Journal of the Korea Institute of Information Security & Cryptology (정보보호학회논문지)

Korea Institute of Information Security and Cryptology (한국정보보호학회)
권호 표지
DOI QR코드

DOI QR Code

A Study of Worm Propagation Modeling extended AAWP, LAAWP Modeling

AAWP와 LAAWP를 확장한 웜 전파 모델링 기법 연구

  • 전영태 (고려대학교 정보보호대학원) ;
  • 서정택 (ETRI 부설 연구소) ;
  • 문종섭 (고려대학교 전자 및 정보공학부)
  • Published : 2007.10.31
Download PDF
⟨ Previous Next ⟩

Abstract

Numerous types of models have been developed in recent years in response to the cyber threat posed by worms in order to analyze their propagation and predict their spread. Some of the most important ones involve mathematical modeling techniques such as Epidemic, AAWP (Analytical Active Worm Propagation Modeling) and LAAWP (Local AAWP). However, most models have several inherent limitations. For instance, they target worms that employ random scanning in the entire nv4 network and fail to consider the effects of countermeasures, making it difficult to analyze the extent of damage done by them and the effects of countermeasures in a specific network. This paper extends the equations and parameters of AAWP and LAAWP and suggests ALAAWP (Advanced LAAWP), a new worm simulation technique that rectifies the drawbacks of existing models.

웜에 의한 사이버 위협이 증가함에 따라 원의 전파 특성을 분석하기 위한 웡 전파 모델링 기법들이 연구되고 있다. 대표적인 예로 수학적 모델링 기법인 Epidemic, AAWP(Analytical Active Worm Propagation Modeling), 및 LAAWP(Local AAWP) 등의 모델링 기법들이 제시되었다. 하지만, 이들 기존 모델링 기법들은 대부분 Ipv4 전체 네트워크를 대상으로 하는 랜덤 스캐닝 기법에 대해서만 모델링이 가능하며, 웜에 대한 인간의 대응활동인 보안패치 및 백신프로그램 업데이트 등의 행위를 표현하는데 한계점을 가지고 있다. 이에 본 논문에서는 AAWP와 LAAWP 모델링 기법들의 수식과 파라미터를 확장하는 모델로 ALAAWP(Advanced LAAWP Modeling)를 제안한다. 제안하는 모델은 웜 모델링에 있어 네트워크 및 스캐닝 기법 표현에 유연성을 가지며, 다양한 파라미터의 추가를 통하여 월의 전파에 의한 피해정도 및 방어대책의 적절성 검증에 효과적으로 이용이 가능하다.

Keywords

References

  1. http://www.trendmicro.com/kr/products/network/viruswall1200/evaluate/cases/kookminilbo.htm
  2. Cliff Changchun Zou, Weibo Gong, Don Towsley, 'Worm Propagation Modeling and Analysis under Dynamic Quarantine Defense', Univ. Massachusetts Amherst, MA1
  3. Yong Huang, 'Code-Red: a case study on the spread and victims of an Internet worm' 15-20, David Moore, Colleen Shannon, K Claffy CAIDA, San Diego Supercomputer Center, UCSD IMW 2002 Presented by: Yong Huang
  4. Hyundo Park, Heejo Lee, 'Detection Unknown Worms Using Randomness Check', KOREA University
  5. Zesheng Chen, Chuanyi Ji, 'Optimal wormscanning method using vulnerable-host distributions'
  6. S. Staniford, V. Paxson, N. Weaver, 'How to Own the Internet in your spare time,' in Proc. of the 11th USENIX Security Symposium (Secu- rity'02), San Francisco, CA, Aug. 2002
  7. N.Weaver, WarholWorms, 'The Potential for Very Fast Internet Plagues', http://www.cs.berkeley.edu/-nweaver/warhol.html., august 15th, 2001
  8. Stuart Staniford, Vern Paxson, Nicholas Weaver, David Moore, 'The Top Speed of Flash Worms', Workshop on Rapid Malcode, 2004
  9. http://www.caida.org/analysis/security/code-red/#crii
  10. http://www.caida.org/publications/papers/2003/sapphire/sapphire.html
  11. F.B Cohen, 'A Formal Definition of Computer Worms and Some Related Results', Computers & Security, 7(11) (1992), pp. 641-652, ISSN 0167-4048, 1992
  12. Dr. Winfried Gleissner, 'A Mathematical Theory for the Spread of Computer Viruses', Computers & Security, 8, 1989, pp. 35-41, ISSN 0167-4048, February 1989 https://doi.org/10.1016/0167-4048(89)90037-0
  13. Cliff Changchun Zou, Weibo Gong, Don Towsley 'Code Red Worm Propagation Modeling and Analysis', Conference on Computer and Communications Security, 2002
  14. Zesheng Chen, Lixin Gao, Kevin Kwiat, 'Modeling the Spread of Active Worms' pp. 1-11, ieee
  15. Brian D. Carrier, Sundararaman Jeyaraman, Sarah Sellke, 'IMPACT OF NETWORK DESIGN ON WORM PROPAGATION', Center for Education and Research in Information Assurance and Security, Purdue University, West Lafayette, IN 47907-2086
  16. http://www.caida.org/analysis/security/code-red/#crii
  17. R. Russell and A. Machie, 'Code Red II Worm,' Tech. Rep., Incident Analysis, SecurityFocus, Aug. 2001
  18. A. Machie, J. Roculan, R. Russell, and M. V. Velzen, 'Nimda Worm Analysis,' Tech. Rep., Incident Analysis, SecurityFocus, Sept. 2001
  19. CERT/CC, 'CERT Advisory CA-2001-26 Nimda Worm,' http://www.cert.org/advisories/CA-2001-26.html, Sept. 2001
  20. D. Song, R. Malan, and R. Stone, 'A Snapshot of Global Internet Worm Activity,' Tech. Rep., Arbor Networks, Nov. 2001
  21. J. O. Kephart and S. R. White, 'Directedgraph Epidemiological Models of Computer Viruses,' in Proc. of the 1991 IEEE Computer Society Symposium on Research in Security and Privacy, May 1991, pp. 343-359