Understanding Divide-Conquer-Scanning Worms
- 1 December 2008
- conference paper
- conference paper
- Published by Institute of Electrical and Electronics Engineers (IEEE)
Abstract
Internet worms have been a significant security threat. Divide-conquer scanning is a simple yet effective technique that can potentially be exploited by future Internet epidemics. Therefore, it is imperative that defenders understand the characteristics of divide-conquer-scanning worms and study the countermeasures. In this work, we first provide the intuitions that a divide-conquer-scanning worm can potentially spread faster and stealthier than a traditional random-scanning worm. We then characterize the relationships between the propagation speeds of divide-conquer-scanning worms and the distributions of vulnerable hosts through mathematical analysis and simulations. Specifically, we find that if vulnerable hosts follow a non-uniform distribution such as the Witty-worm victim distribution, divide-conquer scanning can spread a worm much faster than random scanning. We also study empirically the effect of important parameters on the spread of divide-conquer-scanning worms. Furthermore, to counteract such attacks, we discuss the weakness of divide-conquer scanning and study a defense mechanism.Keywords
This publication has 15 references indexed in Scilit:
- Sampling Strategies for Epidemic-Style Information DisseminationPublished by Institute of Electrical and Electronics Engineers (IEEE) ,2008
- Understanding Localized-Scanning Worms2007 IEEE International Performance, Computing, and Communications Conference, 2007
- Effective worm detection for various scan techniquesJournal of Computer Security, 2006
- Effective Detection of Active Worms with Varying Scan RatePublished by Institute of Electrical and Electronics Engineers (IEEE) ,2006
- On the performance of Internet worm scanning strategiesPerformance Evaluation, 2006
- Advanced Routing Worm and Its Security ChallengesSIMULATION, 2006
- The limits of global scanning worm detectors in the presence of background noisePublished by Association for Computing Machinery (ACM) ,2005
- The spread of the Witty wormIEEE Security & Privacy, 2004
- Modeling the spread of active wormsPublished by Institute of Electrical and Electronics Engineers (IEEE) ,2003
- Code-RedPublished by Association for Computing Machinery (ACM) ,2002