• Title/Summary/Keyword: worm propagation

Search Result 32, Processing Time 0.02 seconds

Internet Worm Propagation Model Using Centrality Theory

  • Kwon, Su-Kyung;Choi, Yoon-Ho;Baek, Hunki
    • Kyungpook Mathematical Journal
    • /
    • v.56 no.4
    • /
    • pp.1191-1205
    • /
    • 2016
  • The emergence of various Internet worms, including the stand-alone Code Red worm that caused a distributed denial of service (DDoS), has prompted many studies on their propagation speed to minimize potential damages. Many studies, however, assume the same probabilities for initially infected nodes to infect each node during their propagation, which do not reflect accurate Internet worm propagation modelling. Thus, this paper analyzes how Internet worm propagation speed varies according to the number of vulnerable hosts directly connected to infected hosts as well as the link costs between infected and vulnerable hosts. A mathematical model based on centrality theory is proposed to analyze and simulate the effects of degree centrality values and closeness centrality values representing the connectivity of nodes in a large-scale network environment on Internet worm propagation speed.

An Approach for Worm Propagation Modeling using Scanning Traffic Profiling (스캐닝 트래픽의 프로파일링을 통한 인터넷 웜 확산 모델링 기법)

  • Shon, Tae-Shik;Koo, Bon-Hyun
    • Journal of the Institute of Electronics Engineers of Korea CI
    • /
    • v.47 no.5
    • /
    • pp.67-74
    • /
    • 2010
  • Recently, the early detection and prevention of worm research is mainly studying based on the analysis of generalized worm propagation property. However, it is not easy to do Worm early detection with its attributes because the modeling method for Worm propagation is vague and not specified yet. Worm scanning method is exceedingly effect to Worm propagation process. This paper describes a modeling method and its simulations to estimate various worm growth patterns and their corresponding propagation algorithms. It also tests and varies the impact of various improvements, starting from a trivial simulation of worm propagation and the underlying network infrastructure. It attempts to determine the theoretical maximum propagation speed of worms and how it can be achieved. Moreover, we present the feasibility of the proposed model based on real testbed for verification.

Passive Benign Worm Propagation Modeling with Dynamic Quarantine Defense

  • Toutonji, Ossama;Yoo, Seong-Moo
    • KSII Transactions on Internet and Information Systems (TIIS)
    • /
    • v.3 no.1
    • /
    • pp.96-107
    • /
    • 2009
  • Worm attacks can greatly distort network performance, and countering infections can exact a heavy toll on economic and technical resources. Worm modeling helps us to better understand the spread and propagation of worms through a network, and combining effective types of mitigation techniques helps prevent and mitigate the effects of worm attacks. In this paper, we propose a mathematical model which combines both dynamic quarantine and passive benign worms. This Passive Worm Dynamic Quarantine (PWDQ) model departs from previous models in that infected hosts will be recovered either by passive benign worms or quarantine measure. Computer simulation shows that the performance of our proposed model is significantly better than existing models, in terms of decreasing the number of infectious hosts and reducing the worm propagation speed.

A Study on Prediction of Mass SQL Injection Worm Propagation Using The Markov Chain (마코브 체인을 이용한 Mass SQL Injection 웜 확산 예측에 관한 연구)

  • Park, Won-Hyung;Kim, Young-Jin;Lee, Dong-Hwi;Kim, Kui-Nam J.
    • Convergence Security Journal
    • /
    • v.8 no.4
    • /
    • pp.173-181
    • /
    • 2008
  • Recently, Worm epidemic models have been developed in response to the cyber threats posed by worms in order to analyze their propagation and predict their spread. Some of the most important ones involve mathematical model techniques such as Epidemic(SI), KM (Kermack-MeKendrick), Two-Factor and AAWP(Analytical Active Worm Propagation). However, most models have several inherent limitations. For instance, they target worms that employ random scanning in the network such as CodeRed worm and it was able to be applied to the specified threats. Therefore, we propose the probabilistic of worm propagation based on the Markov Chain, which can be applied to cyber threats such as Mass SQL Injection worm. Using the proposed method in this paper, we can predict the occurrence probability and occurrence frequency for each threats in the entire system.

  • PDF

Propagation Models for Structural Parameters in Online Social Networks (온라인 소셜 네트워크에서 구조적 파라미터를 위한 확산 모델)

  • Kong, Jong-Hwan;Kim, Ik Kyun;Han, Myung-Mook
    • Journal of Internet Computing and Services
    • /
    • v.15 no.1
    • /
    • pp.125-134
    • /
    • 2014
  • As the social media which was simple communication media is activated on account of twitter and facebook, it's usability and importance are growing recently. Although many companies are making full use of its the capacity of information diffusion for marketing, the adverse effects of this capacity are growing. Because social network is formed and communicates based on friendships and relationships, the spreading speed of the spam and mal-ware is very swift. In this paper, we draw parameters affecting malicious data diffusion in social network environment, and compare and analyze the diffusion capacity of each parameters by propagation experiment with XSS Worm and Koobface Worm. In addition, we discuss the structural characteristics of social network environment and then proposed malicious data propagation model based on parameters affecting information diffusion. n this paper, we made up BA and HK models based on SI model, dynamic model, to conduct the experiments, and as a result of the experiments it was proved that parameters which effect on propagation of XSS Worm and Koobface Worm are clustering coefficient and closeness centrality.

