Springer Nature is making SARS-CoV-2 and COVID-19 research free. View research | View latest news | Sign up for updates

Strategy of fast and light-load cloud-based proactive benign worm countermeasure technology to contain worm propagation

  • 287 Accesses

  • 3 Citations


Benign worms have been attracting wide attention in the field of worm research due to the proactive defense against the worm propagation and patch for the susceptible hosts. In this paper, two revised Worm–Anti-Worm (WAW) models are proposed for cloud-based benign worm countermeasure. These Re-WAW models are based on the law of worm propagation and the two-factor model. One is the cloud-based benign Re-WAW model to achieve effective worm containment. Another is the two-stage Re-WAW propagation model, which uses proactive and passive switching defending strategy based on the ratio of benign worms to malicious worms. This model intends to avoid the network congestion and other potential risks caused by the proactive scan of benign worms. Simulation results show that the cloud-based Re-WAW model significantly improves the worm propagation containment effect. The cloud computing technology enables rapid delivery of massive initial benign worms, and the two stage Re-WAW model gradually clears off the benign worms with the containment of the malicious worms.

This is a preview of subscription content, log in to check access.

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7
Fig. 8
Fig. 9
Fig. 10
Fig. 11
Fig. 12
Fig. 13
Fig. 14
Fig. 15
Fig. 16
Fig. 17
Fig. 18
Fig. 19
Fig. 20
Fig. 21
Fig. 22
Fig. 23


  1. 1.

    Eugene SH (1988) The Internet worm program: an analysis. Technical report, CSD-TR-823, pp 1–29

  2. 2.

    Seeley D (1989) A tour of the worm. In: Proceedings of USENIX technical. pp 287–304

  3. 3.

    Porras P, Saidi H, Yegneswaran V (2011) An analysis of conficker’s logic and rendezvous protocol. http://mtc.sri.com/Conficker/. Accessed 16 March 2011

  4. 4.

    Williams A (2011) The largest cloud in the world is owned by a criminal. http://www.readwriteweb.com/cloud/2010/04/the-largest-cloud-in-the-world.php. Accessed 12 April 2011

  5. 5.

    Symantec (2010) Symantec global Internet security threat report trends for 2009. Technical report, XV

  6. 6.

    Staniford S, Paxson V, Weaver N (2002) How to own the Internet in your spare time. In: Proceedings of the 11th USENIX security symposium, pp 149–167

  7. 7.

    Castaneda F, Can Sezer E, Xu J (2004) WORM vs WORM: preliminary study of an active counter-attack mechanism. In: Proceedings of the 2004 ACM workshop on rapid malcode, pp 83–93

  8. 8.

    Qing S, Wen W (2005) A survey and trends on Internet worms. Comput Secur 24:334–346. doi:10.1016/j.cose.2004.10.001

  9. 9.

    Cohen F (1987) Computer viruses: theory and experiments. Comput Secur 6(1):22–35. doi:10.1016/0167-4048(87)90122-2

  10. 10.

    Bailey NTJ (1975) The mathematical theory of infectious diseases and its applications. Hafner Press, New York

  11. 11.

    Frauenthal JC (1980) Mathematical modeling in epidemiology. Springer, New York

  12. 12.

    Anderson RM, May RM (1991) Infectious diseases of humans: dynamics and control. Oxford University Press, London

  13. 13.

    Kephart JO, White SR (1991) Directed-graph epidemiological models of computer viruses. In: Proceedings of IEEE symposium on security and privacy, pp 343–359

  14. 14.

    Kephart JO, Chess DM, White SR (1993) Computers and epidemiology. IEEE Spectr 30(5):20–26

  15. 15.

    Andersson H, Britton T (2000) Stochastic epidemic models and their statistical analysis. Springer, New York

  16. 16.

    Zou CC, Gong W, Towsley D (2002) Code red worm propagation modeling and analysis. In: Proceedings of the 9th ACM conference on computer and communications security, pp 138–147

  17. 17.

    Chen Z, Gao L, Kwiat K (2003) Modeling the spread of active worms. In: IEEE INFOCOM 2003

  18. 18.

