On the race of worms, alerts, and patches

Subscribe (Full Service)


	Search: The ACM Digital Library The Guide

	Feedback

On the race of worms, alerts, and patches

Full text

Pdf (924 KB)

Source

IEEE/ACM Transactions on Networking (TON) archive
Volume 16 , Issue 5 (October 2008) table of contents

Pages 1066-1079

Year of Publication: 2008

ISSN:1063-6692

Authors

Milan Vojnovic	Microsoft Research Ltd., Cambridge, UK
Ayalvadi J. Ganesh	Microsoft Research Ltd., Cambridge, UK

Publisher

IEEE Press Piscataway, NJ, USA

Bibliometrics

Downloads (6 Weeks): 9, Downloads (12 Months): 52, Citation Count: 2

Additional Information:

abstract references cited by index terms collaborative colleagues

Tools and Actions:	Request Permissions Review this Article Save this Article to a Binder Display Formats: BibTeX EndNote ACM Ref

DOI Bookmark:	10.1109/TNET.2007.909678

ABSTRACT

We provide an analytical framework for evaluating the performance of automatic patching systems. We use it to quantify the speed of patch or alert dissemination required for worm containment. Motivated by scalability and trust issues, we consider a hierarchical system where network hosts are organized into subnets, each containing a patch server (termed superhost). Patches are disseminated to superhosts through an overlay connecting them and, after verification, to end hosts within subnets. The analytical framework accommodates a variety of overlays through the novel abstraction of a minimum broadcast curve. It also accommodates filtering of scans across subnets. The framework provides quantitative estimates that can guide system designers in dimensioning automatic patching systems. The results are obtained mathematically and verified by simulation.

REFERENCES

Note: OCR errors may be found in this Reference List extracted from the full text article. ACM has opted to expose the complete List rather than only correct and linked references.

	1	M. Vojnovic and A. Ganesh, "On the Race of Worms, Alerts, and Patches," Microsoft Research, Tech. Rep. TR-2005-13, Feb. 2005.
	2	M. Castro, P. Druschel, M. Jones, A.-M. Kermarrec, A. Rowstron, and M. Theimer, SimPastry Version 1.1. 2002 [Online]. Available: http:// www.research.microsoft.com/~antr/pastry/download.htm
	3	Manuel Costa , Jon Crowcroft , Miguel Castro , Antony Rowstron , Lidong Zhou , Lintao Zhang , Paul Barham, Vigilante: end-to-end containment of internet worms, Proceedings of the twentieth ACM symposium on Operating systems principles, October 23-26, 2005, Brighton, United Kingdom
	4	Christos Gkantsidis , Thomas Karagiannis , Milan VojnoviC, Planet scale software updates, Proceedings of the 2006 conference on Applications, technologies, architectures, and protocols for computer communications, September 11-15, 2006, Pisa, Italy
	5	Witty worm. 2005 [Online]. Available: http://www.caida.org/analysis/ security/witty
	6	G. Kesidis, I. Hamadeh, and S. Jiwasurat, "Coupled Kermack-McKendrick model for randomly scanning worms and bandwidth-staturating internet worms," in Proc. QoS-IP, Feb. 2005.
	7	David Moore , Vern Paxson , Stefan Savage , Colleen Shannon , Stuart Staniford , Nicholas Weaver, Inside the Slammer Worm, IEEE Security and Privacy, v.1 n.4, p.33-39, July 2003 [doi>10.1109/MSECP.2003.1219056]
	8	D. Moore, C. Shannon, G. M. Voelker, and S. Savage, "Internet quarantine: Requirements for containing self-propagating code," in IEEE INFOCOM 2003, San Francisco, CA, Mar. 2003.
	9	Sylvia Ratnasamy , Paul Francis , Mark Handley , Richard Karp , Scott Schenker, A scalable content-addressable network, Proceedings of the 2001 conference on Applications, technologies, architectures, and protocols for computer communications, p.161-172, August 2001, San Diego, California, United States
	10	Antony I. T. Rowstron , Peter Druschel, Pastry: Scalable, Decentralized Object Location, and Routing for Large-Scale Peer-to-Peer Systems, Proceedings of the IFIP/ACM International Conference on Distributed Systems Platforms Heidelberg, p.329-350, November 12-16, 2001
	11	N. Weaver, S. Staniford, and V. Paxson, "How to own the Internet in your spare time," in IEEE Security & Privacy, 2004.
	12	A. Shwartz and A. Weiss, Large Deviations for Performance Analysis . London: Chapman & Hall, 1995.
	13	Stelios Sidiroglou , Angelos D. Keromytis, Countering Network Worms Through Automatic Patch Generation, IEEE Security and Privacy, v.3 n.6, p.41-49, November 2005 [doi>08AEE859-E2A6-45B4-90A7-B480D9D7E2B2]
	14	S. Staniford, "Containment of scanning worms in enterprise networks," IEEE Comput. Security Privacy, vol. 3, no. 6, pp. 41-49, Nov./Dec. 2005.
	15	Ion Stoica , Robert Morris , David Liben-Nowell , David R. Karger , M. Frans Kaashoek , Frank Dabek , Hari Balakrishnan, Chord: a scalable peer-to-peer lookup protocol for internet applications, IEEE/ACM Transactions on Networking (TON), v.11 n.1, p.17-32, February 2003 [doi>10.1109/TNET.2002.808407]
	16	Matthew M. Williamson, Throttling Viruses: Restricting propagation to defeat malicious mobile code, Proceedings of the 18th Annual Computer Security Applications Conference, p.61, December 09-13, 2002
	17	Cynthia Wong , Chenxi Wang , Dawn Song , Stan Bielski , Gregory R. Ganger, Dynamic Quarantine of Internet Worms, Proceedings of the 2004 International Conference on Dependable Systems and Networks, p.73, June 28-July 01, 2004
	18	E. Zegura and S. Bhattacharjee, "How to model an internetwork," in IEEE INFOCOM'96, San Francisco, CA, 1996.

CITED BY 2

	Zesheng Chen , Chao Chen , Yubin Li, Deriving a closed-form expression for worm-scanning strategies, International Journal of Security and Networks, v.4 n.3, p.135-144, July 2009
	Zesheng Chen , Chuanyi Ji, An information-theoretic view of network-aware malware attacks, IEEE Transactions on Information Forensics and Security, v.4 n.3, p.530-541, September 2009