Abstract
The gradual hybrid anti-worm (GHAW) was presented. It changed its confrontation scheme in real time according to the percentage of vulnerable hosts present in the network. For GHAW, its process of countering malicious internet worms was modeled. The performance of GHAW on two factors was also estimated: confronting validity against worms and consumption of network resources. Factors governing its performance, specifically the transformation threshold and the transformation rate, were analyzed. The simulation experiments show that GHAW has dynamical adaptability to changes of network conditions and offers the same level of effectiveness on confronting internet worms as the divide-and-rule hybrid anti-worm, with significantly less cost to network resources. The experiments also indicate that the transformation threshold is the key factor affecting the performance of GHAW.
This is a preview of subscription content, log in via an institution to check access.
Similar content being viewed by others
References
KIENZLE D M, ELDER M C. Recent worms: A survey and trends [C]// STANIFORD S. Proc of the ACM CCS Workshop on Rapid Malcode. New York: ACM, 2003: 1–10.
STANIFORD S, MOORE D, PAXSON V, WEAVER N. The top speed of flash worm [C]// Proc of the 2004 ACM Workshop on Rapid Malcode. New York: ACM, 2004: 33–42.
MOORE D, SHANNON C, BROWN J. Code-red: A case study on the spread and victims of an Internet worm [C]// Proc of the 2nd ACM SIGCOMM Workshop on Internet Measurement. New York: ACM, 2002: 273–284.
MOORE D, PAXSON V, SAVAGE S, SHANNON C, STANIFORD S, WEAVER N. Inside the slammer worm [J]. IEEE Magazine of Security and Privacy, 2003, 1(4): 33–39.
WEN Wei-ping, QING Si-han, JIANG Jian-chun. Research and development of internet worms [J]. Journal of Software, 2004, 15(8): 1208–1219. (in Chinese)
BU Tian, CHEN Ai-you, WIEL S V, WOO T. Design and evaluation of a fast and robust worm detection algorithm [C]// Proc of IEEE INFOCOM2006. Piscataway: IEEE, 2006: 169–180.
JIANG Xu-xian, BUCHHOLZ F, WALTERS A, XU Dong-yan, WANG Yi-min, SPAFFORD E H. Tracing worm break-in and contaminations via process coloring: A provenance-preserving approach [J]. IEEE Transactions on Parallel and Distributed Systems, 2008, 19(7): 890–902.
YU Wei, ZHANG Nan, FU Xin-wen, ZHAO Wei. Self-disciplinary worms and countermeasures: Modeling and analysis [J]. IEEE Transactions on Parallel and Distributed Systems, 2010, 21(10): 1501–1514.
WU Dan, LONG Dong-yang, WANG Chang-ji, GUAN Zhan-peng. Modeling and analysis of worm and killer-worm propagation using the divide-and-conquer strategy [C]// Proc of the 6th International Conference on Algorithms and Architecture for Parallel Processing. Berlin: Springer, 2005: 370–375.
CASTANED F, SEZER C E, XU Jun. WORM vs. WORM: Preliminary study of an active counter-attack mechanism [C]// Proc of the 2004 ACM Workshop on Rapid Malcode. New York: ACM, 2004: 83–93.
WANG Chao, QING Si-han, HE Jian-bo. Anti-worm based on hybrid confronting technology [J]. Journal on Communications, 2007, 28(1): 28–34. (in Chinese)
ZHOU Han-xun, ZHAO Hong, WEN Ying-you. Modeling and analysis of divide-and-rule-hybrid-benign worms [J]. Journal of Computer Research and Development, 2009, 46(7): 1110–1116. (in Chinese)
LIU Qing, ZHENG Qing-hua, GUAN Xiao-hong, CHEN Xin-qi, CAI Zhong-min. Modeling and analysis of worm propagation in IPV6 networks [J]. Chinese Journal of Computers, 2006, 29(8): 1337–1345. (in Chinese)
CHEB Ze-sheng, GAO Li-xin, KWIAT K. Modeling the spread of active worms [C]// Proc of IEEE INFOCOM 2003. Piscataway: IEEE, 2003: 1890–1900.
ZOU C C, GONG Wei-bo, TOWSLEY D. Code red worm propagation modeling and analysis [C]// Proc of the ACM Conference on Computer and Communications Security. New York: ACM, 2002: 138–147.
STEPHEBSON B, SIKDAR B. A quasi-species approach for modeling the dynamics of polymorphic worms [C]// Proc of IEEE INFOCOM2006. Piscataway: IEEE, 2006: 144–155.
MANNA P K, CHEN Shi-gang, RANKA S. Inside the permutation-scanning worms: Propagation modeling and analysis [J]. IEEE/ACM Transactions on Networking, 2010, 18(3): 858–870.
Author information
Authors and Affiliations
Corresponding author
Additional information
Foundation item: Project(61070194) supported by the National Natural Science Foundation of China; Project([2009]1886) supported by the Information Security Industrialization Fund from NDRC of China in 2009; Project(CJ[2010]341) supported by the Major Achievements Transfer Projects of MOF and MIIT of China in 2010; Project(2011FJ2003) supported by the Natural Science Foundation of Hunan Province, China
Rights and permissions
About this article
Cite this article
Li, Jq., Qin, Z., Ou, L. et al. Modeling and analysis of gradual hybrid anti-worm. J. Cent. South Univ. Technol. 18, 2050–2055 (2011). https://doi.org/10.1007/s11771-011-0941-x
Received:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s11771-011-0941-x