International Journal of Information Security

, Volume 6, Issue 6, pp 361–378

COVERAGE: detecting and reacting to worm epidemics using cooperation and validation

  • Kostas G. Anagnostakis
  • Michael B. Greenwald
  • Sotiris Ioannidis
  • Angelos D. Keromytis
Special Issue Paper

DOI: 10.1007/s10207-007-0032-z

Cite this article as:
Anagnostakis, K.G., Greenwald, M.B., Ioannidis, S. et al. Int. J. Inf. Secur. (2007) 6: 361. doi:10.1007/s10207-007-0032-z


Cooperative defensive systems communicate and cooperate in their response to worm attacks, but determine the presence of a worm attack solely on local information. Distributed worm detection and immunization systems track suspicious behavior at multiple cooperating nodes to determine whether a worm attack is in progress. Earlier work has shown that cooperative systems can respond quickly to day-zero worms, while distributed detection systems allow detectors to be more conservative (i.e., paranoid) about potential attacks because they manage false alarms efficiently. In this paper we present our investigation into the complex tradeoffs in such systems between communication costs, computation overhead, accuracy of the local tests, estimation of viral virulence, and the fraction of the network infected before the attack crests. We evaluate the effectiveness of different system configurations in various simulations. Our experiments show that distributed algorithms are better able to balance effectiveness against worms and viruses with reduced cost in computation and communication when faced with false alarms. Furthermore, cooperative, distributed systems seem more robust against malicious participants in the immunization system than earlier cooperative but non-distributed approaches.

Copyright information

© Springer-Verlag 2007

Authors and Affiliations

  • Kostas G. Anagnostakis
    • 1
  • Michael B. Greenwald
    • 2
  • Sotiris Ioannidis
    • 3
  • Angelos D. Keromytis
    • 4
  1. 1.Institute for Infocomm ResearchSingaporeSingapore
  2. 2.Bell LabsLucent Technologies, Inc.Murray HillUSA
  3. 3.Computer Science DepartmentStevens Institute of TechnologyHobokenUSA
  4. 4.Department of Computer ScienceColumbia UniversityNew YorkUSA