Evaluation of Worm Containment Algorithms and Their Effect on Legitimate Traffic

Abstract: Internet worm attacks have become increasingly more frequent and have had a major impact on the economy, making the detection and prevention of these attacks a top security concern. Several counter-measures have been proposed and evaluated in recent literature. However, the effect of these proposed defensive mechanisms on legitimate competing traffic has not been analyzed. Clearly, a defensive approach that slows down or stops worm propagation at the expense of completely restricting any legitimate traffic is … Show more

“…These conditions have led to unprecedented speeds by which such worms spread. For example, the SQL Slammer worm infected more than 90% of the 75,000 vulnerable hosts [1] on the entire Internet in 10 minutes, and the Blaster worm infected at least 100,000 systems within one week [2]. SQL slammer and Blaster utilized the already known security hole and were still able to spread quicker than the patch distribution systems.…”

“…SQL slammer and Blaster utilized the already known security hole and were still able to spread quicker than the patch distribution systems. Such incidents warn us that relying on human intervention does not protect against zero-day attacks [1]. History of malicious software evolution [3] indicates that such incidents will happen, and that if anything, their frequency will increase.…”

Mitigating Worm Propagation on Virtual LANs

“…These conditions have led to unprecedented speeds by which such worms spread. For example, the SQL Slammer worm infected more than 90% of the 75,000 vulnerable hosts [1] on the entire Internet in 10 minutes, and the Blaster worm infected at least 100,000 systems within one week [2]. SQL slammer and Blaster utilized the already known security hole and were still able to spread quicker than the patch distribution systems.…”

“…SQL slammer and Blaster utilized the already known security hole and were still able to spread quicker than the patch distribution systems. Such incidents warn us that relying on human intervention does not protect against zero-day attacks [1]. History of malicious software evolution [3] indicates that such incidents will happen, and that if anything, their frequency will increase.…”

Mitigating Worm Propagation on Virtual LANs

“…In particular, researchers study proposed worm defense algorithms in the context of naïve or generic randomly propagating epidemic strategies, or at best attempt to mirror the propagation strategies of previously experienced worms such as Code Red [24] and Slammer [20]. Often, simulation is employed as a cost-efficient way to examine the growth rate impacts of a quarantine algorithm against a modeled epidemic [1,10,23]. However, simulation provides little insight into how the defense performs on strategies other than the specific propagation strategy encoded within the simulation.…”

“…The defense algorithm initially selects the preceding 1 G − 1 peers to which it will later send alert messages. Thereby we reach optimal coverage over the population of nodes, in that each 1 When reaching zero we start over from N . node becomes a peer of the same number of other nodes.…”

Automatically Deducing Propagation Sequences that Circumvent a Collaborative Worm Defense

Towards a framework for worm-defense evaluation