Filters








7,745 Hits in 5.6 sec

Code red worm propagation modeling and analysis

Cliff Changchun Zou, Weibo Gong, Don Towsley
2002 Proceedings of the 9th ACM conference on Computer and communications security - CCS '02  
The Code Red worm incident of July 2001 has stimulated activities to model and analyze Internet worm propagation.  ...  In this paper we provide a careful analysis of Code Red propagation by accounting for two factors: one is the dynamic countermeasures taken by ISPs and users; the other is the slowed down worm infection  ...  Heberlein presented a visual simulation of Code Red worm propagation on Incident.com [17] . Moore provided some valuable observed data and a detailed analysis of Code Red worm behavior [27] .  ... 
doi:10.1145/586110.586130 dblp:conf/ccs/ZouGT02 fatcat:ju5sjmknynardbhnkantya3l7a

Code red worm propagation modeling and analysis

Cliff Changchun Zou, Weibo Gong, Don Towsley
2002 Proceedings of the 9th ACM conference on Computer and communications security - CCS '02  
The Code Red worm incident of July 2001 has stimulated activities to model and analyze Internet worm propagation.  ...  In this paper we provide a careful analysis of Code Red propagation by accounting for two factors: one is the dynamic countermeasures taken by ISPs and users; the other is the slowed down worm infection  ...  Heberlein presented a visual simulation of Code Red worm propagation on Incident.com [17] . Moore provided some valuable observed data and a detailed analysis of Code Red worm behavior [27] .  ... 
doi:10.1145/586127.586130 fatcat:mn2f6qfpezfulmny55q7grm2ta

On the performance of Internet worm scanning strategies

Cliff C. Zou, Don Towsley, Weibo Gong
2006 Performance evaluation (Print)  
In recent years, fast spreading worms, such as Code Red, Slammer, Blaster and Sasser, have become one of the major threats to the security of the Internet.  ...  In addition, based on our simulation and analysis of Blaster worm propagation and monitoring, we provide a guideline for building a better worm monitoring infrastructure.  ...  Acknowledgements We gratefully thank researchers in University of Michigan "Internet Motion Sensor" for providing us their monitoring data on Witty worm propagation.  ... 
doi:10.1016/j.peva.2005.07.032 fatcat:bqiaziaaefbcvb4txtf2ra32yu

Detecting Worm Propagation Using Traffic Concentration Analysis and Inductive Learning [chapter]

Sanguk Noh, Cheolho Lee, Keywon Ryu, Kyunghee Choi, Gihyun Jung
2004 Lecture Notes in Computer Science  
As a vast number of services have been flooding into the Internet, it is more likely for the Internet resources to be exposed to various hacking activities such as Code Red and SQL Slammer worm.  ...  Since various worms quickly spread over the Internet using self-propagation mechanism, it is crucial to detect worm propagation and protect them for secure network infrastructure.  ...  The network traffic models were generated in two settings: the normal Web server without worm's activity and the Web server infected by Code Red.  ... 
doi:10.1007/978-3-540-28651-6_59 fatcat:qmmm7baepzayblt3mgd742nmsy

The Analysis of Random Propagating Worms using Network Bandwidth

Kwang Sun Ko, Hyunsu Jang, Byuong Woon Park, Young Ik Eom
2010 KSII Transactions on Internet and Information Systems  
The analysis and simulation results are presented using this factor. The simulation results show that the scan rate is more sensitive than the propagation packet for detecting worms' propagations.  ...  This model uses the number of infected hosts in a domain as a factor in the worms' propagation.  ...  The two cases, both the analysis results of Code Red and the research results of Slammer, show that network bandwidth is the most important and sensitive factor that affects worm propagation.  ... 
doi:10.3837/tiis.2010.04.007 fatcat:5tmqby7glzal3e6glufpu6rcbq

