On the performance of Internet worm scanning strategies

    Authors

    C. C. Zou; D. Towsley;W. B. Gong

    Comments

    Authors: contact us about adding a copy of your work at STARS@ucf.edu

    Abbreviated Journal Title

    Perform. Eval.

    Keywords

    worm modeling; worm scanning strategy; network security; network; monitoring; Computer Science, Hardware & Architecture; Computer Science, Theory &; Methods

    Abstract

    In recent years, fast spreading worms, such as Code Red, Slammer, Blaster and Sasser, have become one of the major threats to the security of the Internet. In order to defend against future worms, it is important to first understand how worms propagate and how different scanning strategies affect worm propagation dynamics. In this paper, we systematically model and analyze worm propagation under various scanning strategies, such as uniform scan, routing scan, hit-list scan, cooperative scan, local preference scan, sequential scan, divide-and-conquer scan, target scan, etc. We also provide an analytical model to accurately model Witty worm's destructive behavior. By using the same modeling framework, we reveal the underlying similarity and relationship between different worm scanning strategies. In addition, based on our simulation and analysis of Blaster worm propagation and monitoring, we provide a guideline for building a better worm monitoring infrastructure. (C) 2005 Elsevier B.V. All rights reserved.

    Journal Title

    Performance Evaluation

    Volume

    63

    Issue/Number

    7

    Publication Date

    1-1-2006

    Document Type

    Article

    Language

    English

    First Page

    700

    Last Page

    723

    WOS Identifier

    WOS:000237900500005

    ISSN

    0166-5316

    Share

    COinS