X Tutup
The Wayback Machine - https://web.archive.org/web/20230227061952/https://link.springer.com/chapter/10.1007/11604938_5
Skip to main content
Book cover

International Workshop on Information Security Applications

WISA 2005: Information Security Applications pp 54–67Cite as

Key Factors Influencing Worm Infection in Enterprise Networks

  • Conference paper

  • 820 Accesses

Part of the Lecture Notes in Computer Science book series (LNSC,volume 3786)

Abstract

Worms are a key vector of computer attacks that produce great damage of enterprise networks. Little is known about either the effect of host and network configuration factors influencing worm infection or the approach to predict the number of infected hosts. In this paper we present the results of real worm attacks to determine the factors influencing worm infection, and to propose the prediction model of worm damage. Significant factors are extracted from host and network configuration: openness, homogeneity, and trust. Based on these different factors, fuzzy decision is used to produce the accurate prediction of worm damage. The contribution of this work is to understand the effect of factors and the risk level of infection for preparing the protection, responsiveness, and containment to lessen the damage that may occur. Experimental results show that the selected parameters are strongly correlated with actual infection, and the proposed model produces accurate estimates.

Keywords

  • Root Mean Square Error
  • Membership Function
  • Infected Host
  • Damage Threshold
  • Fuzzy Decision

These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.

This is a preview of subscription content, access via your institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • DOI: 10.1007/11604938_5
  • Chapter length: 14 pages
  • Instant PDF download
  • Readable on all devices
  • Own it forever
  • Exclusive offer for individuals only
  • Tax calculation will be finalised during checkout
eBook
USD   84.99
Price excludes VAT (USA)
  • ISBN: 978-3-540-33153-7
  • Instant PDF download
  • Readable on all devices
  • Own it forever
  • Exclusive offer for individuals only
  • Tax calculation will be finalised during checkout
Softcover Book
USD   109.00
Price excludes VAT (USA)
Learn about institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Staniford, S., Paxon, V., Weaver, N.: How to 0wn the Internet in Your Spare Time. In: Proceedings of the 11th USENIX Security Symposium, pp. 149–167 (2002)

    Google Scholar 

  2. Moore, D., Shannon, C.: Code-Red: a Case Study on the Spread and Victims of an Internet Worm. In: Proceedings of the ACM SICGOMM Internet Measurement Workshop, pp. 273–284 (2002)

    Google Scholar 

  3. Moore, D., Shannon, C., Voelker, G., Savage, S.: Internet Quarantine: Requirements for Containing Self-Propagating Code. In: Proceedings of the IEEE INFOCOM Conference, pp. 1901–1910 (2003)

    Google Scholar 

  4. Moore, D., Paxon, V., Savage, S., Shannon, C., Staniford, S., Weaver, N.: The Spread of the Sapphire/Slammer Worm. In: CAIDA (2003)

    Google Scholar 

  5. CERT/CC Advisory: Nimda worm. CA-2001-26, CERT (2001)

    Google Scholar 

  6. CERT/CC Advisory: W32/Blaster worm. CA-2003-20, CERT (2003)

    Google Scholar 

  7. Jang, J.R.: Neuro-Fuzzy and Soft Computing. Prentice-Hall, Englewood Cliffs (1997)

    Google Scholar 

  8. Timothy, J.R.: Fuzzy Logic With Engineering Applications. McGRAW-HILL, Singapore (1997)

    Google Scholar 

  9. Kim, C.J.: An Algorithmic Approach for Fuzzy Inference. IEEE Transaction on Fuzzy Systems 5(4), 585–598 (1997)

    CrossRef  Google Scholar 

  10. Toth, T., Kruegel, C.: Connection-history Based Anomaly Detection. In: Proceedings of the IEEE Workshop on Information Assurance and Security, pp. 30–35 (2002)

    Google Scholar 

  11. Williamson, M.: Throttling Viruses: Restricting Propagation to Defeat Malicious Mobile Code. HP Laboratories Bristol, Report No. HPL-2002-172 (2002)