    Piqueira JRC, Navarro BF, Monteiro LHA (2005) Epidemiological models applied to viruses in computer networks. J Comput Sci 1(1):31–34

  19. 19.

    Nicol DM (2006) The impact of stochastic variance on worm propagation and detection. In: Proceedings of the 4th ACM workshop on recurring malcode, pp 57–64. doi:10.1145/1179542.1179555

  20. 20.

    Zou CC, Towsley D, Gong W (2006) On the performance of Internet worm scanning strategies. J Perform Eval 63(7):700–723. doi:10.1016/j.peva.2005.07.032

  21. 21.

    Tanachaiwiwat S, Helmy A (2007) Modeling and analysis of worm interactions (war of the worms). In: Proceedings of BROADNETS’07, pp 649–658

  22. 22.

    Li J, Knickerbocker P (2007) Functional similarities between computer worms and biological pathogens. Comput Secur 26(4):338–347. doi:10.1016/j.cose.2006.12.002

  23. 23.

    Yuan H, Chen G (2008) Network virus-epidemic model with the point-to-group information propagation. Appl Comput Math 206(1):357–367. doi:10.1016/j.amc.2008.09.025

  24. 24.

    Piqueira JRC, Vasconcelos AA, Gabriel CECJ, Araujo VO (2008) Dynamic models for computer viruses. Comput Secur 27(7–8):355–359. doi:10.1016/j.cose.2008.07.006

  25. 25.

    Su F, Lin Z, Ma Y (2010) Modeling and analysis of Internet worm propagation. J China Univ Post Telecommun 17(4):63–68. doi:10.1016/S1005-8885(09)60489-1

  26. 26.

    Yu W, Wang X, Champion A, Xuan D, Lee D (2011) On detecting active worms with varying scan rate. Comput Commun 34(11):1269–1282. doi:10.1016/j.comcom.2010.10.014

  27. 27.

    Provos N (2010) A virtual honeypot framework. CITI technical report 03-1. http://www.citi.umich.edu/techreports/reports/citi-tr-03-1.pdf. Accessed 28 July 2010

  28. 28.

    Oudot L (2010) Fighting worms with honeypots: honeyd vs msblast, honeypots mailinglist. http://lists.insecure.org/lists/honeypots/2003/Jul-Sep/0071.htm. Accessed 11 September 2010

  29. 29.

    Berk VH, Gray RS, Bakos G (2003) Using sensor networks and data fusion for early detection of active worms. Proc SPIE 2003:92–104. doi:10.1117/12.500849

  30. 30.

    Moore D, Paxson V, Savage S, Shannon C, Staniford S, Weaver N (2003) Inside the slammer worm. IEEE Secur Priv 1(4):33–39. doi:10.1109/MSECP.2003.1219056

  31. 31.

    Zou CC, Gao L, Gong W, Towsley D (2003) Monitoring and early warning for Internet worms. In: Proceedings of the 10th ACM conference on computer and communications security, pp 190–199. doi:10.1145/948109.948136

  32. 32.

    Cheung S, Hoagland J, Levitt K, Rowe J, Staniford S et al (1999) The design of GrIDS: a graph-based intrusion detection system. Technical report, CSE-99-2. http://citeseer.nj.nec.com/cheung99design.html. Accessed 15 September 2010

  33. 33.

    Jung J, Paxson V, Berger AW, Balakrishnan H (2004) Fast portscan detection using sequential hypothesis testing. In: Proceedings of IEEE symposium on security and privacy

  34. 34.

    Cooke E, Bailey M, Jahanian F, Mortier R (2006) The dark oracle: perspective-aware unused and unreachable address. In: Proceedings of the 3rd conference on networked systems design & implementation, vol 3, pp 8

  35. 35.

    Li L, Jhi Y, Liu P, Kesidis G (2007) Evaluation of collaborative worm containment on the deter testbed. In: Proceedings of the DETER community workshop on cyber security experimentation and test

  36. 36.

    Choi Y, Li L, Liu P, Kesidis G (2010) Worm virulence estimation for the containment of local worm outbreak. Comput Secur 29:104–123. doi:10.1016/j.cose.2009.07.002

  37. 37.

