Abstract | ||
---|---|---|
This paper examines the general behaviour of stealthy worms. In particular, we focus on worms that are designed based on network awareness. We study the case where a worm, instead of aiming to spread as fast as possible and penetrate Intrustion Detection Systems (IDS), aims to avoid IDS and spread with the minimum number of detections. We compare different scanning strategies for this worm, including different combinations of hitlist and random scanning, and how they affect the number of infections and the rate of detected infection attempts. We compare the network-aware worm's behavior to that of the Code Red II worm. Simulations show that scanning worms can generate many fewer detections using localized scanning while maintaining its capability to infect. |
Year | DOI | Venue |
---|---|---|
2009 | 10.1109/ICC.2009.5198577 | Dresden |
Keywords | Field | DocType |
invasive software,Code Red II worm,intrusion detection systems,network awareness,network-aware stealthy worms | Computer security,Computer science,Network aware,Computer network,Network awareness,Cluster analysis,Intrusion detection system,Grippers | Conference |
ISSN | ISBN | Citations |
1938-1883 E-ISBN : 978-1-4244-3435-0 | 978-1-4244-3435-0 | 0 |
PageRank | References | Authors |
0.34 | 10 | 2 |
Name | Order | Citations | PageRank |
---|---|---|---|
Craig Smith | 1 | 0 | 0.34 |
Ashraf Matrawy | 2 | 146 | 26.98 |