Research and development of internet worms

Ruan Jian Xue Bao/Journal of Software

Volumn 15, Issue 8, 2004, Pages 1208-1219

  Wen, Wei Ping ^a,b,c   Qing, Si Han ^a,b,c   Jiang, Jian Chun ^a,b,c   Wang, Ye Jun ^a,b,c  

^a INSTITUTE OF SOFTWARE   (China)

^b INSTITUTE OF GEOLOGY AND GEOPHYSICS   (China)

^c UNIVERSITY OF CHINESE ACADEMY OF SCIENCES   (China)

Author keywords

Function component; Internet worm; Network security; Propagation model; Scanning strategy

Indexed keywords

CODES (SYMBOLS); COMPUTER PROGRAM LISTINGS; MATHEMATICAL MODELS; SECURITY OF DATA;

FUNCTION COMPONENTS; INTERNET WORMS; MALICIOUS CODES; MALICIOUS PROGRAMS; NETWORK SECURITY; PROPAGATION MODELS; SCANNING STRATEGY;

INTERNET;

EID: 8644261522     PISSN: 10009825     EISSN: None     Source Type: Journal    
DOI: None     Document Type: Article

References (55)

1. Spaffrd EH. The Internet worm program: An analysis. Technical Report, CSD-TR-823, West Lafayette: Department of Computer Science, Purdue University, 1988. 1-29.
2. EEye Digital Security. Code Red worm. 2001. http://www.eeye.com/html/research/advisories/al20010717.html
3. CERT. Code Red II: Another worm exploiting buffer overflow in US indexing service DLL. 2001. http://www.cert.org/incident_notes/in-2001-09.html
4. Weaver N. Potential strategies for high speed active worms. 2002. http://www.cs.berkeley.edu/-nweaver/worms.pdf
5. Staniford S, Paxson V, Weaver N. How to own the Internet in your spare time. In: Boneh D, ed. Proc. of the 11th Usenix Security Symp. San Francisco, 2002. http://www.icir.org/vern/papers/cdc-usenix-sec02/cdc.pdf
6. Weaver N. Warhol worms: The potential for very fast Internet plagues. 2002. http://www.es.berkeley.edul-nweaver/warhol.html
7. Kephart JO, Chess DM, White SR. Computers and epidemiology. IEEE Spectrum, 1993, 30(5): 20-26.
8. Kephart JO, White SR. Measuring and modeling computer virus prevalence. In: Proc. of the IEEE Symp. on Security and Privacy. Oakland, 1993. 2-15.
9. Zou CC, Gong W, Towsley D. Code Red worm propagation modeling and analysis. In: Proc. of the 9th ACM Symp. on Computer and Communication Security. Washington, 2002. 138-147.
10. Steve W. Open problems in computer virus research. 1998. http://www.research.ibm.com/antivirus/SciPapers/White/Problems/ Problems.html
11. Arnold B, Chess D, Morar J, Segal A, Swimmer M. An environment for controlled worm replication and analysis. Virus Bulletin, Oxfordshire, 2000. 1-20.
12. Song D, Malan R, Stone R. A snapshot of global Internet worm activity. Technical Report, Arbor Networks, 2001. http://www.flrst.org/events/progconf/2002/d5-02-song-slides.pdf
13. Moore D, Shannon C, Voelker G, Savage S. Internet quarantine: requirements for containing self-propagating code. In: Bauer F, ed. Proc. of the 2003 IEEE Infocom Conf. San Francisco, 2003. http://www-cse.ucsd.edu/users/savage/papers/Infocom03.pdf
14. Yang S, Relations M. NSF awards $5.46 million to UC Berkeley and USC to build test bed for cyber war games. 2003. http://www.berkeley.edu/news/media/releases/2003/10/15_testbed.shtml
15. Zheng H. Internet worm research [Ph.D. Thesis]. Tianjin: College of Information Technologies Science, Nankai University, 2003. 12-15 (in Chinese with English abstract).
16. Zuo XD, Dai YX. Analysis on Lion worm and some discussing about it. Computer Engineering, 2002, 28(1): 16-17 (in Chinese with English abstract).
17. Fearnow M, Stearns W. Adore worm. 2001. http://www.sans.org/y2k/adore.htm
18. Mackie A, Roculan J, Russell R, Velzen MV. Nimda worm analysis. 2001. http://aris.securityfocus.com/alerts/nimda/ 010919-Analysis-Nimda.pdf
19. CCERT. CCERT advisory on W32.Nachi. Worm. 2003 (in Chinese). http://www.ccert.edu.cn/announce/show.php?handle=93
20. Cohen F. Computer viruses: Theory and experiments. Computers and Security, 1987, 6(1): 22-35.
21. Kienzle DM, Elder MC. Recent worms: A survey and trends. In: Staniford S, ed. Proc. of the ACM CCS Workshop on Rapid Malcode (WORM 2003). Washington, 2003.
22. Schechter SE, Smith MD. Access for sale: A new class of worm. In: Proc. of the 2003 ACM Workshop on Rapid Malcode. Washington, 2003. 138-147.
23. Nazario J, Anderson J, Wash R, Connelly C. The future of Internet worms. Blackhat Briefings, 2001. http://www.crimelabs.net/docs/worm.html
24. Computer Emergency Response Team (CERT). CERT advisory CA-2001-26 Nimda worm. 2001. http://www.cert.org/advisories/CA-2001-26.html
25. Computer Emergency Response Team (CERT). CERT/CC advisories. 2004. http://www.cert.org/advisories/
26. Fyodor. The art of port scanning. Phrack Magazine, 1997, 7(51): 11-17.
