Worm Epidemics in Wireless Adhoc Networks

A dramatic increase in the number of computing devices with wireless communication capability has resulted in the emergence of a new class of computer worms which specifically target such devices. The most striking feature of these worms is that they do not require Internet connectivity for their propagation but can spread directly from device to device using a short-range radio communication technology, such as WiFi or Bluetooth. In this paper, we develop a new model for epidemic spreading of these worms and investigate their spreading in wireless ad hoc networks via extensive Monte Carlo simulations. Our studies show that the threshold behaviour and dynamics of worm epidemics in these networks are greatly affected by a combination of spatial and temporal correlations which characterize these networks, and are significantly different from the previously studied epidemics in the Internet

Geometry-based Detection of Flash Worms

While it takes traditional internet worms hours to infect all the vulnerable hosts on the Internet, a flash worm takes seconds. Because of the rapid rate with which flash worms spread, the existing worm defense mechanisms cannot respond fast enough to detect and stop the flash worm infections. In this project, we propose a geometric-based detection mechanism that can detect the spread of flash worms in a short period of time. We tested the mechanism on various simulated flash worm traffics consisting of more than 10,000 nodes. In addition to testing on flash worm traffics, we also tested the mechanism on non-flash worm traffics to see if our detection mechanism produces false alarms. In order to efficiently analyze bulks of various network traffics, we implemented an application that can be used to convert the network traffic data into graphical notations. Using the application, the analysis can be done graphically as it displays the large amount of network relationships as tree structures

Mathematical Modeling of worm infection on computer in a Network: Case study in the Computer Laboratory, Mathematics Department, Diponegoro University, Indonesia

Worm infection were an infection that attack a computer, it work by multiplied itself after got into a computer and made it over work and caused a computer to slowing down. Worm spreading infection describe by nonlinear mathematic model form with VEISV (Vulnerable, Exposed, Infected, Secured) as the model. Worm free equilibrium and endemic equilibrium were calculated to obtain the stability analysis, and numeric solution were performed using data from Computer Laboratory, Mathematics Department of Faculty of Sciences and Mathematics, Diponegoro University using Runge-Kutta fourth-order method. From the result of stability analysis we obtained that worm free equilibrium were not stable and endemic equilibrium were locally asymptotically stable, and from the result of numeric solution every class proportion from model were obtained

Ultra-high throughput string matching for deep packet inspection

Deep Packet Inspection (DPI) involves searching a packet's header and payload against thousands of rules to detect possible attacks. The increase in Internet usage and growing number of attacks which must be searched for has meant hardware acceleration has become essential in the prevention of DPI becoming a bottleneck to a network if used on an edge or core router. In this paper we present a new multi-pattern matching algorithm which can search for the fixed strings contained within these rules at a guaranteed rate of one character per cycle independent of the number of strings or their length. Our algorithm is based on the Aho-Corasick string matching algorithm with our modifications resulting in a memory reduction of over 98% on the strings tested from the Snort ruleset. This allows the search structures needed for matching thousands of strings to be small enough to fit in the on-chip memory of an FPGA. Combined with a simple architecture for hardware, this leads to high throughput and low power consumption. Our hardware implementation uses multiple string matching engines working in parallel to search through packets. It can achieve a throughput of over 40 Gbps (OC-768) when implemented on a Stratix 3 FPGA and over 10 Gbps (OC-192) when implemented on the lower power Cyclone 3 FPGA