Concept, characteristics and defending mechanism of worms

IEICE Transactions on Information and Systems

Volumn E92-D, Issue 5, 2009, Pages 799-809

  Tang, Yong ^a   Luo, Jiaqing ^b   Xiao, Bin ^b   Wei, Guiyi ^c  

^a NATIONAL UNIVERSITY OF DEFENSE TECHNOLOGY   (China)

^b HONG KONG POLYTECHNIC UNIVERSITY   (Hong Kong)

^c ZHEJIANG GONGSHANG UNIVERSITY   (China)

Author keywords

Email worm; IM worm; Internet worms; P2P worm; Worm containment; Worm detection

Indexed keywords

COMPUTER WORMS; ELECTRONIC MAIL; NETWORK SECURITY;

EMAIL WORMS; IM WORM; INTERNET WORM; P2P WORM; WORM CONTAINMENT; WORM DETECTION;

COMPUTER CRIME;

EID: 71849119546     PISSN: 09168532     EISSN: 17451361     Source Type: Journal    
DOI: 10.1587/transinf.E92.D.799     Document Type: Article

References (63)

1. D. M. Kienzle and M. C. Elder, "Recent worms: A survey and trends, " WORM '03: Proc. 2003 ACM Workshop on Rapid Malcode, pp. 1-10, 2003.
2. J. Evers, "Instant messaging worm exploits jpeg vulnerability, " 2004. http://www.computerworld.com/securitytopics/security/holes/story/0, 10801, 96268, 00.html
3. S. Staniford, V. Paxson, and N. Weaver, "How to own the Internet in your spare time, " Proc. 11th USENIX Security Symposium, pp. 149-167, USENIX Association, 2002.
4. C. C. Zou, D. Towsley, W. Gong, and S. Cai, "Routing worm: A fast, selective attack worm based on ip address information, " Proc. PADS '05, pp. 199-206, Washington D. C., 2005.
5. N. Weaver, V. Paxson, S. Staniford, and R. Cunningham, "A taxonomy of computer worms, " WORM '03: Proc. 2003 ACM Workshop on Rapid Malcode, pp. 11-18, ACM Press, 2003.
6. N. Provos, J. McClain, and K. Wang, "Search worms, " WORM '06: Proc. 4th ACM Workshop on Recurring Malcode, pp. 1-8, 2006.
7. Z. Zhu, G. Lu, Y. Chen, Z. J. Fu, P. Roberts, and K. Han, "Botnet research survey, " Proc. COMPSAC '08, pp. 967-972, Washington D. C., 2008.
8. M. Polychronakis, K. G. Anagnostakis, and E. P. Markatos, "Emulation-based detection of non-self-contained polymorphic shellcode, " RAID, pp. 87-106, 2007.
9. Q. Zhang, D. S. Reeves, P. Ning, and S. P. Iyer, "Analyzing network traffic to detect self-decrypting exploit code, " Proc. 2nd ACM Symposium on Information, Computer and Communications Security, pp. 4-12, 2007.
10. D. Brumley, J. Newsome, D. Song, H. Wang, and S. Jha, "Towards automatic generation of vulnerability-based signatures, " 2006 IEEE Symposium on Security and Privacy, pp. 2-16, 2006.
11. P. Li, M. Salour, and X. Su, "A survey of internet worm detection and containment, " IEEE Communications Surveys and Tutorials, vol. 10, no. 1, pp. 20-35, 2008.
12. S. Singh, C. Estan, G. Varghese, and S. Savage, "Automated worm fingerprinting, " 6th USENIX OSDI, 2004.
13. T. Cymru, "The darknet project, " 2008. http://www.team-cymru. org/Services/darknets.html
14. V. Yegneswaran, P. Barford, and D. Plonka, "On the design and use of internet sinks for network abuse monitoring, " Proc. RAID, pp. 146-165, 2004.
15. D. Dagon, X. Qin, G. Gu, W. Lee, J. Grizzard, J. Levine, and H. Owen, "Honeystat: Local worm detection using honeypots, " RAID, pp. 39-58, 2004.
16. P. Niels, "Honeyd - A virtual honeypot daemon, " 2003. http://www.honeyd.org
17. Y. Tang, H. P. Hu, X. C. Lu, and J. Wang, "Honids: Enhancing honeypot system with intrusion detection models, " Fourth IEEE International Workshop on Information Assurance (IWIA'06), pp. 135-143, 2006.
18. C. Leita, K. Mermoud, and M. Dacier, "Scriptgen: An automated script generation tool for honeyd, " ACSAC '05: Proc. 21st Annual Computer Security Applications Conference, pp. 203-214, 2005.
