| Computer worms are automatically self-replicating malicious codes which do not require user action to propagate through a network. Worm modeling helps us to better understand the propagation of worms through a network. In this dissertation, solutions for three research problems in modeling computer worm propagation are presented. In addition, we propose a detection and defense system against unknown worm attacks.;First, in computer worms, combined network security measures are vital to defend against computer worm attacks. Since previous research did not take this issue into consideration, a new worm model called the Passive benign Worm with Dynamic Quarantine defense (PWDQ) is proposed. The PWDQ departs from previous models in that infected hosts will be recovered either by passive benign worms or quarantine measures. Computer simulations show that the performance of the proposed model is significantly better than existing models in terms of decreasing the number of infectious hosts and reducing the speed of worm propagation.;Second, traditional epidemic worm modeling does not take into consideration the real network topology. Based on a comparison between biological human immunity and network security countermeasures, a novel but realistic model is developed by splitting the network into two parts, the highly immune part of the network (HIN), and the partially immune part of the network (PIN). Then, the model effectiveness is evaluated by implementing network defense measurements adopted from the human immune system.;Finally, based on the SEIR (susceptible, exposed, infectious, recovered) biological model, the new VEISV (vulnerable, exposed, infectious, secured, vulnerable) worm model is proposed. The derivation of the reproduction rate shows a worm-free equilibrium global stability and unique worm epidemic equilibrium local stability. Furthermore, simulation results show the positive impact of increasing security countermeasures in the V-state, and the equilibrium points. |
