Modeling and Automated Containment of Worms

	This Article
	Subscribers, please Login Purchase article: $19 PDF IEEE Xplore Subscribers RSS feed
	Share
	Email this Article to a friend
	Bibliographic References
	ASCII Text BibTex RefWorks Procite/RefMan/Endnote
	Add to:
	Digg Furl Spurl Blink Simpy Google Del.icio.us Y!MyWeb
	Search
	Similar Articles Articles by Sarah Sellke Articles by Ness B. Shroff Articles by Saurabh Bagchi

2005 International Conference on Dependable Systems and Networks (DSN'05)

Yokohama, Japan

June 28-July 01

ISBN: 0-7695-2282-3

	ASCII Text	x
	Sarah Sellke, Ness B. Shroff, Saurabh Bagchi, "Modeling and Automated Containment of Worms," Dependable Systems and Networks, International Conference on, pp. 528-537, 2005 International Conference on Dependable Systems and Networks (DSN'05), 2005.

	BibTex	x
	@article{ 10.1109/DSN.2005.66, author = {Sarah Sellke and Ness B. Shroff and Saurabh Bagchi}, title = {Modeling and Automated Containment of Worms}, journal ={Dependable Systems and Networks, International Conference on}, volume = {0}, year = {2005}, isbn = {0-7695-2282-3}, pages = {528-537}, doi = {http://doi.ieeecomputersociety.org/10.1109/DSN.2005.66}, publisher = {IEEE Computer Society}, address = {Los Alamitos, CA, USA}, }

	RefWorks Procite/RefMan/Endnote	x
	TY - CONF JO - Dependable Systems and Networks, International Conference on TI - Modeling and Automated Containment of Worms SN - 0-7695-2282-3 SP528 EP537 A1 - Sarah Sellke, A1 - Ness B. Shroff, A1 - Saurabh Bagchi, PY - 2005 KW - Internet scanning worms KW - stochastic worm modeling KW - branching process model KW - early phase propagation KW - automatic worm containment VL - 0 JA - Dependable Systems and Networks, International Conference on ER -

Sarah Sellke, Purdue University

Ness B. Shroff, Purdue University

Saurabh Bagchi, Purdue University

DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/DSN.2005.66

Self-propagating codes, called worms, such as Code Red, Nimda, and Slammer, have drawn significant attention due to their enormous adverse impact on the Internet. There is a great interest in the research community in modeling the spread of worms and in providing adequate defense mechanisms against them.

In this paper, we present a (stochastic) branching process model for characterizing the propagation of Internet worms. This model leads to the development of an automatic worm containment strategy that prevents the spread of worms beyond its early stages. Specifically, using the branching process model, we are able to (1) provide a precise condition that determines whether the worm will eventually die out and (2) provdide the probability that the total number of hosts that the worm infects will be below a certain level. We use these insights to develop a simple automatic worm containment scheme, which is demonstrated, through simulations and real trace data, to be both effective and non-intrusive.

Index Terms:

Internet scanning worms, stochastic worm modeling, branching process model, early phase propagation, automatic worm containment

Citation:

Sarah Sellke, Ness B. Shroff, Saurabh Bagchi, "Modeling and Automated Containment of Worms," dsn, pp.528-537, 2005 International Conference on Dependable Systems and Networks (DSN'05), 2005

Peer Review Notice | Give Us Feedback

Usage of this product signifies your acceptance of the Terms of Use.