On the trade-off between speed and resiliency of flashworms and similar malcodes

WORM'07 - Proceedings of the 2007 ACM Workshop on Recurring Malcode

Volumn , Issue , 2007, Pages 23-30

  Ha, Duc T ^a   Ngo, Hung Q ^a  

^a State University of New York   (United States)

Author keywords

Flash worm; Propagation topology; Resiliency; Simulation; Super fast worm; Worms

Indexed keywords

ANALYTICAL MODEL; FLASH WORM; FLASH WORMS; GENERAL ANALYTICAL MODEL; MALCODE; NONPREEMPTIVE SCHEDULES; NP-HARD; OPTIMIZATION PROBLEMS; PROPAGATION TIME; RESILIENT PROPAGATION; SIMPLIFIED MODELS;

COMPUTER SIMULATION; MATHEMATICAL MODELS; MODELS; OPTIMIZATION; TOPOLOGY;

INTERNET;

EID: 77952395098     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1145/1314389.1314395     Document Type: Conference Paper

References (28)

1. S. Staniford, D. Moore, V. Paxson, and N. Weaver, "The top speed of flash worms," in WORM '04: Proceedings of the 2004 ACM workshop on Rapid malcode. NewYork,NY, USA: ACM Press, 2004, pp. 33-42.
2. I. Arce and E. Levy, "An analysis of the slapper worm," IEEE Security and Privacy, vol.1, no.1, pp. 82-87, 2003.
3. D. Moore, V. Paxson, S. Savage, C. Shannon, S. Staniford, and N. Weaver, "Inside the slammer worm," IEEE Security and Privacy, vol.1, no.4, pp. 33-39, 2003.
4. D. Moore, C. Shannon, and J. Brown, "Code-red: a case study on the spread and victims of an internet worm," in IMW '02: Proceedings of the 2nd ACM SIGCOMM Workshop on Internet measurment. New York, NY, USA: ACM Press, 2002, pp. 273-284.
5. C. Shannon and D. Moore, "The spread of the witty worm," IEEE Security and Privacy Magazine, vol.2, no.4, pp. 46-50, 2004.
6. D. Moore, V. Paxson, S. Savage, C. Shannon, S. Staniford, and N. Weaver, "The spread of the sapphire/slammer worm," CAIDA, pp. 33-39, 2003.
7. Z. Chen, L. Gao, and K. Kwiat, "Modeling the spread of active worms," in INFOCOM 2003. Twenty-Second Annual Joint Conference of the IEEE Computer and Communications Societies. IEEE, vol.3, Mar 30 - Apr 3 2003, pp. 1890-1900.
8. C. C. Zou, W. Gong, and D. Towsley, "Code red worm propagation modeling and analysis," in CCS '02: Proceedings of the 9th ACM conference on Computer and communications security. New York, NY, USA: ACM Press, 2002, pp. 138-147.
9. C. C. Zou, W. Gong, D. Towsley, and L. Gao, "The monitoring and early detection of internet worms," IEEE/ACM Trans. Netw., vol.13, no.5, pp. 961-974, 2005.
10. D. Nojiri, J. Rowe, and K. Levitt, "Cooperative response strategies for large scale attack mitigation," in DARPA Information Survivability Conference and Exposition, 2003. Proceedings, vol.1, 2003, pp. 293-302.
11. D. Moore, C. Shannon, G. Voelker, and S. Savage, "Internet quarantine: requirements for containing self-propagating code," in INFOCOM 2003. Twenty-Second Annual Joint Conference of the IEEE Computer and Communications Societies. IEEE, vol.3, 2003, pp. 1901-1910.
12. C. C. Zou, W. Gong, and D. Towsley, "Worm propagation modeling and analysis under dynamic quarantine defense," in WORM '03: Proceedings of the 2003 ACM workshop on Rapid malcode. New York, NY, USA: ACM Press, 2003, pp. 51-60.
13. M. Liljenstam, D. M. Nicol, V. H. Berk, and R. S. Gray, "Simulating realistic network worm traffic for worm warning system design and testing," in WORM '03: Proceedings of the 2003 ACM workshop on Rapid malcode. NewYork, NY, USA: ACM Press, 2003, pp. 24-33.
14. C. C. Zou, D. Towsley, W. Gong, and S. Cai, "Routing worm: A fast, selective attack worm based on ip address information," in PADS '05: Proceedings of the 19th Workshop on Principles of Advanced and Distributed Simulation. Washington, DC, USA: IEEE Computer Society, 2005, pp. 199-206.
15. S. Staniford, V. Paxson, and N. Weaver, "How to own the internet in your spare time," in Proceedings of the 11th USENIX Security Symposium. Berkeley,CA,USA: USENIX Association, 2002, pp. 149-167.
16. M. Vojnovic and A. Ganesh, "On the effectiveness of automatic patching," in WORM '05: Proceedings of the 2005 ACM workshop on Rapid malcode. New York, NY, USA: ACM Press, 2005, pp. 41-50.
17. "http://www.icir.org/yoid/."
18. S. Ratnasamy, P. Francis, M. Handley, R. Karp, and S. Schenker, "A scalable content-addressable network," in SIGCOMM 2001, 2001, pp. 161-172.
19. S. Banerjee, B. Bhattacharjee, and C. Kommareddy, "Scalable application layer multicast," in SIGCOMM 2002. New York, NY, USA: ACM Press, 2002, pp. 205-217.
20. A. Odlyzko, "Data networks are lightly utilized, and will stay that way," Review of Network Economics, vol.2, no.3, pp. 210-237, September 2003.
21. http://www.f-secure.com/v-descs/mssqlm.shtml.
22. http://www.f-secure.com/v-descs/witty.shtml.
23. CAIDA, "Skitter datasets," http://www.caida.org/tools/ measurement/skitter/.
24. C.-J. Lu, O. Reingold, S. Vadhan, and A. Wigderson, "Extractors: optimal up to constant factors," in Proceedings of the Thirty-Fifth Annual ACM Symposium on Theory of Computing. New York: ACM, 2003, pp. 602-611 (electronic).
25. J. Jung, V. Paxson, A. W. Berger, and H. Balakrishnan, "Fast portscan detection using sequential hypothesis testing," in IEEE Symposium on Security and Privacy. IEEE Computer Society, 2004, pp. 211-225.
26. http://www.honeynet.org.
27. H.-A. Kim and B. Karp, "Autograph: Toward automated, distributed worm signature detection," in Proceedings of the 13th USENIX Security Symposium. USENIX, Aug. 2004.
28. M. M. Williamson, "Throttling viruses: Restricting propagation to defeat malicious mobile code," in ACSAC '02: Proceedings of the 18th Annual Computer Security Applications Conference. Washington, DC, USA: IEEE Computer Society, 2002, p. 61.