On the impact of dynamic addressing on malware propagation
作者: Moheeb Abu Rajab , Fabian Monrose , Andreas Terzis
关键词:
摘要: While malware models have become increasingly accurate over the past few years, none of existing proposals accounts for use Network Address Translation (NAT). This oversight is problematic since many network customers NAT in their local networks. In fact, measurements we collected from a distributed honeynet show that approximately 19% infected hosts reside NATted domains. To account this present model can be used to understand impact varying levels deployment on spread by preferentially scanning IP space. Using model, NATting impedes propagation several ways and significant non-uniform worms as it invalidates implicit assumption vulnerable densely populated subnets.
acm.org
jhu.edu 
sci-hub.se 参考文章(14)
Fabian Monrose, Moheeb Abu Rajab, Andreas Terzis, On the effectiveness of distributed worm monitoring usenix security symposium. pp. 15- 15 ,(2005)
N. Weaver, D. Ellis, S. Staniford, V. Paxson, Worms vs. perimeters: the case for hard-LANs high performance interconnects. pp. 70- 76 ,(2004) , 10.1109/CONECT.2004.1375206
Paul Baecher, Markus Koetter, Thorsten Holz, Maximillian Dornseif, Felix Freiling, The Nepenthes Platform: An Efficient Approach to Collect Malware Lecture Notes in Computer Science. pp. 165- 184 ,(2006) , 10.1007/11856214_9
Cliff Changchun Zou, Weibo Gong, Don Towsley, Code red worm propagation modeling and analysis Proceedings of the 9th ACM conference on Computer and communications security - CCS '02. pp. 138- 147 ,(2002) , 10.1145/586110.586130
Vern Paxson, Nicholas Weaver, Abhishek Kumar, Exploiting underlying structure for detailed reconstruction of an internet-scale event internet measurement conference. pp. 33- 33 ,(2005) , 10.5555/1251086.1251119
C. Shannon, D. Moore, The spread of the Witty worm ieee symposium on security and privacy. ,vol. 2, pp. 46- 50 ,(2004) , 10.1109/MSP.2004.59
Steven M. Bellovin, A technique for counting natted hosts acm special interest group on data communication. pp. 267- 272 ,(2002) , 10.1145/637201.637243
Moheeb Abu Rajab, Jay Zarfoss, Fabian Monrose, Andreas Terzis, A multifaceted approach to understanding the botnet phenomenon internet measurement conference. pp. 41- 52 ,(2006) , 10.1145/1177080.1177086
Z. Chen, L. Gao, K. Kwiat, Modeling the spread of active worms international conference on computer communications. ,vol. 3, pp. 1890- 1900 ,(2003) , 10.1109/INFCOM.2003.1209211
S. Antonatos, P. Akritidis, E. P. Markatos, K. G. Anagnostakis, Defending against hitlist worms using network address space randomization workshop on rapid malcode. pp. 30- 40 ,(2005) , 10.1145/1103626.1103633