On the performance of Internet worm scanning strategies
Abbreviated Journal Title
worm modeling; worm scanning strategy; network security; network; monitoring; Computer Science, Hardware & Architecture; Computer Science, Theory &; Methods
In recent years, fast spreading worms, such as Code Red, Slammer, Blaster and Sasser, have become one of the major threats to the security of the Internet. In order to defend against future worms, it is important to first understand how worms propagate and how different scanning strategies affect worm propagation dynamics. In this paper, we systematically model and analyze worm propagation under various scanning strategies, such as uniform scan, routing scan, hit-list scan, cooperative scan, local preference scan, sequential scan, divide-and-conquer scan, target scan, etc. We also provide an analytical model to accurately model Witty worm's destructive behavior. By using the same modeling framework, we reveal the underlying similarity and relationship between different worm scanning strategies. In addition, based on our simulation and analysis of Blaster worm propagation and monitoring, we provide a guideline for building a better worm monitoring infrastructure. (C) 2005 Elsevier B.V. All rights reserved.
"On the performance of Internet worm scanning strategies" (2006). Faculty Bibliography 2000s. 6782.