Modeling the spread of active worms
Top Cited Papers
- 1 January 2003
- proceedings article
- Published by Institute of Electrical and Electronics Engineers (IEEE)
- p. 1890-1900 vol.3
- https://doi.org/10.1109/infcom.2003.1209211
Abstract
Active worms spread in an automated fashion and can flood the Internet in a very short time. Modeling the spread of active worms can help us understand how active worms spread, and how we can monitor and defend against the propagation of worms effectively. In this paper, we present a mathematical model, referred to as the Analytical Active Worm Propagation (AAWP) model, which characterizes the propagation of worms that employ random scanning. We compare our model with the Epidemiological model and Weaver's simulator. Our results show that our model can characterize the spread of worms effectively. Taking the Code Red v2 worm as an example, we give a quan- titative analysis for monitoring, detecting and defending against worms. Furthermore, we extend our AAWP model to understand the spread of worms that employ local subnet scanning. To the best of our knowledge, there is no model for the spread of a worm that employs the localized scanning strategy and we believe that this is the first attempt on understanding local subnet scanning quantitatively.Keywords
This publication has 3 references indexed in Scilit:
- Directed-graph epidemiological models of computer virusesPublished by Institute of Electrical and Electronics Engineers (IEEE) ,2002
- Code red worm propagation modeling and analysisPublished by Association for Computing Machinery (ACM) ,2002
- Measuring and modeling computer virus prevalencePublished by Institute of Electrical and Electronics Engineers (IEEE) ,1993