worm blog

« Semi-Supervised Learning on Email Characteristics for Novel Worm Detection | Main | Two Items: MySpace Worm Redux and Wikipedia's Timeline »

Can a Network be Protected from Single-Packet Warhol Worms?

Can a network be protected from single-packet Warhol worms? This paper generates and simulates random network environments to answer that question. The research assumes a perfect detection algorithm and varies the time required to perform the identification. Perfect detection alone is not sufficient; it must also be swift in recognizing threats as some cases presented here show that perfect detection offers no noticeable protection. The impact of other network factors on worm propagation and prevention are investigated as well, including: router participation in the prevention scheme, the percentage of routers involved in the traffic passing, and the ability for participating routers to communicate. The results are promising: realistic simulations without communication can protect over 50% of the network. The addition of communication increases that protection to over 80%. The key result is that emerging identification technologies such as LeBrea can be leveraged into viable automated network protection systems against single-packet worms.

October 24, 2005 in defense, modeling, papers, SQLSlammer, witty | Permalink
Tell others: digg submit | del.icio.us this | Reddit

Comments

D'uh. Just reading the abstract.

Universally deployed scan contaimnet can work very well as long as you are below the epidemic threshhold. Scan containment can detect single packet scannign worms without a problem.

And its NOT a warhol worm. Its a single packet, bandwidth limited scanning worm.

Posted by: Nicholas Weaver | Oct 26, 2005 12:15:18 PM

The comments to this entry are closed.