Self-disciplinary worms and countermeasures: Modeling and analysis

Wei Yu, Nan Zhang, Xinwen Fu, Wei Zhao

Research output: Contribution to journalArticlepeer-review

37 Scopus citations

Abstract

In this paper, we address issues related to the modeling, analysis, and countermeasures of worm attacks on the Internet. Most previous work assumed that a worm always propagates itself at the highest possible speed. Some newly developed worms (e.g., "Atak" worm) contradict this assumption by deliberately reducing the propagation speed in order to avoid detection. As such, we study a new class of worms, referred to as self-disciplinary worms. These worms adapt their propagation patterns in order to reduce the probability of detection, and eventually, to infect more computers. We demonstrate that existing worm detection schemes based on traffic volume and variance cannot effectively defend against these self-disciplinary worms. To develop proper countermeasures, we introduce a game-theoretic formulation to model the interaction between the worm propagator and the defender. We show that an effective integration of multiple countermeasure schemes (e.g., worm detection and forensics analysis) is critical for defending against self-disciplinary worms. We propose different integrated schemes for fighting different self-disciplinary worms, and evaluate their performance via real-world traffic data.

Original languageEnglish (US)
Article number5313807
Pages (from-to)1501-1514
Number of pages14
JournalIEEE Transactions on Parallel and Distributed Systems
Volume21
Issue number10
DOIs
StatePublished - 2010

All Science Journal Classification (ASJC) codes

  • Signal Processing
  • Hardware and Architecture
  • Computational Theory and Mathematics

Fingerprint

Dive into the research topics of 'Self-disciplinary worms and countermeasures: Modeling and analysis'. Together they form a unique fingerprint.

Cite this