Self-adaptive worms and countermeasures

Wei Yu, Nan Zhang, Wei Zhao

Research output: Chapter in Book/Report/Conference proceedingConference contribution

1 Scopus citations


In this paper, we address issues related to defending against wide-spreading worms on the Internet. We study a new class of worms called the self-adaptive worms. These worms dynamically adapt their propagation patterns to defensive countermeasures, in order to avoid or postpone detection, and to eventually infect more computers. We show that existing worm detection schemes cannot effectively defend against these self-adaptive worms. To counteract these worms, we introduce a game-theoretic formulation to model the interaction between worm propagator and defender. We show that the effective integration of multiple defensive schemes (e.g., worm detection, forensics analysis) is critical for defending against self-adaptive worms. We propose different combinations of defensive schemes for different kinds of self-adaptive worms, and evaluate the performance of defensive schemes based on real-world traffic traces.

Original languageEnglish (US)
Title of host publicationStabilization, Safety, and Security of Distributed Systems - 8th International Symposium, SSS 2006. Proceedings
PublisherSpringer Verlag
Number of pages15
ISBN (Print)3540490183, 9783540490180
StatePublished - 2006
Event8th International Symposium on Self-Stabilizing Systems, SSS 2006 - Dallas, TX, United States
Duration: Nov 17 2006Nov 19 2006

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume4280 LNCS
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349


Other8th International Symposium on Self-Stabilizing Systems, SSS 2006
Country/TerritoryUnited States
CityDallas, TX

All Science Journal Classification (ASJC) codes

  • Theoretical Computer Science
  • General Computer Science


Dive into the research topics of 'Self-adaptive worms and countermeasures'. Together they form a unique fingerprint.

Cite this