Scribd
Upload
45 views

Seminar

This document discusses modeling the spread of Internet worms and developing defense mechanisms against them. The authors present a stochastic branching process model to characterize the propagation of both uniform and preferential scanning worms. This model is then used to develop an automatic worm containment strategy that can prevent worms from spreading beyond their early stages. Simulations and real data show that the containment schemes are effective against both uniform and preferential scanning worms without being intrusive.

Uploaded by

srikanth96
Copyright
© Attribution Non-Commercial (BY-NC)
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOC, PDF, TXT or read online on Scribd
45 views

Seminar

This document discusses modeling the spread of Internet worms and developing defense mechanisms against them. The authors present a stochastic branching process model to characterize the propagation of both uniform and preferential scanning worms. This model is then used to develop an automatic worm containment strategy that can prevent worms from spreading beyond their early stages. Simulations and real data show that the containment schemes are effective against both uniform and preferential scanning worms without being intrusive.

Uploaded by

srikanth96
Copyright
© Attribution Non-Commercial (BY-NC)
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOC, PDF, TXT or read online on Scribd
You are on page 1/ 2

Introduction

Self-propagating codes, called worms, such as Code Red, Nimda, and


Slammer, have drawn significant attention due to their enormously adverse
impact on the Internet. Thus, there is great interest in the research community in
modeling the spread of worms and in providing adequate defense mechanisms
against them. In this project, we present a (stochastic) branching process model
for characterizing the propagation of Internet worms. The model is developed for
uniform scanning worms and then extended to preference scanning worms. This
model leads to the development of an automatic worm containment strategy that
prevents the spread of a worm beyond its early stage. Specifically, for uniform
scanning worms, we are able to determine whether the worm spread will
eventually stop. We then extend our results to contain uniform scanning worms.
Our automatic worm containment schemes effectively contain both uniform
scanning worms and local preference scanning worms, and it is validated through
simulations and real trace data to be non intrusive.

PROBLEM we are witnessing an upsurge in the incidents of malicious code

in the form of computer viruses and worms. One class of such malicious code,
known as random scanning worms, spreads itself without human intervention by
using a scanning strategy to find vulnerable hosts to infect. Code Red, SQL
Slammer, and Sasser are some of the more famous examples of worms that have
caused considerable damage. Network worms have the potential to infect many
vulnerable hosts on the Internet before human countermeasures take place. The
aggressive scanning traffic generated by the infected hosts has caused network
congestion, equipment failure, and blocking of physical facilities such as subway
stations, 911 call centers, etc. As a representative example, consider the Code
RedwormVersion 2 that exploited buffer overflow vulnerability in the Microsoft
IISWebservers. It was released on19 July 2001 Andover a period of less than 14
hours infected more than 359,000 machines. The cost of the epidemic, including
subsequent strains of Code Red, has been estimated by Computer Economics to be
$2.6 billion.

AIM

The goal of our research is to provide a model for the propagation of random
scanning worms and the corresponding developme nt of automatic containment
mechanisms that prevent the spread of worms beyond their early stages. This
containment scheme is then extended to protect an enterprise network from a
preference scanning worm

You might also like