Understanding Divide-Conquer-Scanning Worms
Proceedings of 27th IEEE International Performance Computing and Communications Conference (IPCCC 2008)
Source of Publication
Performance, Computing and Communications Conference, 2008. IPCCC 2008. IEEE International
51 - 58
Internet worms have been a significant security threat. Divide-conquer scanning is a simple yet effective technique that can potentially be exploited by future Internet epidemics. Therefore, it is imperative that defenders understand the characteristics of divide-conquer-scanning worms and study the countermeasures. In this work, we first provide the intuitions that a divide-conquer-scanning worm can potentially spread faster and stealthier than a traditional random-scanning worm. We then characterize the relationships between the propagation speeds of divide-conquer-scanning worms and the distributions of vulnerable hosts through mathematical analysis and simulations. Specifically, we find that if vulnerable hosts follow a non-uniform distribution such as the Witty-worm victim distribution, divide-conquer scanning can spread a worm much faster than random scanning. We also study empirically the effect of important parameters on the spread of divide-conquer-scanning worms. Furthermore, to counteract such attacks, we discuss the weakness of divide-conquer scanning and study a defense mechanism.
Internet, invasive software, Analytical models, Chaos, Computer security, Computer worms, Electronic mail, Internet, Mathematical analysis, Partitioning algorithms, Probes, Space exploration
Y Li, Z. Chen, and Chao Chen (2008).
Understanding Divide-Conquer-Scanning Worms. Performance, Computing and Communications Conference, 2008. IPCCC 2008. IEEE International. 51 - 58. IEEE.Presented at Proceedings of 27th IEEE International Performance Computing and Communications Conference (IPCCC 2008), Austin, TX.