27. Thomas R. Bogon list v2.4. 2002. http://www.cymru.com/Documents/bogon-list.html
28. F-Secure Secure Information Center. Global Slapper Worm Information Center. 2002. http://www.f-secure.com/slapper/
29. Moore D, Paxson V, Savage S, Shannon C, Staniford S, Weaver N. Inside the slammer worm. IEEE Magazine of Security and Privacy, 2003, 1(4): 33-39.
30. EEye Digital Security. Blaster worm analysis. 2003. http://www.eeye.com/html/Research/Advisories/AL20030811.html
31. Zou CC, Gong W, Towsley D. On the performance of Internet worm scanning strategies. Technical Report, TR-03-CSE-07, Electrical and Computer Engineering Department, University of Massachusetts, 2003.
32. Zou CC, Towsley D, Gong W, Cai S. Routing worm: A fast, selective attack worm based on IP address information. Technical Report, TR-03-CSE-06, Electrical and Computer Engineering Department, University of Massachusetts, 2003.
33. CAIDA. IPv4 BGP geopolitical analysis. 2001. http://www.caida.org/analysis/geopolitical/bgp2country/
34. Moore D, Shannon C, Claffy K. Code Red: A case study on the spread and victims of an Internet worm. In: Ammar M, ed. Proc. of the Internet Measurement Workshop. Marseille, 2002. 273-284.
35. Kern M. Codegreen beta release. 2001. http://online.securityfocus.com/archive/82/211462
36. Vogt T. Simulating and optimizing worm propagation algorithms. 2003. http://web.lemuria.org/security/WormPropagation.pdf
37. Streftaris G, Gibson GJ. Statistical inference for stochastic epidemic models. In: Proc. of the 17th Int'l Workshop on Statistical Modelling. Chania, 2002. 609-616.
38. Frauenthal JC. Mathematical Modeling in Epidemiology. New York: Springer-Verlag, 1980.
39. Wang Y, Wang CX. Modeling the effects of timing parameters on virus propagation. In: Staniford S, ed. Proc. of the ACM CCS Workshop on Rapid Malcode (WORM 2003). Washington, 2003.
40. Chen Z, Gao L, Kwiat K. Modeling the spread of active worms. In: Proc. of the IEEE INFOCOM 2003. 2003.
41. Cheung S, Hoagland J, Levitt K, Rowe J, Staniford C, Yip R, Zerkle D. The design of GrIDS: A graph-based intrusion detection system. Technical Report, CSE-99-2, Computer Science Department, U.C. Davis, 1999. http://citeseer.nj.nec.com/cheung99design.html
42. Lockwood JW, Moscola J, Kulig M, Reddick D, Brooks T. Internet worm and virus protection in dynamically reconfigurable hardware. In: Proc. of the ACM CCS Workshop on Rapid Malcode (WORM 2003). Washington: Military and Aerospace Programmable Logic Device (MAPLD), 2003.
43. Lockwood JW, Naufel N, Turner JS, Taylor DE. Reprogrammable network packet processing on the field programmable port extender (FPX). In: Proc. of the ACM Int'l Symp. on Field Programmable Gate Arrays (FPGA). Monterey, 2001. 87-93.
44. Morrison. Honeypot technology. 2001. http://www.xfocus.net/articles/200103/121.html
45. George WD, Samuel TK, Sukru C, Murtaza B, Peter MC. ReVirt: Enabling intrusion analysis through virtual-machine logging and replay. In: Proc. of the 2002 Symp. on Operating Systems Design and Implementation. Boston, 2002.
46. Spitzner L. Honeypots: Tracking Hackers. Boston: Addison-Wesley, 2002. 277-309.
47. Proves N. A virtual honeypot framework. Technical Report, 03-1. Center of Information Technology Integration, University of Michigan, 2003. http://www.citi.umich.edu/techreports/reports/citi-tr-03-1.pdf
48. Oudot L. Fighting worms with honeypots: Honeyd vs Msblast.exe. 2003. http://lists.insecure.org/lists/honeypots/2003/ Jul-Sep/0071.html
49. Shoch, John F, Jon AH. The worm programs early experience with a distributed computation. Communications of the ACM, 1982, 25(3): 172-180.
50. CERT/CC. CERT® Incident Note IN-2001-05. 2001. http://www.cert.org/incident_notes/IN-2001-05.html
51. Weaver N, Paxson V, Staniford S, Cunningham R. Large scale malicious code: A research agenda. 2003. 11-16.
52. Zou CC, Gao L, Gong W, Towsley D. Monitoring and early warning for Internet worms. Technical Report, TR-CSE-03-01, Electrical and Computer Engineering Department, University of Massachusetts, 2003.
53. Liston T. Welcome to my tarpit - The tactical and strategic use of LaBrea. 2001. http://www.labreatechnologies.com/ LaBrea_Tactics_And_Strategy.pdf.
54. Balasubramaniyan JS, Garcia-Fernandez JO, Isacoff D, Spafford E, Zamboni D. An architecture for intrusion detection using autonomous agents. Technical Report, 98/05, Purdue University, 1998.
55. Porras PA, Neumann PG. Emerald: Event monitoring enabling responses to anomalous live disturbances. In: Proc. of the 20th National Information Systems Security Conf. Baltimore: Baltimore Convention Center, 1997. 353-365.