    Google Scholar 

  12. Cheung, S., Crawford, R., Dilger, M., Frank, J., Hoagland, J., Levitt, K., Rowe, J., Staniford Chen, S., Yip, R., Zerkle, D.: The Design of GrIDS: A Graph-Based Intrusion Detection System. Computer Science Dept., UC Davis, Report No. CSE-99-2 (1999)

    Google Scholar 

  13. Kephart, J.O., White, R.S.: Measuring and Modeling Computer Virus Prevalence. In: Proceedings of the IEEE Symposium on Security and Privacy, pp. 2–14 (1993)

    Google Scholar 

  14. Eustice, K., Kleinrock, L., Markstrum, S., Popek, G., Ramakrishna, V., Reiher, P.: Securing Nomads: The Case for Quarantine, Examination and Decontamination. In: Proceedings of the ACM New Security Paradigms Workshop, pp. 123–128 (2004)

    Google Scholar 

  15. Kephart, J.O., White, R.S.: Directed-graph Epidemiological Models of Computer Virus Prevalence. In: Proceedings of the IEEE Symposium on Security and Privacy, pp. 343–359 (1993)

    Google Scholar 

  16. Zou, C.C., Gong, W., Towsley, D.: Code Red Worm Propagation Modeling and Analysis. In: Proceedings of the ACM CCS 2002, pp. 138–147 (2002)

    Google Scholar 

  17. Chen, Z., Gao, L., Kwiat, K.: Modeling the Spread of Active Worms. In: Proceedings of the IEEE Symposium on Security and Privacy, pp. 1890–1900 (2003)

    Google Scholar 

  18. Ellis, D.: Worm Anatomy and Model. In: Proceedings of the ACM Worm 2003, pp. 42–50 (2003)

    Google Scholar 

  19. Kenzle, D.M., Elder, M.C.: Recent Worms: A Survey and Trends. In: Proceedings of the ACM Worm 2003, pp. 1–10 (2003)

    Google Scholar 

  20. Wegner, A., Dubendorfer, T., Plattner, B., Hiestand, R.: Experiences with Worm Propagation Simulations. In: Proceedings of the ACM Worm 2003, pp. 34–41 (2003)

    Google Scholar 

  21. Weaver, N., Paxson, V., Staniford, S., Cunningham, R.: A Taxonomy of Computer Worms. In: Proceedings of the ACM Worm 2003, pp. 11–18 (2003)

    Google Scholar 

  22. Wang, C., Knight, J., Elder, M.: On computer viral infection and the effect of immunization. In: Proceedings of the 16th Annual Computer Security Applications Conference, pp. 246–256 (2000)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Office of Computer Services, Kasetsart University, Chatuchak, Bangkok, 10900, Thailand

    Urupoj Kanlayasiri

  2. Department of Computer Engineering, Kasetsart University, Chatuchak, Bangkok, 10900, Thailand

    Surasak Sanguanpong

Authors
  1. Urupoj Kanlayasiri
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Surasak Sanguanpong
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Department of Computer Science, Yonsei University, Shinchon-Dong, 134, Seodaemun-gu, 120-749, Seoul, Korea

    Joo-Seok Song

  2. School of Computer Science and Engineering, Seoul National University,  

    Taekyoung Kwon

  3. Computer Science Department, Google Inc. and Columbia University, 1214 Amsterdam Avenue, 10027, New York, NY, USA

    Moti Yung

Rights and permissions

Reprints and Permissions

Copyright information

© 2006 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Kanlayasiri, U., Sanguanpong, S. (2006). Key Factors Influencing Worm Infection in Enterprise Networks. In: Song, JS., Kwon, T., Yung, M. (eds) Information Security Applications. WISA 2005. Lecture Notes in Computer Science, vol 3786. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11604938_5

Download citation

  • DOI: https://doi.org/10.1007/11604938_5

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-31012-9

  • Online ISBN: 978-3-540-33153-7

  • eBook Packages: Computer ScienceComputer Science (R0)

X Tutup