Abstract
Worms are a key vector of computer attacks that produce great damage of enterprise networks. Little is known about either the effect of host and network configuration factors influencing worm infection or the approach to predict the number of infected hosts. In this paper we present the results of real worm attacks to determine the factors influencing worm infection, and to propose the prediction model of worm damage. Significant factors are extracted from host and network configuration: openness, homogeneity, and trust. Based on these different factors, fuzzy decision is used to produce the accurate prediction of worm damage. The contribution of this work is to understand the effect of factors and the risk level of infection for preparing the protection, responsiveness, and containment to lessen the damage that may occur. Experimental results show that the selected parameters are strongly correlated with actual infection, and the proposed model produces accurate estimates.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Staniford, S., Paxon, V., Weaver, N.: How to 0wn the Internet in Your Spare Time. In: Proceedings of the 11th USENIX Security Symposium, pp. 149–167 (2002)
Moore, D., Shannon, C.: Code-Red: a Case Study on the Spread and Victims of an Internet Worm. In: Proceedings of the ACM SICGOMM Internet Measurement Workshop, pp. 273–284 (2002)
Moore, D., Shannon, C., Voelker, G., Savage, S.: Internet Quarantine: Requirements for Containing Self-Propagating Code. In: Proceedings of the IEEE INFOCOM Conference, pp. 1901–1910 (2003)
Moore, D., Paxon, V., Savage, S., Shannon, C., Staniford, S., Weaver, N.: The Spread of the Sapphire/Slammer Worm. In: CAIDA (2003)
CERT/CC Advisory: Nimda worm. CA-2001-26, CERT (2001)
CERT/CC Advisory: W32/Blaster worm. CA-2003-20, CERT (2003)
Jang, J.R.: Neuro-Fuzzy and Soft Computing. Prentice-Hall, Englewood Cliffs (1997)
Timothy, J.R.: Fuzzy Logic With Engineering Applications. McGRAW-HILL, Singapore (1997)
Kim, C.J.: An Algorithmic Approach for Fuzzy Inference. IEEE Transaction on Fuzzy Systems 5(4), 585–598 (1997)
Toth, T., Kruegel, C.: Connection-history Based Anomaly Detection. In: Proceedings of the IEEE Workshop on Information Assurance and Security, pp. 30–35 (2002)
Williamson, M.: Throttling Viruses: Restricting Propagation to Defeat Malicious Mobile Code. HP Laboratories Bristol, Report No. HPL-2002-172 (2002)
Cheung, S., Crawford, R., Dilger, M., Frank, J., Hoagland, J., Levitt, K., Rowe, J., Staniford Chen, S., Yip, R., Zerkle, D.: The Design of GrIDS: A Graph-Based Intrusion Detection System. Computer Science Dept., UC Davis, Report No. CSE-99-2 (1999)
Kephart, J.O., White, R.S.: Measuring and Modeling Computer Virus Prevalence. In: Proceedings of the IEEE Symposium on Security and Privacy, pp. 2–14 (1993)
Eustice, K., Kleinrock, L., Markstrum, S., Popek, G., Ramakrishna, V., Reiher, P.: Securing Nomads: The Case for Quarantine, Examination and Decontamination. In: Proceedings of the ACM New Security Paradigms Workshop, pp. 123–128 (2004)
Kephart, J.O., White, R.S.: Directed-graph Epidemiological Models of Computer Virus Prevalence. In: Proceedings of the IEEE Symposium on Security and Privacy, pp. 343–359 (1993)
Zou, C.C., Gong, W., Towsley, D.: Code Red Worm Propagation Modeling and Analysis. In: Proceedings of the ACM CCS 2002, pp. 138–147 (2002)
Chen, Z., Gao, L., Kwiat, K.: Modeling the Spread of Active Worms. In: Proceedings of the IEEE Symposium on Security and Privacy, pp. 1890–1900 (2003)
Ellis, D.: Worm Anatomy and Model. In: Proceedings of the ACM Worm 2003, pp. 42–50 (2003)
Kenzle, D.M., Elder, M.C.: Recent Worms: A Survey and Trends. In: Proceedings of the ACM Worm 2003, pp. 1–10 (2003)
Wegner, A., Dubendorfer, T., Plattner, B., Hiestand, R.: Experiences with Worm Propagation Simulations. In: Proceedings of the ACM Worm 2003, pp. 34–41 (2003)
Weaver, N., Paxson, V., Staniford, S., Cunningham, R.: A Taxonomy of Computer Worms. In: Proceedings of the ACM Worm 2003, pp. 11–18 (2003)
Wang, C., Knight, J., Elder, M.: On computer viral infection and the effect of immunization. In: Proceedings of the 16th Annual Computer Security Applications Conference, pp. 246–256 (2000)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2006 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Kanlayasiri, U., Sanguanpong, S. (2006). Key Factors Influencing Worm Infection in Enterprise Networks. In: Song, JS., Kwon, T., Yung, M. (eds) Information Security Applications. WISA 2005. Lecture Notes in Computer Science, vol 3786. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11604938_5
Download citation
DOI: https://doi.org/10.1007/11604938_5
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-31012-9
Online ISBN: 978-3-540-33153-7
eBook Packages: Computer ScienceComputer Science (R0)