19. M. Vrable, J. Ma, J. Chen, D. Moore, E. Vandekieft, A. C. Snoeren, G. M. Voelker, and S. Savage, "Scalability, fidelity, and containment in the potemkin virtual honeyfarm, " SIGOPS Oper. Syst. Rev., vol. 39, no. 5, pp. 148-162, 2005.
20. J. Newsome, B. Karp, and D. Song, "Polygraph: Automatically generating signatures for polymorphic worms, " 2005 IEEE Symposium on Security and Privacy, pp. 226-241, 2005.
21. M. V. Mahoney, "Network traffic anomaly detection based on packet bytes, " SAC '03: Proc. 2003 ACM Symposium on Applied Computing, pp. 346-350, 2003.
22. K. Wang, J. J. Parekh, and S. J. Stolfo, "Anagram: A content anomaly detector resistant to mimicry attack, " RAID, pp. 226-248, 2006.
23. K. Wang, G. Cretu, and S. J. Stolfo, "Anomalous payload-based worm detection and signature generation, " Recent Advances in Intrusion Detection (RAID), 2003.
24. C. Krügel, T. Toth, and E. Kirda, "Service specific anomaly detection for network intrusion detection, " SAC '02: Proc. 2002 ACM Symposium on Applied Computing, pp. 201-208, 2002.
25. J. Newsome and D. Song, "Dynamic taint analysis for automatic detection, analysis, and signature generation of exploits on commodity software, " 12th Annual Network and Distributed System Security Symposium, 2005.
26. J. Xu, P. Ning, C. Kil, Y. Zhai, and C. Bookholt, "Automatic diagnosis and response to memory corruption vulnerabilities, " 12th ACM Conference on Computer and Communications Security, pp. 223-234, 2005.
27. Z. Liang and R. Sekar, "Fast and automated generation of attack signatures: A basis for building self-protecting servers, " 12th ACM Conference on Computer and Communications Security, pp. 213-222, 2005.
28. X. F. Wang, Z. Li, J. Xu, M. K. Reiter, C. Kil, and J. Y. Choi, "Packet vaccine: Black-box exploit detection and signature generation, " 13th ACM Conference on Computer and Communications Security, pp. 37-46, 2006.
29. Z. Li, M. Sanghi, Y. Chen, M. Y. Kao, and B. Chavez, "Hamsa: Fast signature generation for zero-day polymorphic worms with provable attack resilience, " 2006 IEEE Symposium on Security and Privacy, 2006.
30. Y. Tang, X. Lu, and B. Xiao, "Generating simplified regular expression signatures for polymorphic worms, " 4th International Conference on Autonomic and Trusted Computing (ATC-07), 2007.
31. S. Chen and Y. Tang, "Daw: A distributed antiworm system, " IEEE Trans. Parallel Distrib. Syst., vol. 18, no. 7, pp. 893-906, 2007.
32. M. Bailey, E. Cooke, F. Jahanian, J. Nazario, and D. Watson, "The Internet motion sensor: A distributed blackhole monitoring system, " Proc. 12th ISOC Symposium on Network and Distributed Systems Security (NDSS), pp. 167-179, 2005.
33. M. Singer, "Benjamin worm plagues kazaa, " Tech. Rep., siliconvalley.internet.com, 2002.
34. J. K. K. Lakshminarayanan, "Implications of peer-to-peer networks on worm attacks and defenses, " Tech. Rep., UCB, 2003.
35. J. Ma, X. Chen, and G. Xiang, "Modeling passive worm propagation in peer-to-peer system, " International Conference on Computational Intelligence and Security, pp. 1129-1132, 2006.
36. Y. Yao, X. Luo, F. Gao, and S. Ai, "Research of a potential worm propagation model based on pure p2p principle, " ICCT '06: International Conference on Communication Technology, pp. 1-4, 2006.
37. R. Thommes and M. Coates, "Epidemiological modeling of peer-topeer viruses and pollution, " INFOCOM'06, 2006.
38. K. Ramachandran and B. Sikdar, "Modeling malware propagation in gnutella type peer-to-peer networks, " IPDPS'06: Parallel and Distributed Processing Symposium, 2006.
39. J. Luo, B. Xiao, G. Liu, Q. Xiao, and S. Zhou, "Modeling and analysis of self-stopping bt worms using dynamic hit list in p2p networks, " SSN'09, 2009.
40. L. Zhou, L. Zhang, F. Mcsherry, N. Immorlica, M. Costa, and S. Chien, "A first look at peer-to-peer worms: Threats and defenses, " Proc. IPTPS'05, 2005.
41. F. Freitas, R. Rodrigues, C. Ribeiro, P. Ferreira, and L. Rodrigues, "Verme: Worm containment in peer-to-peer overlays, " IPTPS'07: Proc. 6th International Workshop on Peer-to-Peer Systems, 2007.
42. Y. Zhou, Z. Wu, H. Wang, J. Zhong, Y. Feng, and Z. Zhu, "Breaking monocultures in p2p networks for worm prevention, " Proc. Fifth International Conference on Machine Learning and Cybernetics, 2006.
43. Y. Yao, L. Wu, F. Gao, W. Yang, and G. Yu, "A waw model of p2pbased anti-worm, " ICNSC'08: IEEE International Conference on Networking, Sensing and Control, pp. 1131-1136, 2008.
44. K. Wu and Y. Feng, "Proactive worm prevention based on p2p networks, " IJCSNS'06: International Journal of Computer Science and Network Security, 2006.
45. E. Levy, "Worm propagation and generic attacks, " IEEE Security and Privacy, vol. 3, no. 2, pp. 63-65, 2005.
46. C. Zou, D. Towsley, and W. Gong, "Email virus propagation modeling and analysis, " Tech. Rep., Umass ECE Dept., 2003.
47. L. Briesemeister, P. Lincoln, and P. Porras, "Epidemic profiles and defense of scale-free networks, " WORM'03: Proc. ACM CCS Workshop on Rapid Malcode, 2003.
48. M. E. J. Newman, S. H. Strogatz, and D. J. Watts, "Random graphs with arbitrary degree distribution and their applications, " Tech. Rep., Santa Fe Institute, 2000.
49. M. Newman, S. Forrest, and J. Balthrop, "Email networks and the spread of computer viruses, " Phys. Rev. E, vol. 66, pp. 200-202, 2002.
50. C. Wong, S. Bielski, J. M. McCune, and C. Wang, "A study of massmailing worms, " WORM' 04: Proc. ACM Workshop on Rapid Malcode, pp. 1-10, 2004.
51. J. Xiong, "Act: Attachment chain tracing scheme for email virus detection and control, " WORM' 04: Proc. ACM Workshop on Rapid Malcode, 2004.
52. S. Martin, A. Sewani, B. Nelson, K. Chen, and A. D. Joseph, "Analyzing behaviorial features for email classification, " Proc. CEAS '05, Stanford University, July 2005.
53. P. Gopalan, K. Jamieson, P. Mavrommatis, and M. Poletto, "Signature metrics for accurate and automated worm detection, " WORM'06: Proc. ACM Workshop on Rapid Malcode, 2006.
54. K. Ishibashi, T. Toyono, and K. Toyama, "Detecting mass-mailing worm infected hosts by mining dns traffic data, " SIGCOMM05 Workshops, 2005.
55. Y. Musashi, R. Matsuba, and K. Sugitani, "Indirect detection of mass mailing worm-infected pc terminals for learners, " ICETA'04: International Conference on Emerging Telecommunications Technologies and Applications, 2004.
56. C. C. Zou, W. Gong, and D. Towsley, "Feedback email worm defense system for enterprise networks, " Tech. Rep., Umass ECE Dept., 2004.
57. T. M. Mahmoud, A. S. Ehab, and B. Raouf, "An architecture for an email worm prevention system, " Securecomm and Workshops, pp. 1-9, 2006.
58. N. Hindocha, "Threats to instant messaging, " Tech. Rep., Symantec Security Response, 2003.
59. R. D. Smith, "Instant messaging as a scale-free network, " 2002, http://www.citebase.org/
60. M. Williamson, "Throttling viruses: Restricting propagation to defeat malicious mobile code, " ACSAC'02: Proc. 18th Annual Computer Security Applications Conference, pp. 61-68, 2002.
61. M. Mannan and P. C. van Oorschot, "On instant messaging worms, analysis and countermeasures, " WORM'05: Proc. 2005 ACM Workshop on Rapid Malcode, pp. 2-11, 2005.
62. G. Yan, Z. Xiao, and S. Eidenbenz, "Catching instant messaging worms with change-point detection techniques, " Proc. 1st Usenix Workshop on Large-Scale Exploits and Emergent Threats, pp. 1-10, 2008.
63. G. Zhang and F. M. Kugblenu, "The feasibility of p2p technique used in im worm, " Tech. Rep., Computer Science Dept., Blekinge Institute of Tech., 2006.