Journal of the Korea Institute of Information and Communication Engineering (한국정보통신학회논문지)

The Korea Institute of Information and Commucation Engineering (한국정보통신학회)
권호 표지
DOI QR코드

DOI QR Code

The Propagation Dynamics of Multiple Internet Worms

복수 인터넷 웜의 확산 방식 연구

  • Shin, Weon (Department of Information Security, Tongmyong University)
  • Received : 2015.08.13
  • Accepted : 2015.09.18
  • Published : 2015.12.31
Download PDF
⟨ Previous Next ⟩

Abstract

Internet worms have been the major Internet threats may disclose important information and can bring about faults of computer systems, which spread with the fastest speed among malicious codes. Simultaneously spreading multiple worms and its variants are revealing the limitation of conventional responses based on single worms. In order to defend them effectively, it is necessary to study how multiple worms propagate and what factors affect worm spreading. In this paper, we improve the existed single worm spreading models and try to describe the correct spreads of multiple worms. Thus we analyze the spreading effects of multiple worms and its variants by various experiments.

최근 인터넷 웜은 악성코드 중 가장 빠른 속도로 확산하면서 정보 유출, 시스템 결함 등을 일으킬 수 있는 주요한 위협이 되고 있다. 특히, 복수의 인터넷 웜과 변종 웜이 동시 다발적으로 확산하면서 기존 인터넷 웜 대응 방식으로는 한계가 된다는 것을 여실히 보여주고 있다. 이러한 다양한 인터넷 웜에 효과적으로 대응하기 위해서는 복수 웜의 확산 방식을 이해하는 것이 필수적이다. 본 논문에서는 기존의 단일 웜 확산 모델을 개선하여 복수 변종 웜 확산에 대한 정확한 모델링을 목표로 하고, 다양한 실험을 통하여 복수 웜 확산의 양상을 분석한다.

Keywords

References

  1. N. Weaver, V. Paxson, S. Staniford, and R. Cunningham, "A taxonomy of computer worms," in Proceeding 2003 ACM workshop on Rapid malcode, New York, pp.11-18, 2003.
  2. Herbert W. Hethcote, "The Mathematics of Infectious Diseases," SIAM Review, vol. 42, no. 4, pp.599-653, 2000. https://doi.org/10.1137/S0036144500371907
  3. James D. Murray, Mathematical Biology: I. An Introduction, Third Edition, New York, Springer, 2001.
  4. Yini Wang, Sheng Wen, Yang Xiang, and Wanlei Zhou, "Modeling the Propagation of Worms in Networks: A Survey," IEEE Communications Surveys and Tutorials, vol. 16, no. 2, pp. 942-960, 2014. https://doi.org/10.1109/SURV.2013.100913.00195
  5. Cliff C. Zou, Don Towsley and Weibo Gong, "On the Performance of Internet Worm Scanning Strategies," Elsevier Journal of Performance Evaluation, vol. 63, no. 7, pp.700-723, Jul. 2006. https://doi.org/10.1016/j.peva.2005.07.032
  6. Cliff C. Zou, Weibo Gong and Don Towsley. "Code Red Worm Propagation Modeling and Analysis," in Proceeding 9th ACM Conference on Computer and Communication Security, pp.138-147, New York, USA, 2002.
  7. Possible CodeRed Connection Attempts [Internet]. Available: http://lists.jammed.com/incidents/2001/07/0149.html
  8. Re: Possible CodeRed Connection Attempts [Internet]. Available: http://lists.jammed.com/incidents/2001/07/0159.html
  9. Weon Shin, "Propagation Modeling of Multiple Internet Worm Variants," Journal of Security Engineering, vol. 12, no. 3, pp.247-258, 2015. https://doi.org/10.14257/jse.2015.06.04
  10. Sounak Paul and Bimal Kumar Mishra, "Survey of Polymorphic Worm Signatures," International Journal of uand e- Service, Science and Technology, vol.7, no.3, pp.129-150, 2014. https://doi.org/10.14257/ijunesst.2014.7.5.12
  11. Akamai, (Q1 2015), The State of the Internet, 2015 Report, vol. 8, no. 1, Available: https://www.stateoftheinternet.com/resources-web-security-2015-q1-internet-security-report.html
  12. Kelly Burton, The Conficker Worm [Internet]. Available: https://www.sans.org/security-resources/malwarefaq/conficker-worm.php
  13. David Kushner, The Real Story of Stuxnet [Internet]. Available: http://spectrum.ieee.org/telecom/security/the-real- story-of-stuxnet