Geometry-based Detection of Flash Worms

While it takes traditional internet worms hours to infect all the vulnerable hosts on the Internet, a flash worm takes seconds. Because of the rapid rate with which flash worms spread, the existing worm defense mechanisms cannot respond fast enough to detect and stop the flash worm infections. In this project, we propose a geometric-based detection mechanism that can detect the spread of flash worms in a short period of time. We tested the mechanism on various simulated flash worm traffics consisting of more than 10,000 nodes. In addition to testing on flash worm traffics, we also tested the mechanism on non-flash worm traffics to see if our detection mechanism produces false alarms. In order to efficiently analyze bulks of various network traffics, we implemented an application that can be used to convert the network traffic data into graphical notations. Using the application, the analysis can be done graphically as it displays the large amount of network relationships as tree structures

Malware "Ecology" Viewed as Ecological Succession: Historical Trends and Future Prospects

The development and evolution of malware including computer viruses, worms, and trojan horses, is shown to be closely analogous to the process of community succession long recognized in ecology. In particular, both changes in the overall environment by external disturbances, as well as, feedback effects from malware competition and antivirus coevolution have driven community succession and the development of different types of malware with varying modes of transmission and adaptability.Comment: 13 pages, 3 figure

Evolution and Detection of Polymorphic and Metamorphic Malwares: A Survey

Malwares are big threat to digital world and evolving with high complexity. It can penetrate networks, steal confidential information from computers, bring down servers and can cripple infrastructures etc. To combat the threat/attacks from the malwares, anti- malwares have been developed. The existing anti-malwares are mostly based on the assumption that the malware structure does not changes appreciably. But the recent advancement in second generation malwares can create variants and hence posed a challenge to anti-malwares developers. To combat the threat/attacks from the second generation malwares with low false alarm we present our survey on malwares and its detection techniques.Comment: 5 Page

Comparative performance of a parallel implementation of an internet-scale zero-day worm epidemiology simulator

The threat posed by fast-spreading malware is significant, particularly given the fact that network operator/administrator intervention is not likely to take effect within the typical epidemiological timescale of such infections. The cost of zero-day network worm outbreaks has been estimated to be up to US $2.6 billion for a single worm outbreak. Zero-day network worm outbreaks have been observed that spread at a significant pace across the global Internet, with an observed rate of reaching more than 90 percent of vulnerable hosts within 10 minutes. An accepted technology that is used in addressing the security threat presented by zero-day worms is the use of simulation systems, and a common factor determining their efficacy is their performance. An empirical comparison of a sequential and parallel implementation of a novel simulator, the Internet Worm Simulator (IWS), is presented detailing the impact of a selection of parameters on its performance. Experimentation demonstrates that IWS has the capability to simulate up to 91.8 million packets transmitted per second (PTS) for an IPv4 address space simulation on a single workstation computer, comparing favourably to previously reported metrics. It is concluded that in addition to comparing PTS performance, simulation requirements should be taken into consideration when assessing the performance of such simulators

The Dynamics of Internet Traffic: Self-Similarity, Self-Organization, and Complex Phenomena

The Internet is the most complex system ever created in human history. Therefore, its dynamics and traffic unsurprisingly take on a rich variety of complex dynamics, self-organization, and other phenomena that have been researched for years. This paper is a review of the complex dynamics of Internet traffic. Departing from normal treatises, we will take a view from both the network engineering and physics perspectives showing the strengths and weaknesses as well as insights of both. In addition, many less covered phenomena such as traffic oscillations, large-scale effects of worm traffic, and comparisons of the Internet and biological models will be covered.Comment: 63 pages, 7 figures, 7 tables, submitted to Advances in Complex System