Proceedings of the 9th ACM Conference on Computer and Communications Security - CCS '02 2002
DOI: 10.1145/586127.586130
|View full text |Cite
|
Sign up to set email alerts
|

Code red worm propagation modeling and analysis

Abstract: The Code Red worm incident of July 2001 has stimulated activities to model and analyze Internet worm propagation. In this paper we provide a careful analysis of Code Red propagation by accounting for two factors: one is the dynamic countermeasures taken by ISPs and users; the other is the slowed down worm infection rate because Code Red rampant propagation caused congestion and troubles to some routers. Based on the classical epidemic Kermack-Mckendrick model, we derive a general Internet worm model called the… Show more

Help me understand this report

Search citation statements

Order By: Relevance

Paper Sections

Select...
2
1
1
1

Citation Types

2
260
1
13

Year Published

2006
2006
2015
2015

Publication Types

Select...
5
3
2

Relationship

0
10

Authors

Journals

citations
Cited by 196 publications
(276 citation statements)
references
References 7 publications
2
260
1
13
Order By: Relevance
“…Currently, there are two main aspects in the study of basic worm propagation models. One is mainly based on the epidemiology model, including Susceptible-Infectious-Susceptible (SIS) model 25 , Kermack-Mckendrick (KM) model 26 , Two-Factor model 27 , et al This model provides a qualitative understanding of worm spread by using nonlinear different equations. In particular, KM model is also named Susceptible-Infectious-Removed (SIR) model, and is widely used as background research of other worm propagation models, SIRS model 28 for example.…”
Section: Worm Propagationmentioning
confidence: 99%
“…Currently, there are two main aspects in the study of basic worm propagation models. One is mainly based on the epidemiology model, including Susceptible-Infectious-Susceptible (SIS) model 25 , Kermack-Mckendrick (KM) model 26 , Two-Factor model 27 , et al This model provides a qualitative understanding of worm spread by using nonlinear different equations. In particular, KM model is also named Susceptible-Infectious-Removed (SIR) model, and is widely used as background research of other worm propagation models, SIRS model 28 for example.…”
Section: Worm Propagationmentioning
confidence: 99%
“…Nonetheless, the Internet architecture sometimes exhibits collective behaviors that make transparent end-to-end connectivity impossible. Such aggregate collective phenomena include cascading failures [20,22,29], the largest of which have been associated with worm attacks [12,35,38], and "route flapping," which occurs when a router fluctuates quickly between routes without settling into an effective routing pattern [24]. Other such phenomena include bottlenecks, storms, and collective oscillations [10,17,25].…”
Section: Internet2mentioning
confidence: 99%
“…Following earlier efforts [33,43,29] in understanding worms which are selfpropagating malware, several techniques have been proposed to detect and contain them. For a comprehensive overview of various types of worms, we recommend the excellent taxonomy by Weaver et al [39].…”
Section: Connections Between Exploit Code and Worm Spread Mechanismmentioning
confidence: 99%