    Zou CC, Gong W, Towsley D (2003) Worm propagation modeling and analysis under dynamic quarantine defense. In: Proceedings of the 2003 ACM workshop on rapid malcode, pp 51–60. doi:10.1145/948187.948197

  38. 38.

    Staniford S (2004) Containment of scanning worm in an enterprise networks. Journal of Computer Security

  39. 39.

    Liljenstam M, Nicol DM (2004) Comparing passive and active worm defenses. In: Proceedings of the quantitative evaluation of systems, first international conference, pp 18–27. doi:10.1109/QEST.2004.12

  40. 40.

    Nicol DM, Liljenstam M (2005) Models and analysis of active worm defense. In: Proceedings of the third international conference on mathematical methods, models, and architectures for computer network security, pp 38–53. doi:10.1007/11560326_4

  41. 41.

    Yang F, Duan H, Li X (2004) Modeling and analysis on the interaction between the Internet worm and anti-worm. J Sci China Ser E, Inf Sci 34(8):841–856

  42. 42.

    Wang C, Qing S, He J (2007) Anti-worm based on hybrid confronting technology. J Commun 28(1):28–34

  43. 43.

    Zhou H, Wen Y, Zhao H (2007) Modeling and analysis of active benign worms and hybrid benign worms containing the spread of worms. In: Proceedings of the sixth international conference on networking. doi:10.1109/ICN.2007.58

  44. 44.

    Toutonji O, Yoo S-M (2009) Passive benign worm propagation modeling with dynamic quarantine defense. KSII Trans Internet Inf Syst 3(1):96–107

  45. 45.

    Zhou H, Zhao H, Wen Y (2009) Modeling and analysis of divide-and-rule-hybrid-benign worms. J Comput Res Dev 46(7):1110–1116

  46. 46.

    Xiang F, Yang X (2010) Propagation modeling of peer-to-peer worms. In Proceedings of advanced information networking and applications, pp 1128–1135

  47. 47.

    Barber B (2004) Cheese worm pros and cons of “Friendly” worm. http://www.sans.org/rr/whitepapers/malicious/31.php. Accessed 16 June 2004

  48. 48.

    Kem M (2003) CRClean. http://archives.neohapsis.com/archives/vuln-dev/2001-q3/0577.html. Accessed 23 March 2003

  49. 49.

    Hexxer H (2003) CodeGreen beta release. http://online.securityfocus.com/archive/. 82/211462. Accessed 8 May 2003

  50. 50.

    Leyden J (2004) Blaster variant offers ‘fix’ for pox-ridden pcs. http://www.theregister.com/2003/08/19/blaster_variant_offer_fix/. Accessed 12 April 2004

  51. 51.

    Zheng X, Li T, Yang H (2011) A novel Cloud-based worm propagation model. J Comput Inf Syst 7(4):1082–1091

  52. 52.

    Messmer E (2004) The myth of the good worm. http://www.wormblog.com/2004/11/the_myth_of_the.html. Accessed 12 April 2004

  53. 53.

    Zhou H, Wen Y, Zhao H (2007) Passive worm propagation modeling and analysis. In: Proceedings of the international multi-conference on computing in the global information technology, pp 32–42. doi:10.1109/ICCGI.2007.48

Download references


This work is sponsored by National Natural Science Foundation of China (Nos. 60873246 and 61173159), and the Cultivation Fund of the Key Scientific and Technical Innovation Project, Ministry of Education of China (No. 708075).

Author information

Correspondence to Xufei Zheng.

Rights and permissions

Reprints and Permissions

About this article

Cite this article

Zheng, X., Li, T. & Fang, Y. Strategy of fast and light-load cloud-based proactive benign worm countermeasure technology to contain worm propagation. J Supercomput 62, 1451–1479 (2012). https://doi.org/10.1007/s11227-012-0812-8

Download citation


  • Worm propagation
  • Benign worm
  • Re-WAW model
  • Cloud-based Re-WAW model
  • Two-stage Re-WAW model