Optimal worm-scanning method using vulnerable-host distributions
作者: Zesheng Chen , Chuanyi Ji
关键词: The Internet 、 Computer security 、 Host (network) 、 Exploit 、 Infection rate 、 Routing (electronic design automation) 、 Code (cryptography) 、 Empirical distribution function 、 Importance sampling 、 Computer science
摘要: Most internet worms use random scanning. The distribution of vulnerable hosts on the internet, however, is highly non-uniform over IP-address space. This implies that scanning wastes many scans invulnerable addresses and more virulent schemes may take advantage non-uniformity a vulnerable-host distribution. Questions then arise as to how attackers exploit such information resulting worm be. These issues provide 'worst-case scenarios'for defenders 'best-case when available. work develops scenario, called importance scanning, which results from sampling in statistics. Importance space according an empirical hosts. An analytical model developed relate infection rate with Importance-Scanning (IS) strategies. Based parameters chosen Witty Code Red worms, experimental show IS can spread much faster than either random-scanning or routing worm. In addition, game-theoretical approach suggests best strategy for scatter applications uniformly entire
acm.org
sci-hub.se 参考文章(20)
Fabian Monrose, Moheeb Abu Rajab, Andreas Terzis, On the effectiveness of distributed worm monitoring usenix security symposium. pp. 15- 15 ,(2005)
Vern Paxson, Stuart Staniford, Nicholas Weaver, How to Own the Internet in Your Spare Time usenix security symposium. pp. 149- 167 ,(2002)
Sarma Vangala, Kevin Kwiat, Lixin Gao, Jiang Wu, An Effective Architecture and Algorithm for Detecting Worms with Various Scan Techniques ,(2003)
Cliff Changchun Zou, Lixin Gao, Weibo Gong, Don Towsley, Monitoring and early warning for internet worms computer and communications security. pp. 190- 199 ,(2003) , 10.1145/948109.948136
D. Moore, V. Paxson, S. Savage, C. Shannon, S. Staniford, N. Weaver, Inside the Slammer worm ieee symposium on security and privacy. ,vol. 1, pp. 33- 39 ,(2003) , 10.1109/MSECP.2003.1219056
C. Shannon, D. Moore, The spread of the Witty worm ieee symposium on security and privacy. ,vol. 2, pp. 46- 50 ,(2004) , 10.1109/MSP.2004.59
Daryl J. Daley, Joseph Mark Gani, Epidemic Modelling: An Introduction ,(1999)
David Moore, Colleen Shannon, k claffy, Code-Red: a case study on the spread and victims of an internet worm acm special interest group on data communication. pp. 273- 284 ,(2002) , 10.1145/637201.637244
Stuart Staniford, David Moore, Vern Paxson, Nicholas Weaver, The top speed of flash worms workshop on rapid malcode. pp. 33- 42 ,(2004) , 10.1145/1029618.1029624
Z. Chen, L. Gao, K. Kwiat, Modeling the spread of active worms international conference on computer communications. ,vol. 3, pp. 1890- 1900 ,(2003) , 10.1109/INFCOM.2003.1209211