Overall-Transparent Dynamic Identifier-Mapping Mechanism Against Scanning and Worm Propagation in the SINET

Static assignment of IP addresses or identifiers can be exploited by an adversary to attack a network. However, existing dynamic IP address assignment approaches suffer from two limitations, namely: participation of terminals in the assignment and inadequate network server management. Thus, in this paper, we propose an Overall-transparent Dynamic Identifier-mapping Mechanism(ODIM) to manage the identifier of network nodes to defend against scanning and worm propagation in the Smart Identifier NETwork(SINET). We establish the selection and allocation constraints, and present selection and allocation algorithms to determine the constraints. The non-repetition probability and cover cycle allow us to evaluate the defense efficiency against scanning. We propose the probability for routing identifiers and derive the defense efficiency of ODIM against worm propagation. Simulation results and theoretical analysis show that the proposed method effectively reduces the detection probability of Routing IDentifiers(RIDs) and thus improves defense capabilities against worm propagation.

Modeling and analysis of Internet worm propagation

Although the frequency of Internet worm＇s outbreak is decreased during the past ten years, the impact of worm on people＇s privacy security and enterprise＇s efficiency is still a severe problem, especially the emergence of botnet. It is urgent to do more research about worm＇s propagation model and security defense. The well-known worm models, such as simple epidemic model （SEM） and two-factor model （TFM）, take all the computers on the internet as the same, which is not accurate because of the existence of network address translation （NAT）. In this paper, we first analyze the worm＇s functional structure, and then we propose a three layer worm model named three layres worm model （TLWM）, which is an extension of SEM and TFM under NAT environment. We model the TLWM by using deterministic method as it is used in the TFM. The simulation results show that the number of NAT used on the Internet has effects on worm propagation, and the more the NAT used, the slower the worm spreads. So, the extensive use of NAT on the Internet can restrain the worm spread to some extent.

Proactive worm propagation modeling and analysis in unstructured peer-to-peer networks

It is universally acknowledged by network security experts that proactive peer-to-peer (P2P) worms may soon en-gender serious threats to the Internet infrastructures. These latent threats stimulate activities of modeling and analysis of the proactive P2P worm propagation. Based on the classical two-factor model,in this paper,we propose a novel proactive worm propagation model in unstructured P2P networks (called the four-factor model) by considering four factors:(1) network topology,(2) countermeasures taken by Internet service providers (ISPs) and users,(3) configuration diversity of nodes in the P2P network,and (4) attack and defense strategies. Simulations and experiments show that proactive P2P worms can be slowed down by two ways:improvement of the configuration diversity of the P2P network and using powerful rules to reinforce the most connected nodes from being compromised. The four-factor model provides a better description and prediction of the proactive P2P worm propagation.

Modeling and analyzing of the interaction between worms and antiworms during network worm propagation

Interaction of antiworms with a worm population of e.g. hosts of worm infected and hosts of antiworm infected must be considered as a dynamic process. This study is an attempt for the first time to understand how introduction of antiworm affects the dynamic of network worm propagation. In this paper, we create a mathematical model (SIAR model) using ordinary differential equations to describe the interaction of worms and antiworms. Although idealized, the model demonstrates how the combination of a few proposed nonlinear interaction rules between antiworms and worms is able to generate a considerable variety of different kinds of responses. Taking the Blaster and Nachi worms as an example, we give a brief analysis for designing a practical antiworm system. To the best of our knowledge, there is no model for the spread of an antiworm that employs the passive scan and the finite lifetime and we believe that this is the first attempt on understanding the interaction between worms and antiworms.

Simulating Greedy Propagation of P2P Worms

Greedy propagation policy for unstructured P2P worms employs the neighboring node list of each node in peer-to-peer （P2P） network to speed up the propagation of P2P worms. After describing the technique background of P2P worms, the algorithm of greedy propagation is addressed. Simulating design for this novel propagation policy is also described. Then, the effects of the greedy propagation policy on spreading speed, convergence speed, and attacking traffic in static P2P worms are simulated and discussed. The primary experimental results show that the greedy propagation is harmful and can bring severe damages to P2P network.

Modeling of Malicious Code Propagations in Internet of Things

Nowadays, the main communication object of Internet is human-human. But it is foreseeable that in the near future any object will have a unique identification and can be addressed and con- nected. The Internet will expand to the Internet of Things. IPv6 is the cornerstone of the Internet of Things. In this paper, we investigate a fast active worm, referred to as topological worm, which can propagate twice to more than three times faster tl^an a traditional scan-based worm. Topological worm spreads over AS-level network topology, making traditional epidemic models invalid for modeling the propagation of it. For this reason, we study topological worm propagation relying on simulations. First, we propose a new complex weighted network mod- el, which represents the real IPv6 AS-level network topology. And then, a new worm propagation model based on the weighted network model is constructed, which descries the topological worm propagation over AS-level network topology. The simulation results verify the topological worm model and demonstrate the effect of parameters on the propagation.

Novel IOV worm model and its corresponding hybrid anti-worm strategy in expressway interchange terminal

In order to take precaution and cure against intemet of vehicles （IOV） worm propagation in expressway, the IOV worm propagation and its corresponding anti-worm strategy were studied in expressway interchange terminal. According to omnirange driving in expressway interchange terminal and vehicular mobile communication environment, an IOV worm propagation model is constructed; and then according to the dynamic propagation law and destructiveness of IOV worm in this environment, a novel hybrid anti-worm strategy for confrontation is designed. This worm propagation model can factually simulates the IOV worm propagation in this interchange terminal environment; and this hybrid anti-worm strategy can effectively control IOV worm propagation in the environment, moreover, it can reduce the influence on network resource overhead.

An Immunization Strategy for Social Network Worms Based on Network Vertex Influence

Along with the rapid development of social networks, social network worms have constituted one of the major internet security problems. The root of worm is the inevitable software vulnerability during the design and implementation process of software. So it is hard to completely avoid worms in the existing software engineering systems. Due to lots of bandwidth consumption, the patch cannot be transmitted simultaneously by the network administrator to all hosts. This paper studies how to prevent the propagation of social network worms through the immunization of key nodes. Unlike existing containment models for worm propagation, a novel immunization strategy is proposed based on network vertex influence. The strategy selects the critical vertices in the whole network. Then the immunization is applied on the selected vertices to achieve the maximal effect of worm containment with minimal cost. Different algorithms are implemented to select vertices. Simulation experiments are presented to analyze and evaluate the performance of different algorithms.

Research and Development of P2P Worms

With the development and the application of many popular peer-to-peer （P2P） systems such as eMule and BitTorrent, worms probably employ the features of these P2P networks to put them at risk. Some features, such as the local routing table and the application routing mechanism, are helpful to quickly distribute the P2P worms into the networks. This paper aims to give a comprehensive survey of P2P worms. The definition and the classification of P2P worms are discussed firstly. Then, the research and development of P2P worms, including experimental analysis, propagation modeling, and defensive approaches, are addressed and analyzed in detail.

Internet worm early detection and response mechanism

In recent years, fast spreading worm has become one of the major threats to the security of the Internet and has an increasingly fierce tendency. In view of the insufficiency that based on Kalman filter worm detection algorithm is sensitive to interval, this article presents a new data collection plan and an improved worm early detection method which has some deferent intervals according to the epidemic worm propagation model, then proposes a worm response mechanism for slowing the wide and fast worm propagation effectively. Simulation results show that our methods are able to detect worms accurately and early.