Issue No. 09 - September (2009 vol. 58)
DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/TC.2009.63
Biplab Sikdar , Rensselaer Polytechnic Institute, Troy
Bradley Stephenson , MITRE Corporation, McLean and Rensselaer Polytechnic Institute, Troy
Polymorphic computer worms are characterized by their ability to change their byte sequence as they replicate and propagate, thereby aiming to thwart intrusion detection systems (IDSes). In this letter, we propose a model based on coevolution of biological quasi-species to characterize the propagation of polymorphic worms and the effect of IDSes on their dynamics. The model is used to derive the conditions required for the IDS to contain the worm. The model is validated using simulations.
Network security, computer virus and worms, modeling techniques.
Biplab Sikdar, Bradley Stephenson, "A Quasi-Species Model for the Propagation and Containment of Polymorphic Worms", IEEE Transactions on Computers, vol. 58, no. , pp. 1289-1296, September 2009, doi:10.1109/TC.2009.63