Internet Worm Propagation Modeling using a Statistical Method (통계적 방법을 이용한 웜 전파 모델링)

  • Woo, Kyung-Moon;Kim, Chong-Kwon
    • The Journal of Korean Institute of Communications and Information Sciences
    • /
    • v.37 no.3B
    • /
    • pp.212-218
    • /
    • 2012
  • An Internet worm is a self-replicating malware program which uses a computer network. As the network connectivity among computers increases, Internet worms have become widespread and are still big threats. There are many approaches to model the propagation of Internet worms such as Code Red, Nimda, and Slammer to get the insight of their behaviors and to devise possible defense methods to suppress worms' propagation activities. The influence of the network characteristics on the worm propagation has usually been modeled by medical epidemic model, named SI model, due to its simplicity and the similarity of propagation patterns. So far, SI model is still dominant and new variations of the SI model, called SI-style models, are being proposed for the modeling of new Internet worms. In this paper, we elaborate the problems of SI-style models and then propose a new accurate stochastic model using an occupancy problem.

Simulation for the Propagation Pattern Analysis of Code Red Worm (Code Red 웜 전파 패턴 분석을 위한 시뮬레이션)

  • Kang, Koo-Hong
    • The Journal of the Korea Contents Association
    • /
    • v.6 no.12
    • /
    • pp.155-162
    • /
    • 2006
  • It was well known that how much seriously the Internet worm such as the Code Red had an effect on our daily activities. Recently the rapid growth of the Internet speed will produce more swift damage us in a short term period. In order to defend against future worm, we need to understand the propagation pattern during the lifetime of worms. In this paper, we analyze the propagation pattern of the Code Red worm by a computer simulation. In particular, we show that an existing simulation result about the number of infectious hosts does not match the observed data, and then we introduce a factor of revised human countermeasures into the simulation. We also show the simulation results presenting the importance of patching and pre-patching of the Internet worm.

  • PDF

Reducing False Alarm and Shortening Worm Detection Time in Virus Throttling (Virus Throttling의 웜 탐지오판 감소 및 탐지시간 단축)

  • Shim Jae-Hong;Kim Jang-bok;Choi Hyung-Hee;Jung Gi-Hyun
    • The KIPS Transactions:PartC
    • /
    • v.12C no.6 s.102
    • /
    • pp.847-854
    • /
    • 2005
  • Since the propagation speed of the Internet worms is quite fast, worm detection in early propagation stage is very important for reducing the damage. Virus throttling technique, one of many early worm detection techniques, detects the Internet worm propagation by limiting the connection requests within a certain ratio.[6, 7] The typical throttling technique increases the possibility of false detection by treating destination IP addresses independently in their delay queue managements. In addition, it uses a simple decision strategy that determines a worn intrusion if the delay queue is overflown. This paper proposes a two dimensional delay queue management technique in which the sessions with the same destination IP are linked and thus a IP is not stored more than once. The virus throttling technique with the proposed delay queue management can reduce the possibility of false worm detection, compared with the typical throttling since the proposed technique never counts the number of a IP more than once when it chicks the length of delay queue. Moreover, this paper proposes a worm detection algorithm based on weighted average queue length for reducing worm detection time and the number of worm packets, without increasing the length of delay queue. Through deep experiments, it is verified that the proposed technique taking account of the length of past delay queue as well as current delay queue forecasts the worn propagation earlier than the typical iuぉ throttling techniques do.

A Study of Worm Propagation Modeling extended AAWP, LAAWP Modeling (AAWP와 LAAWP를 확장한 웜 전파 모델링 기법 연구)

  • Jun, Young-Tae;Seo, Jung-Taek;Moon, Jong-Sub
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.17 no.5
    • /
    • pp.73-86
    • /
    • 2007
  • Numerous types of models have been developed in recent years in response to the cyber threat posed by worms in order to analyze their propagation and predict their spread. Some of the most important ones involve mathematical modeling techniques such as Epidemic, AAWP (Analytical Active Worm Propagation Modeling) and LAAWP (Local AAWP). However, most models have several inherent limitations. For instance, they target worms that employ random scanning in the entire nv4 network and fail to consider the effects of countermeasures, making it difficult to analyze the extent of damage done by them and the effects of countermeasures in a specific network. This paper extends the equations and parameters of AAWP and LAAWP and suggests ALAAWP (Advanced LAAWP), a new worm simulation technique that rectifies the drawbacks of existing models.

Macroscopic Treatment to Unknown Malicious Mobile Codes (알려지지 않은 악성 이동 코드에 대한 거시적 대응)

  • Lee, Kang-San;Kim, Chol-Min;Lee, Seong-Uck;Hong, Man-Pyo
    • Journal of KIISE:Computing Practices and Letters
    • /
    • v.12 no.6
    • /
    • pp.339-348
    • /
    • 2006
  • Recently, many researches on detecting and responding worms due to the fatal infrastructural damages explosively damaged by automated attack tools, particularly worms. Network service vulnerability exploiting worms have high propagation velocity, exhaust network bandwidth and even disrupt the Internet. Previous worm researches focused on signature-based approaches however these days, approaches based on behavioral features of worms are more highlighted because of their low false positive rate and the attainability of early detection. In this paper, we propose a Distributed Worm Detection Model based on packet marking. The proposed model detects Worm Cycle and Infection Chain among which the behavior features of worms. Moreover, it supports high scalability and feasibility because of its distributed reacting mechanism and low processing overhead. We virtually implement worm propagation environment and evaluate the effectiveness of detecting and responding worm propagation.