wormStrategy - OnthePerformanceofInternet...

Info iconThis preview shows pages 1–7. Sign up to view the full content.

View Full Document Right Arrow Icon
1 On the Performance of Internet  Worm Scanning Strategies  Cliff C. Zou,   Don Towsley,   Weibo Gong Univ. Massachusetts, Amherst
Background image of page 1

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
2 Motivation Hackers have tried various scanning strategies in their  scan-based  worms Uniform scan   Code Red, Slammer Local preference scan   Code Red II Sequential scan   Blaster Possible scanning strategies: Target preference scan   (selective attack from a routing worm) Divide-and-conquer scan How do they affect a worm’s propagation? Mean value analysis ( based on  law of large number ) Numerical solutions;  Simulation studies.
Background image of page 2
3 Some Analysis Conclusions Equivalent when hosts are uniformly distributed Uniform scan Sequential scan Divide-and-conquer scan Local preference scan  increases a worm’s speed When vulnerable hosts are not uniformly distributed Optimal local scan prob.  p    when local network size  Sequential scan     selecting starting point locally slows down  worm propagation speed Selective attack    global scan  or  target-only scan  determined  by distribution of vulnerable hosts.
Background image of page 3

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
4 Two Guidelines in Defense Prevent attackers from Identifying IP addresses of a large number of  vulnerable hosts    Flash worm Hit-list worm Obtaining address information to reduce a worm’s  scanning space    Routing worm Worm monitoring system IP space coverage is not the only issue  Should monitor as many as possible well distributed  IP blocks    non-uniform scan worm
Background image of page 4
5 Epidemic Model Introduction Model for homogeneous system Model for interacting groups # of infectious infection ability # of hosts scan rate For worm modeling: scanning space
Background image of page 5

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
6 Infinitesimal Analysis  of Epidemic Model From time  t  to  t+ δ :  ( δ   !  0) Vulnerable hosts  [N-I(t)];  infected hosts  I(t). An infected host infects                              vulnerable hosts.
Background image of page 6
Image of page 7
This is the end of the preview. Sign up to access the rest of the document.

This note was uploaded on 08/25/2011 for the course EEL 5937 taught by Professor Staff during the Spring '08 term at University of Central Florida.

Page1 / 18

wormStrategy - OnthePerformanceofInternet...

This preview shows document pages 1 - 7. Sign up to view the full document.

View Full Document Right Arrow Icon
Ask a homework question - tutors are online