On the performance of Internet worm scanning strategies

In recent years, fast spreading worms, such as Code Red, Slammer, Blaster and Sasser, have become one of the major threats to the security of the Internet. In order to defend against future worms, it is important to first understand how worms propagate and how different scanning strategies affect wo...

Full description

Saved in:
Bibliographic Details
Published inPerformance evaluation Vol. 63; no. 7; pp. 700 - 723
Main Authors Zou, Cliff C., Towsley, Don, Gong, Weibo
Format Journal Article
LanguageEnglish
Published Elsevier B.V 01.07.2006
Subjects
Network monitoring
Network security
Worm modeling
Worm scanning strategy
Network security
Worm scanning strategy
Worm modeling
Network monitoring
Online AccessGet full text

Cover

More Information
Summary:In recent years, fast spreading worms, such as Code Red, Slammer, Blaster and Sasser, have become one of the major threats to the security of the Internet. In order to defend against future worms, it is important to first understand how worms propagate and how different scanning strategies affect worm propagation dynamics. In this paper, we systematically model and analyze worm propagation under various scanning strategies, such as uniform scan, routing scan, hit-list scan, cooperative scan, local preference scan, sequential scan, divide-and-conquer scan, target scan, etc. We also provide an analytical model to accurately model Witty worm’s destructive behavior. By using the same modeling framework, we reveal the underlying similarity and relationship between different worm scanning strategies. In addition, based on our simulation and analysis of Blaster worm propagation and monitoring, we provide a guideline for building a better worm monitoring infrastructure.
ISSN:0166-5316
1872-745X
DOI:10.1016/j.peva.2005.07.032