Understanding Divide-Conquer-Scanning Worms

• Published in: 2008 IEEE International Performance, Computing and Communications Conference pp. 51 - 58
• Main Authors: Yubin Li, Zesheng Chen, Chao Chen
• Format: Conference Proceeding
• Language: English
• Published: IEEE 01.12.2008
• Subjects: Analytical models; Chaos; Computer security; Computer worms; Electronic mail; Internet; Mathematical analysis; Partitioning algorithms; Probes; Space exploration
• ISBN: 1424433681; 9781424433681
• ISSN: 1097-2641
• DOI: 10.1109/PCCC.2008.4745139

Internet worms have been a significant security threat. Divide-conquer scanning is a simple yet effective technique that can potentially be exploited by future Internet epidemics. Therefore, it is imperative that defenders understand the characteristics of divide-conquer-scanning worms and study the countermeasures. In this work, we first provide the intuitions that a divide-conquer-scanning worm can potentially spread faster and stealthier than a traditional random-scanning worm. We then characterize the relationships between the propagation speeds of divide-conquer-scanning worms and the distributions of vulnerable hosts through mathematical analysis and simulations. Specifically, we find that if vulnerable hosts follow a non-uniform distribution such as the Witty-worm victim distribution, divide-conquer scanning can spread a worm much faster than random scanning. We also study empirically the effect of important parameters on the spread of divide-conquer-scanning worms. Furthermore, to counteract such attacks, we discuss the weakness of divide-conquer scanning and study a defense mechanism.