Title

On the performance of Internet worm scanning strategies

Authors

Authors

C. C. Zou; D. Towsley;W. B. Gong

Comments

Authors: contact us about adding a copy of your work at STARS@ucf.edu

Abbreviated Journal Title

Perform. Eval.

Keywords

worm modeling; worm scanning strategy; network security; network; monitoring; Computer Science, Hardware & Architecture; Computer Science, Theory &; Methods

Abstract

In recent years, fast spreading worms, such as Code Red, Slammer, Blaster and Sasser, have become one of the major threats to the security of the Internet. In order to defend against future worms, it is important to first understand how worms propagate and how different scanning strategies affect worm propagation dynamics. In this paper, we systematically model and analyze worm propagation under various scanning strategies, such as uniform scan, routing scan, hit-list scan, cooperative scan, local preference scan, sequential scan, divide-and-conquer scan, target scan, etc. We also provide an analytical model to accurately model Witty worm's destructive behavior. By using the same modeling framework, we reveal the underlying similarity and relationship between different worm scanning strategies. In addition, based on our simulation and analysis of Blaster worm propagation and monitoring, we provide a guideline for building a better worm monitoring infrastructure. (C) 2005 Elsevier B.V. All rights reserved.

Journal Title

Performance Evaluation

Volume

63

Issue/Number

7

Publication Date

1-1-2006

Document Type

Article

Language

English

First Page

700

Last Page

723

WOS Identifier

WOS:000237900500005

ISSN

0166-5316

Share

COinS