Worm anatomy and model

Subscribe (Full Service)


	Search: The ACM Digital Library The Guide

	Feedback

Worm anatomy and model

Full text

Pdf (274 KB)

Source

Workshop on Rapid Malcode archive
Proceedings of the 2003 ACM workshop on Rapid malcode table of contents

Washington, DC, USA

SESSION: Formation and simulation table of contents

Pages: 42 - 50

Year of Publication: 2003

ISBN:1-58113-785-0

Author

Dan Ellis

The MITRE Corporation, McLean, VA

Sponsors

SIGSAC: ACM Special Interest Group on Security, Audit, and Control
ACM: Association for Computing Machinery

Publisher

ACM New York, NY, USA

Bibliometrics

Downloads (6 Weeks): 10, Downloads (12 Months): 143, Citation Count: 3

Additional Information:

abstract references cited by index terms collaborative colleagues peer to peer

Tools and Actions:	Review this Article Save this Article to a Binder Display Formats: BibTex EndNote ACM Ref

DOI Bookmark:	Use this link to bookmark this Article: http://doi.acm.org/10.1145/948187.948196 What is a DOI?

ABSTRACT

We present a general framework for reasoning about network worms and analyzing the potency of worms within a specific network. First, we present a discussion of the life cycle of a worm based on a survey of contemporary worms. We build on that life cycle by developing a relational model that associates worm parameters, attributes of the environment, and the subsequent potency of the worm. We then provide a worm analytic framework that captures the generalized mechanical process a worm goes through while moving through a specific environment and its state as it does so. The key contribution of this work is a worm analytic framework. This framework can be used to evaluate worm potency and develop and validate defensive countermeasures and postures in both static and dynamic worm conflict. This framework will be implemented in a modeling and simulation language in order to evaluate the potency of specific worms within an environment.

REFERENCES

Note: OCR errors may be found in this Reference List extracted from the full text article. ACM has opted to expose the complete List rather than only correct and linked references.

	1	http://www.cert.org/body/advisories/CA200126_FA200126.html
	2	F. Cohen, Computer viruses: theory and experiments, Computers and Security, v.6 n.1, p.22-35, Feb. 1987 [doi>10.1016/0167-4048(87)90122-2 ]
	3	F. B. Cohen, A formal definition of computer worms and some related results, Computers and Security, v.11 n.7, p.641-652, Nov. 1992 [doi>10.1016/0167-4048(92)90144-G ]
	4	Stuart Staniford-Chen, R. Crawford, M. Dilger, J. Frank, J. Hoagland, K. Levitt, D. Zerkle, "GrIDS A Graph-Based Intrusion Detection System for Large Networks", In the Proceedings of the 19th National Information Systems Security Conference, 1996.
	5	Robert Baldwin, Rule Based Analysis of Computer Security. PhD Thesis, MIT EE, June 1987.
	6	Dan Zerkle, Karl Levitt, "NetKuang -- A Multi-Host Configuration Vulnerability Checker", In 6th USENIX Security Symposium, San Jose, California, July 1996.
	7	Paul Ammann , Duminda Wijesekera , Saket Kaushik, Scalable, graph-based network vulnerability analysis, Proceedings of the 9th ACM conference on Computer and communications security, November 18-22, 2002, Washington, DC, USA [doi>10.1145/586110.586140]
	8	Oleg Sheyner , Joshua Haines , Somesh Jha , Richard Lippmann , Jeannette M. Wing, Automated Generation and Analysis of Attack Graphs, Proceedings of the 2002 IEEE Symposium on Security and Privacy, p.273, May 12-15, 2002
	9	J. O. Kephat, S. R. White, "Directed-graph Epidemiological Models of Computer Viruses", Proceedings of the 1991 IEEE Computer Society Symposium on Research in Security and Privacy, pp. 343--359.
	10	Jeffrey O. Kephart , Steve R. White , David M. Chess, Computers and epidemiology, IEEE Spectrum, v.30 n.5, p.20-26, May 1993 [doi>10.1109/6.275061 ]
	11	Stuart Staniford , Vern Paxson , Nicholas Weaver, How to Own the Internet in Your Spare Time, Proceedings of the 11th USENIX Security Symposium, p.149-167, August 05-09, 2002
	12	Cliff Changchun Zou , Weibo Gong , Don Towsley, Code red worm propagation modeling and analysis, Proceedings of the 9th ACM conference on Computer and communications security, November 18-22, 2002, Washington, DC, USA [doi>10.1145/586110.586130]
	13	Chenxi Wang , J. C. Knight , M. C. Elder, On computer viral infection and the effect of immunization, Proceedings of the 16th Annual Computer Security Applications Conference, p.246, December 11-15, 2000
	14	http://www.sophos.com/virusinfo/analyses/w32nachia.html
	15	http://www.whitehats.com/library/worms/lion/

CITED BY 3

	Daniel R. Ellis , John G. Aiken , Kira S. Attwood , Scott D. Tenaglia, A behavioral approach to worm detection, Proceedings of the 2004 ACM workshop on Rapid malcode, October 29-29, 2004, Washington DC, USA
	Monirul I. Sharif , George F. Riley , Wenke Lee, Comparative Study between Analytical Models and Packet-Level Worm Simulations, Proceedings of the 19th Workshop on Principles of Advanced and Distributed Simulation, p.88-98, June 01-03, 2005
	Surasak Sanguanpong , Urupoj Kanlayasiri, Worm damage minimization in enterprise networks, International Journal of Human-Computer Studies, v.65 n.1, p.3-16, January, 2007

INDEX TERMS

Primary Classification:
K. Computing Milieux
K.6 MANAGEMENT OF COMPUTING AND INFORMATION SYSTEMS
K.6.5 Security and Protection (D.4.6, K.4.2)
Subjects: Invasive software (e.g., viruses, worms, Trojan horses)

Additional Classification:
C. Computer Systems Organization
C.2 COMPUTER-COMMUNICATION NETWORKS
C.2.0 General
Subjects: Security and protection (e.g., firewalls)
C.4 PERFORMANCE OF SYSTEMS
Subjects: Measurement techniques

H. Information Systems
H.1 MODELS AND PRINCIPLES

General Terms:
Security

Keywords:
network modeling, network security, turing machine, worm

Collaborative Colleagues:

Dan Ellis: colleagues

Peer to Peer - Readers of this Article have also read:

Augmenting shared personal calendars Proceedings of the 15th annual ACM symposium on User interface software and technology
Joe Tullio , Jeremy Goecks , Elizabeth D. Mynatt , David H. Nguyen
Polymer simulation on the hypercube Proceedings of the third conference on Hypercube concurrent computers and applications
H-Q. Ding
Data structures for quadtree approximation and compression Communications of the ACM 28, 9
Hanan Samet
A hierarchical single-key-lock access control using the Chinese remainder theorem Proceedings of the 1992 ACM/SIGAPP Symposium on Applied computing
Kim S. Lee , Huizhu Lu , D. D. Fisher
The GemStone object database management system Communications of the ACM 34, 10
Paul Butterworth , Allen Otis , Jacob Stein

Adobe Acrobat

QuickTime

Windows Media Player

Real Player