of the IEEE INFOCOM 2003.

  11. Kephart, J. O., Chess, D. M., & White, S. R. (1993). Computers and epidemiology. IEEE Spectrum, 30(5), 20–26.

    Article  Google Scholar 

  12. Kephart, J. O. & White, S. R. (1991). Directed-graph epidemiological models of computer viruses. In Proceedings of IEEE symposium on security and privacy (pp. 343–359).

  13. Kephart, J. O., White, S. R. (1993). Measuring and modeling computer virus prevalence. In Proceedings of IEEE symposium on security and privacy.

  14. Daley, D. J., & Gani, J. (1999). Epidemic modeling: An introduction. Cambridge: Cambridge University Press.

    Book  Google Scholar 

  15. Andersson, H., & Britton, T. (2000). Stochastic epidemic models and their statistical analysis. New York: Springer.

    Book  Google Scholar 

  16. Frauenthal, J. C. (1980). Mathematical modeling in epidemiology. New York: Springer.

    Book  Google Scholar 

  17. Tang, Y., Xiao, B., & Lu, X. (2011). Signature Tree generation for polymorphic worms. IEEE Transactions on Computers, 60(4), 565–579.

    Article  Google Scholar 

  18. Wang, L., Li, Z., Chen, Y., Fu, Z. J., & Li, X. (2009). Thwarting zero-day polymorphic worms with network-level length-based signature generation. IEEE/ACM Transactions on Networking, 17(5), 1–14.

    Article  Google Scholar 

  19. Singh, S., Estan, C., Varghese, G., & Savage, S. (2004). Automated worm fingerprinting. In 6th symposium on operating system design and implementation (OSDI), San Diego, CA (pp. 45–60).

  20. Kim, H.-A. & Karp, B. (2004). Autograph: Toward automated, distributed worm signature detection. In Proceedings of the 13th Usenix Security Symposium (Security 2004), San Diego, CA (pp.271–286).

  21. Newsome, J., Karp, B., & Song, D. (2005). Polygraph: Automatically generating signatures for polymorphic worms. In Proceedings of the IEEE symposium on security and privacy, Oakland, California, USA (pp. 226–241).

  22. Yu, W., Wang, X., Calyam, P., Xuan, D., & Zhao, W. (2011). Modeling and detection of camouflaging worm. IEEE Transactions on Dependable and Secure Computing, 8(4), 377–390.

    Article  Google Scholar 

  23. Chen, T., Zhang, X.-S., & Wu, Y. (2014). FPM: Four-factors propagation model for passive P2P worms. Future Generation Computer Systems, 36, 133–141.

    Article  Google Scholar 

  24. Manna, P. K., Chen, S., & Ranka, S. (2010). Inside the permutation-scanning worms: Propagation modeling and analysis. IEEE/ACM Transactions on Networking, 18(3), 858–870.

    Article  Google Scholar 

  25. Yu, W., Zhang, N., Fu, X., & Zhao, W. (2010). Self-disciplinary worms and countermeasures: Modeling and analysis. IEEE Transactions on Parallel and Distributed Systems, 21(10), 1501–1514.

    Article  Google Scholar 

  26. Jackson, J. T., & Creese, S. (2012). Virus propagation in heterogeneous bluetooth networks with human behaviors. IEEE Transactions on Dependable and Secure Computing, 9(6), 930–943.

    Article  Google Scholar 

  27. Sellke, S. H., Shroff, N. B., & Bagchi, S. (2008). Modeling and automated containment of worms. IEEE Transactions on Dependable and Secure Computing, 5(2), 71–86.

    Article  Google Scholar 

  28. Ross, S. (1996). Stochastic processes (2nd ed.). New York: Wiley.

    Google Scholar 

  29. Zou, C. C., Towsley, D., Gong, W., & Cai, S. (2005). Routing worm: A fast, selective attack worm based on IP address information. In Proceedings of 19th ACM/IEEE/SCS workshop on principles of advanced and distributed simulation (PADS).

  30. Staniford, S., Moore, D., Paxson, V., & Weaver, N. (2004). The top speed of flash worms. In Proceedings of the 2004 ACM workshop on rapid malcode, New York (pp. 33–42).

  31. Liljenstam, M., Nicol, D. M., Berk, V. H. & Gray, R. S. (2003). Simulating realistic network worm traffic for worm warning system design and testing. In Proceedings of the ACM Workshop Rapid Malcode (pp. 24–33).

  32. Chen, C.-M., Wang, K.-H., Wu, T.-Y., Pan, J.-S., & Sun, H.-M. (2013). A scalable transitive human-verifiable authentication protocal for mobile devices. IEEE Transactions on Information Forensics and Security, 8(8), 1318–1330.

    Article  Google Scholar 

  33. Pan, J.-S., Wu, T.-Y., Chen, C.-M., & Wang, E.K. (2015). Security analysis of a time-bound hierarchical key assignment scheme. IIH-MSP (pp. 203–206).

  34. Wang, E. K., Cao, Z., Wu, T.-Y., & Chen, C.-M. (2015). MAPMP: A mutual authentication protocol for mobile payment. Journal of Information Hiding and Multimedia Signal Processing, 6(4), 697–707.

    Google Scholar 

Download references

Acknowledgments

This work is supported by the national natural science foundation of China under Grant Nos. 61300233, 61402298 and 61472169, the Foundation of Science Public Welfare of Liaoning Province in China (No. 2015003003), the Ph.D. startup Fund of SAU (No. 13YB16).

Author information

Authors and Affiliations

  1. School of Information Science and Technology, LiaoNing University, Shenyang, China

    Hanxun Zhou

  2. School of Computer Science, Shenyang Aerospace University, Shenyang, China

    Wei Guo

Authors
  1. Hanxun Zhou
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Wei Guo
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Wei Guo.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Zhou, H., Guo, W. A stochastic worm model. Telecommun Syst 64, 135–145 (2017). https://doi.org/10.1007/s11235-016-0164-4

Download citation

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s11235-016-0164-4

Keywords

Search

Navigation