Coupled Kermack-McKendrick Models for Randomly Scanning and Bandwidth-Saturating Internet Worms

  • George Kesidis
  • Ihab Hamadeh
  • Soranun Jiwasurat
Part of the Lecture Notes in Computer Science book series (LNCS, volume 3375)

Abstract

We present a simple, deterministic mathematical model for the spread of randomly scanning and bandwidth-saturating Internet worms. Such worms include Slammer and Witty, both of which spread extremely rapidly. Our model, consisting of coupled Kermack-McKendrick equations, captures both the measured scanning activity of the worm and the network limitation of its spread, i.e., the effective scan-rate per worm/infective. We fit our model to available data for the Slammer worm and demonstrate its ability to accurately represent Slammer’s total scan-rate to the core.

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    Chen, Z., Gao, L., Kwait, K.: Modeling the spread of active worms. In: Proc. IEEE INFOCOM, San Francisco (2003)Google Scholar
  2. 2.
    Cooke, E., Bailey, M., Mao, Z.M., Watson, D., Jahanian, F., McPherson, D.: Toward understanding distributed blackhole placement. In: Proc. ACM WORM, Washington, DC, October 29 (2004)Google Scholar
  3. 3.
    Daley, D.J., Gani, J.: Epidemic modeling, an introduction. Cambridge University Press, Cambridge (1999)CrossRefGoogle Scholar
  4. 4.
    DETER project URL: http://www.isi.edu/deter
  5. 5.
    EMIST project URL: http://emist.ist.psu.edu
  6. 6.
    Moore, D., Shannon, C., Voelker, G.M., Savage, S.: Internet Quarantine: Requirements for Containing Self-Propagating Code. In: Proc. IEEE INFOCOM, San Francisco (2003)Google Scholar
  7. 7.
    Moore, D., Paxson, V., Savage, S., Shannon, C., Staniford, S., Weaver, N.: Inside the Slammer worm. IEEE Security and Privacy (2004), http://www.computer.org/security/v1n4/j4wea.htm
  8. 8.
    Liljenstam, M., Nicol, D.M., Berk, V.H., Gray, R.S.: Simulating Realistic Network Worm Traffic for Worm Warning System Design and Testing. In: Proc. ACM WORM, Washington, DC (October 2003)Google Scholar
  9. 9.
    Staniford, S., Paxson, V., Weaver, N.: How to own the Internet in your spare time. In: Proc. USENIX Security Symposium, August 2002, pp. 149–167 (2002)Google Scholar
  10. 10.
    Weaver, N., Hamadeh, I., Kesidis, G., Paxson, V.: Preliminary results using scale-down using scale-down to explore worm dynamics. In: Proc. ACM WORM, Washington, DC, October 29 (2004)Google Scholar
  11. 11.
    Weaver, N., Staniford, S., Paxson, V.: Very Fast Containment of Scanning Worms. In: Proc. 13th USENIX Security Symposium (August 2004)Google Scholar
  12. 12.
    Zou, C.C., Gong, W., Towsley, D.: Code red worm propagation modeling and analysis. In: Proc. 9th ACM Conference on Computer and Communication Security (CCS 2002), Washington, DC (November 2002)Google Scholar
  13. 13.
    Zou, C.C., Gong, W., Towsley, D.: Worm propagation modeling and analysis under dynamic quarantine defense. In: Proc. ACM WORM, Washington, DC (October 2003)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2005

Authors and Affiliations

  • George Kesidis
    • 1
  • Ihab Hamadeh
    • 2
  • Soranun Jiwasurat
    • 2
  1. 1.Department of Electrical Engineering, Department of Computer Science and EngineeringPennsylvania State UniversityUniversity ParkUSA
  2. 2.Department of Computer Science and EngineeringPennsylvania State UniversityUniversity ParkUSA

Personalised recommendations