Experiences with worm propagation simulations

Arno Wagner, Thomas D�bendorfer, Bernhard Plattner, Roman Hiestand
2003 Proceedings of the 2003 ACM workshop on Rapid Malcode - WORM'03  
One specific feature of the simulator is that the Internet model used can represent network bandwidth and latency constraints.  ...  We discuss motivation and possibilities to study the behaviour of such worms and degrees of freedom that worm writers have. To facilitate the study of fast worms we have designed a simulator.  ...  Code Red To validate our simulator's results for TCP-based worms, we tried to approximate the behaviour of Code Red Iv2.  ... 
doi:10.1145/948187.948194 dblp:conf/worm/WagnerDPH03 fatcat:j75beyfwgbcs5dyn3b2bb42qoe

Eliminating Errors in Worm Propagation Models

Yini Wang, Sheng Wen, Silvio Cesare, Wanlei Zhou, Yang Xiang
2011 IEEE Communications Letters  
This paper studies the propagation mechanism of the two main classes of worms: scanning worms (Code Red II) and nonreinfection email worms.  ...  Our simulations and analysis show the fact that the existence of errors has nonnegligible effect on worm propagation modeling. We quantify the error and propose a method to eliminate it.  ...  of Code Red II (the first 81 nodes in 5000 nodes).  ... 
doi:10.1109/lcomm.2011.070711.110254 fatcat:ohbyoctlgrhr7d2bcpaxxtnnzm

The monitoring and early detection of Internet worms

C.C. Zou, Weibo Gong, D. Towsley, Lixin Gao
2005 IEEE/ACM Transactions on Networking  
In addition, for uniform-scan worms such as Code Red, we can effectively predict the overall vulnerable population size, and estimate accurately how many computers are really infected in the global Internet  ...  After many Internet-scale worm incidents in recent years, it is clear that a simple self-propagating worm can quickly spread across the Internet and cause severe damage to our society.  ...  However, through simulation and analysis, [48] showed that the propagation of these worms still closely follows the epidemic model (1). The epidemic model (1) has its limitations.  ... 
doi:10.1109/tnet.2005.857113 fatcat:4savbhtmozcujjtore2lvcmsam

Preliminary results using scale-down to explore worm dynamics

Nicholas Weaver, Ihab Hamadeh, George Kesidis, Vern Paxson
2004 Proceedings of the 2004 ACM workshop on Rapid malcode - WORM '04  
We develop a series of abstract models approximating Slammer's Internet propagation and demonstrate that such modeling appears to require incorporating both heterogeneous clustering of infectibles and  ...  A major challenge when attempting to analyze and model large-scale Internet phenomena such as the dynamics of global worm propagation is finding appropriate abstractions that allow us to tractably grapple  ...  ACKNOWLEDGMENTS Our thanks to Abhishek Kumar for analyzing the scanning rate data for Witty, and Colleen Shannon and David Moore (CAIDA) and Vinod Yegneswaran and Paul Barford (WAIL) for providing traces  ... 
doi:10.1145/1029618.1029628 dblp:conf/worm/WeaverHKP04 fatcat:elpncnalrjexbd7mjficlusoye

Simulating realistic network worm traffic for worm warning system design and testing

Michael Liljenstam, David M. Nicol, Vincent H. Berk, Robert S. Gray
2003 Proceedings of the 2003 ACM workshop on Rapid Malcode - WORM'03  
Our experiments indicate that the tracking algorithms currently implemented in the DIB:S/TRAFEN system could detect attacks such as Code Red v2 and Sapphire/Slammer very early, even when monitoring a quite  ...  In this paper, we describe a worm simulation model we are developing to accurately model the largescale spread dynamics of a worm and many aspects of its detailed effects on the network.  ...  ACKNOWLEDGMENTS We thank Ken Eichman at the Chemical Abstract Service and Andrew Daviel at TRIUMF Canada for generously providing the Code Red and Sapphire/Slammer data sets, respectively.  ... 
doi:10.1145/948187.948193 dblp:conf/worm/LiljenstamNBG03 fatcat:t2mooj5lqnexnjkois7ytz75vy

A new worm exploiting IPv6 and IPv4-IPv6 dual-stack networks: experiment, modeling, simulation, and defense

Ting Liu, Xiaohong Guan, Qinghua Zheng, Yu Qu
2009 IEEE Network  
The propagation of Code Red is simulated by the classical epidemic model used in many Code Red worm models [8] , and that of Blaster by the simulator developed by Zou in [10] .  ...  used the classical epidemic model to study Code Red right after the Code Red incident on July 19, 2001, assuming the worm spread at a constant rate and the Internet is a homogeneous network [8] .  ... 
doi:10.1109/mnet.2009.5274918 fatcat:x4dwk4zq4vblxlze4y3qxuqua4

Modeling the Propagation of Worms in Networks: A Survey

Yini Wang, Sheng Wen, Yang Xiang, Wanlei Zhou
2014 IEEE Communications Surveys and Tutorials  
In this thesis, we present a microcosmic analysis of the propagation procedure for scanning worms. It is different from traditional models and can accurately reflect  ...  However, previous models mainly focus on analyzing the trends of worm propagation and fail to describe the spreading of worms between different individual nodes.  ...  Some worms, such as Code Red [2] , Code Red II [15, [29] [30] , and Slammer [12] can propagate without a dependency on the topology.  ... 
doi:10.1109/surv.2013.100913.00195 fatcat:6nwmunzbg5byhda5job2krhqcq

Computer Virus Propagation Models [chapter]

Giuseppe Serazzi, Stefano Zanero
2004 Lecture Notes in Computer Science  
In this paper, we review the most popular models of virus propagation, analyzing the underlying assumptions of each of them, their strengths and their weaknesses.  ...  The availability of reliable models of computer virus propagation would prove useful in a number of ways, in order both to predict future threats, and to develop new containment measures.  ...  Acknowledgments We thank David Moore of CAIDA, and Stuart Staniford of Silicon Defense, for allowing us to reproduce their measurements of Code Red v2 expansion.  ... 
doi:10.1007/978-3-540-24663-3_2 fatcat:usg6e6caingebiz2glhbsvj2me

A Pseudo-Worm Daemon (PWD) for empirical analysis of zero-day network worms and countermeasure testing

Khurram Shahzad, Steve Woodhead
2014 Fifth International Conference on Computing, Communications and Networking Technologies (ICCCNT)  
Furthermore, this paper presents experimentation and analysis of a Pseudo-Witty worm by employing the PWD with real Witty worm outbreak attributes.  ...  In order to understand the epidemiology of computer worms; a network daemon is required to empirically observe their infection and propagation behavior.  ...  For example, Code Red and Slammer both used exploit zero-day vulnerabilities. C.  ... 
doi:10.1109/icccnt.2014.6963124 fatcat:gp7nfxxolfemhlca77brkvrsxe

Monitoring and early warning for internet worms

Cliff Changchun Zou, Lixin Gao, Weibo Gong, Don Towsley
2003 Proceedings of the 10th ACM conference on Computer and communication security - CCS '03  
After the Code Red incident in 2001 and the SQL Slammer in January 2003, it is clear that a simple self-propagating worm can quickly spread across the Internet, infects most vulnerable computers before  ...  Our simulation experiments for Code Red and SQL Slammer show that with observation data from a small fraction of IP addresses, we can detect the presence of a worm when it infects only 1% to 2% of the  ...  ACKNOWLEDGEMENTS This work is supported in part by ARO contract DAAD19-01-1-0610; by DARPA under Contract DOD F30602-00-0554; by NSF under grant EIA-0080119, ANI9980552, ANI-0208116, and by Air Force Research  ... 
doi:10.1145/948134.948136 fatcat:fw62654m6zebxobcdjuounbete
« Previous Showing results 1 — 15 out of 7,745 results