Understanding Divide-Conquer-Scanning Worms

Document Type


Presentation Date


Conference Name

Proceedings of 27th IEEE International Performance Computing and Communications Conference (IPCCC 2008)

Conference Location

Austin, TX

Source of Publication

Performance, Computing and Communications Conference, 2008. IPCCC 2008. IEEE International



Inclusive pages

51 - 58


Internet worms have been a significant security threat. Divide-conquer scanning is a simple yet effective technique that can potentially be exploited by future Internet epidemics. Therefore, it is imperative that defenders understand the characteristics of divide-conquer-scanning worms and study the countermeasures. In this work, we first provide the intuitions that a divide-conquer-scanning worm can potentially spread faster and stealthier than a traditional random-scanning worm. We then characterize the relationships between the propagation speeds of divide-conquer-scanning worms and the distributions of vulnerable hosts through mathematical analysis and simulations. Specifically, we find that if vulnerable hosts follow a non-uniform distribution such as the Witty-worm victim distribution, divide-conquer scanning can spread a worm much faster than random scanning. We also study empirically the effect of important parameters on the spread of divide-conquer-scanning worms. Furthermore, to counteract such attacks, we discuss the weakness of divide-conquer scanning and study a defense mechanism.


Internet, invasive software, Analytical models, Chaos, Computer security, Computer worms, Electronic mail, Internet, Mathematical analysis, Partitioning algorithms, Probes, Space exploration