Inderscience PublishersInderscience PublishersInderscience Publishers About Inderscience Contact Information Current Site Map General Help
  PUBLISHERS OF DISTINGUISHED ACADEMIC, SCIENTIFIC AND PROFESSIONAL JOURNALS
For readers
Subscription information
Order articles
Sample journals
Latest issues
Books
Published proceedings
For authors
Submission of papers
Notes for authors
Calls for papers
Services
Search
Newsletter
Blog
TOC alerts
RSS feeds
Twitter
OAI repository
Library form
Register with Inderscience
Feedback
Noticeboard
New journals
Conference announcements

The full text of this article:

Optimal worm-scanning method using vulnerable-host distributions
by Zesheng Chen, Chuanyi Ji
International Journal of Security and Networks (IJSN), Vol. 2, No. 1/2, 2007
Abstract: Most internet worms use random scanning. The distribution of vulnerable hosts on the internet, however, is highly non-uniform over the IP-address space. This implies that random scanning wastes many scans on invulnerable addresses and more virulent scanning schemes may take advantage of the non-uniformity of a vulnerable-host distribution. Questions then arise as to how attackers may exploit such information and how virulent the resulting worm may be. These issues provide 'worst-case scenarios'for defenders and 'best-case scenarios'for attackers when the vulnerable-host distribution is available. This work develops such a scenario, called importance scanning, which results from importance sampling in statistics. Importance scanning scans the IP-address space according to an empirical distribution of vulnerable hosts. An analytical model is developed to relate the infection rate of worms with the Importance-Scanning (IS) strategies. Based on parameters chosen from Witty and Code Red worms, the experimental results show that an IS worm can spread much faster than either a random-scanning worm or a routing worm. In addition, a game-theoretical approach suggests that the best strategy for defenders is to scatter applications uniformly in the entire IP-address space.

is only available to individual subscribers or to users at subscribing institutions.

ATTENTION SUBSCRIBERS:
Please re-direct your browser by clicking on this Inderscience Online Journals link, to access the full-text of this article.

Pay per view: If you are not a Subscriber and you just want to read the full contents of this article, please click here to purchase online access to the full-text of this article. Please allow 3 days + mailing time. Current price for article is Thirty Euros (€30)

Complimentary Subscribers, Editors or Members of the Editorial Board of the International Journal of Security and Networks (IJSN) journal, that have been redirected here, please check if you have a registered username/password subscription with Inderscience. If that is the case, please Login:

    Username:        Password:         Forgotten your Password?

If you are not yet a Subscriber to International Journal of Security and Networks (IJSN) journal, you can subscribe by following a few simple and quick steps. A subscription will give you complete access to all articles in the current issue, as well as to all articles in the previous three years, where applicable. Click here to subscribe.

Should you experience further difficulties or have any enquiries, please email subs@inderscience.com


 
Copyright © 2004-2009 Inderscience Enterprises Limited. All rights reserved.