Abstract
In order to speed up the propagating process, the worms need to scan many IP addresses to target vulnerable hosts. However, the distribution of IP addresses is highly nonuniform, which results in many scans wasted on invulnerable addresses. Inspired by the theory of good point set, this paper proposes a new scanning strategy, referred to as good point set scanning (GPSS), for worms. Experimental results show that GPSS can generate more distinct IP addresses and less unused IP addresses than the permutation scanning. Combined with group distribution, a static optimal GPSS is derived. Since the information can not be easily collected before a worm is released, a self-learning worm with GPSS is designed. Such worm can accurately estimate the underlying vulnerable-host distribution when a sufficient number of IP addresses of infected hosts are collected. We use a modified Analytical Active Worm Propagation (AAWP) to simulate data of Code Red and the performance of different scanning strategies. Experimental results show that once the distribution of vulnerable hosts is accurately estimated, a self- learning worm can propagate much faster than other worms.
Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
