Skip to main content
SpringerLink
Log in

Key Factors Influencing Worm Infection in Enterprise Networks

  • Conference paper
Information Security Applications (WISA 2005)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 3786))

Included in the following conference series:

  • 884 Accesses

Abstract

Worms are a key vector of computer attacks that produce great damage of enterprise networks. Little is known about either the effect of host and network configuration factors influencing worm infection or the approach to predict the number of infected hosts. In this paper we present the results of real worm attacks to determine the factors influencing worm infection, and to propose the prediction model of worm damage. Significant factors are extracted from host and network configuration: openness, homogeneity, and trust. Based on these different factors, fuzzy decision is used to produce the accurate prediction of worm damage. The contribution of this work is to understand the effect of factors and the risk level of infection for preparing the protection, responsiveness, and containment to lessen the damage that may occur. Experimental results show that the selected parameters are strongly correlated with actual infection, and the proposed model produces accurate estimates.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Staniford, S., Paxon, V., Weaver, N.: How to 0wn the Internet in Your Spare Time. In: Proceedings of the 11th USENIX Security Symposium, pp. 149–167 (2002)

    Google Scholar 

  2. Moore, D., Shannon, C.: Code-Red: a Case Study on the Spread and Victims of an Internet Worm. In: Proceedings of the ACM SICGOMM Internet Measurement Workshop, pp. 273–284 (2002)

    Google Scholar 

  3. Moore, D., Shannon, C., Voelker, G., Savage, S.: Internet Quarantine: Requirements for Containing Self-Propagating Code. In: Proceedings of the IEEE INFOCOM Conference, pp. 1901–1910 (2003)

    Google Scholar 

  4. Moore, D., Paxon, V., Savage, S., Shannon, C., Staniford, S., Weaver, N.: The Spread of the Sapphire/Slammer Worm. In: CAIDA (2003)

    Google Scholar 

  5. CERT/CC Advisory: Nimda worm. CA-2001-26, CERT (2001)

    Google Scholar 

  6. CERT/CC Advisory: W32/Blaster worm. CA-2003-20, CERT (2003)

    Google Scholar 

  7. Jang, J.R.: Neuro-Fuzzy and Soft Computing. Prentice-Hall, Englewood Cliffs (1997)

    Google Scholar 

  8. Timothy, J.R.: Fuzzy Logic With Engineering Applications. McGRAW-HILL, Singapore (1997)

    Google Scholar 

  9. Kim, C.J.: An Algorithmic Approach for Fuzzy Inference. IEEE Transaction on Fuzzy Systems 5(4), 585–598 (1997)

    Article  Google Scholar 

  10. Toth, T., Kruegel, C.: Connection-history Based Anomaly Detection. In: Proceedings of the IEEE Workshop on Information Assurance and Security, pp. 30–35 (2002)

    Google Scholar 

  11. Williamson, M.: Throttling Viruses: Restricting Propagation to Defeat Malicious Mobile Code. HP Laboratories Bristol, Report No. HPL-2002-172 (2002)

    Google Scholar 

  12. Cheung, S., Crawford, R., Dilger, M., Frank, J., Hoagland, J., Levitt, K., Rowe, J., Staniford Chen, S., Yip, R., Zerkle, D.: The Design of GrIDS: A Graph-Based Intrusion Detection System. Computer Science Dept., UC Davis, Report No. CSE-99-2 (1999)

    Google Scholar 

  13. Kephart, J.O., White, R.S.: Measuring and Modeling Computer Virus Prevalence. In: Proceedings of the IEEE Symposium on Security and Privacy, pp. 2–14 (1993)

    Google Scholar 

  14. Eustice, K., Kleinrock, L., Markstrum, S., Popek, G., Ramakrishna, V., Reiher, P.: Securing Nomads: The Case for Quarantine, Examination and Decontamination. In: Proceedings of the ACM New Security Paradigms Workshop, pp. 123–128 (2004)

    Google Scholar 

  15. Kephart, J.O., White, R.S.: Directed-graph Epidemiological Models of Computer Virus Prevalence. In: Proceedings of the IEEE Symposium on Security and Privacy, pp. 343–359 (1993)

    Google Scholar 

  16. Zou, C.C., Gong, W., Towsley, D.: Code Red Worm Propagation Modeling and Analysis. In: Proceedings of the ACM CCS 2002, pp. 138–147 (2002)

    Google Scholar 

  17. Chen, Z., Gao, L., Kwiat, K.: Modeling the Spread of Active Worms. In: Proceedings of the IEEE Symposium on Security and Privacy, pp. 1890–1900 (2003)

    Google Scholar 

  18. Ellis, D.: Worm Anatomy and Model. In: Proceedings of the ACM Worm 2003, pp. 42–50 (2003)

    Google Scholar 

  19. Kenzle, D.M., Elder, M.C.: Recent Worms: A Survey and Trends. In: Proceedings of the ACM Worm 2003, pp. 1–10 (2003)

    Google Scholar 

  20. Wegner, A., Dubendorfer, T., Plattner, B., Hiestand, R.: Experiences with Worm Propagation Simulations. In: Proceedings of the ACM Worm 2003, pp. 34–41 (2003)

    Google Scholar 

  21. Weaver, N., Paxson, V., Staniford, S., Cunningham, R.: A Taxonomy of Computer Worms. In: Proceedings of the ACM Worm 2003, pp. 11–18 (2003)

    Google Scholar 

  22. Wang, C., Knight, J., Elder, M.: On computer viral infection and the effect of immunization. In: Proceedings of the 16th Annual Computer Security Applications Conference, pp. 246–256 (2000)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Office of Computer Services, Kasetsart University, Chatuchak, Bangkok, 10900, Thailand

    Urupoj Kanlayasiri

  2. Department of Computer Engineering, Kasetsart University, Chatuchak, Bangkok, 10900, Thailand

    Surasak Sanguanpong

Authors
  1. Urupoj Kanlayasiri
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Surasak Sanguanpong
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Department of Computer Science, Yonsei University, Shinchon-Dong, 134, Seodaemun-gu, 120-749, Seoul, Korea

    Joo-Seok Song

  2. School of Computer Science and Engineering, Seoul National University,  

    Taekyoung Kwon

  3. Computer Science Department, Google Inc. and Columbia University, 1214 Amsterdam Avenue, 10027, New York, NY, USA

    Moti Yung

Rights and permissions

Reprints and permissions

Copyright information

© 2006 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Kanlayasiri, U., Sanguanpong, S. (2006). Key Factors Influencing Worm Infection in Enterprise Networks. In: Song, JS., Kwon, T., Yung, M. (eds) Information Security Applications. WISA 2005. Lecture Notes in Computer Science, vol 3786. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11604938_5

Download citation

  • DOI: https://doi.org/10.1007/11604938_5

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-31012-9

  • Online ISBN: 978-3-540-33153-7

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation