Advertisement

Coupled Kermack-McKendrick Models for Randomly Scanning and Bandwidth-Saturating Internet Worms

  • George Kesidis
  • Ihab Hamadeh
  • Soranun Jiwasurat
Part of the Lecture Notes in Computer Science book series (LNCS, volume 3375)

Abstract

We present a simple, deterministic mathematical model for the spread of randomly scanning and bandwidth-saturating Internet worms. Such worms include Slammer and Witty, both of which spread extremely rapidly. Our model, consisting of coupled Kermack-McKendrick equations, captures both the measured scanning activity of the worm and the network limitation of its spread, i.e., the effective scan-rate per worm/infective. We fit our model to available data for the Slammer worm and demonstrate its ability to accurately represent Slammer’s total scan-rate to the core.

Keywords

Enterprise Network Scanning Activity Saturate Link USENIX Security Symposium Internet Worm 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    Chen, Z., Gao, L., Kwait, K.: Modeling the spread of active worms. In: Proc. IEEE INFOCOM, San Francisco (2003)Google Scholar
  2. 2.
    Cooke, E., Bailey, M., Mao, Z.M., Watson, D., Jahanian, F., McPherson, D.: Toward understanding distributed blackhole placement. In: Proc. ACM WORM, Washington, DC, October 29 (2004)Google Scholar
  3. 3.
    Daley, D.J., Gani, J.: Epidemic modeling, an introduction. Cambridge University Press, Cambridge (1999)CrossRefGoogle Scholar
  4. 4.
    DETER project URL: http://www.isi.edu/deter
  5. 5.
    EMIST project URL: http://emist.ist.psu.edu
  6. 6.
    Moore, D., Shannon, C., Voelker, G.M., Savage, S.: Internet Quarantine: Requirements for Containing Self-Propagating Code. In: Proc. IEEE INFOCOM, San Francisco (2003)Google Scholar
  7. 7.
    Moore, D., Paxson, V., Savage, S., Shannon, C., Staniford, S., Weaver, N.: Inside the Slammer worm. IEEE Security and Privacy (2004), http://www.computer.org/security/v1n4/j4wea.htm
  8. 8.
    Liljenstam, M., Nicol, D.M., Berk, V.H., Gray, R.S.: Simulating Realistic Network Worm Traffic for Worm Warning System Design and Testing. In: Proc. ACM WORM, Washington, DC (October 2003)Google Scholar
  9. 9.
    Staniford, S., Paxson, V., Weaver, N.: How to own the Internet in your spare time. In: Proc. USENIX Security Symposium, August 2002, pp. 149–167 (2002)Google Scholar
  10. 10.
    Weaver, N., Hamadeh, I., Kesidis, G., Paxson, V.: Preliminary results using scale-down using scale-down to explore worm dynamics. In: Proc. ACM WORM, Washington, DC, October 29 (2004)Google Scholar
  11. 11.
    Weaver, N., Staniford, S., Paxson, V.: Very Fast Containment of Scanning Worms. In: Proc. 13th USENIX Security Symposium (August 2004)Google Scholar
  12. 12.
    Zou, C.C., Gong, W., Towsley, D.: Code red worm propagation modeling and analysis. In: Proc. 9th ACM Conference on Computer and Communication Security (CCS 2002), Washington, DC (November 2002)Google Scholar
  13. 13.
    Zou, C.C., Gong, W., Towsley, D.: Worm propagation modeling and analysis under dynamic quarantine defense. In: Proc. ACM WORM, Washington, DC (October 2003)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2005

Authors and Affiliations

  • George Kesidis
    • 1
  • Ihab Hamadeh
    • 2
  • Soranun Jiwasurat
    • 2
  1. 1.Department of Electrical Engineering, Department of Computer Science and EngineeringPennsylvania State UniversityUniversity ParkUSA
  2. 2.Department of Computer Science and EngineeringPennsylvania State UniversityUniversity ParkUSA

Personalised recommendations