Modeling The Propagation And Defense Study Of Internet Worms

In recent years, Internet worms pose critical security threats to the Internet. In the real world, although scientists have spared no effort to protect Internet users from detriments caused by various worms, unfortunately, there are no effective ways to eliminate and eradicate worms on the Internet. In order to counter worms, current research focuses on modeling the propagation dynamics, and then, on the basis of it, investigates methods which may possibly suppress their spreading speed and prevalence. In this field, it is mandatory to guarantee the accuracy of the proposed model before the derived countermeasures being convincible. However, according to our investigation, previous works is not accurate and cannot present the spreading of worms.In order to address the problems in this field, this thesis proposes propagation models for various worms. In fact, existing worms in the Internet can be categorized into scanning-based worms and topology-based worms. Firstly, for those scanning-based worms, previous models generally adopt defferential equations to present the propagation. However, differential equations cannot reflect the impacts on the propagation procedure from the information like degrees of nodes and geographical positions. In this thesis, we introduce metrix to represent the topology, and adopt the iteration between matrix and vector to simulate the spreading procedure. The structure of vectors can help accurately present the impacts from various factors in the real world, and the iteration of matrixes refects the detailed information in the propagation. Therefore, our proposed model for scanning-based worms is more accurate than previous models based on differential equations.Secondly, the propagation of topology-based worms is highly related to the structure of topologies. According to the experiments, we find traditional differential equations may introduce great errors to the modeling. In order to precisely model the propagation of topology-based worms, this thesis introduces a group of difference equations to present the spreading dynamics. As two examples, worm spreading in social networks and email networks belongs to topology-based worms. In this thesis, we mainly focus on modeling the propagation of these two types of topology-based worms. On one hand, previous models generally assume the states of nodes in social networks are independent. According to the analysis in this thesis, we find this assumption may cause great errors in the modeling as there are lots of spreading cycles formed in the topology. In order to solve this problem, this thesis proposes a SII model. By eliminating the the propagation cycles in the modeling, the SII model achieves better accuracy. On the other hand, previous models of topology-based worms mainly are based on the "nonreinfection" spreading mechanism. However, modern email worms spread by the "reinfection" and "self-start" mechanisms. As a result, previous models dramatically underestimate the scale and speed of the propagation of modern email worms. By introducing virtual nodes to present the repetitious spreading process, the proposed SII model solves the problem. The experiments show that the SII model significantly outperforms previous models.Additionally, in the real world, it is almost impossible to monitor all the users in the Internet. Moreover, it is almost infeasible to character a new worm in the wild before this worm breaks out. Based on the proposed propagation model, this thesis further examines1) where to defend worm;2) when to defend worm;3) how many users should be monitored to prevent the propagation of worms. The traditional viewpoint considers the optimized positions for defense are at the nodes with maximal degrees. However, according to our analysis, this viewpoint may be always the truth. Through mathematical analysis, this thesis concludes the prior positions for defense should be at the nodes with maximal values of betweenness. Furthermore, this thesis concludes that the propagation of worms can be greatly suppressed by monitoring20%Internet users.All in all, the research presented in this thesis can help scientists and security engineers characterize the propagation dynamics of worms, and benefit the development of countermeasures to suppress their spreading speed and prevalence.