A Worm Containment Model Based on Neighbor-Alarm

  • Jianming Fu
  • Binglan Chen
  • Huanguo Zhang
Part of the Lecture Notes in Computer Science book series (LNCS, volume 4610)


How to detect and contain worms is an open issue as worm becomes a major threat to network security nowadays. Based on the help between neighbors in social network, this paper presents a model to mitigate the rapid spread of worms, and describes its dynamic equation. Since the performance of our model depends on the trust between neighbors, a method to calculate the trust is given in this paper. TPM can protect the authenticity of trust between neighbors, and thus decrease the worm propagation. Experimental results demonstrate that this model can greatly suppress the propagation of worms.


Malicious Node Infected Node Worm Propagation Susceptible Node Remote Attestation 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Nachenberg, C.: From AntiVirus to AntiWorm: A New Strategy for A New Threat Landscape[R]. In: Proceedings of ACM Workshop on Rapid Malcode WORM 2004, USA (2004)Google Scholar
  2. 2.
    Zou, C.C., Gao, L., Gong, W., Towsley, D.: Monitoring and early warning for Internet worms. Technical Report, TR-CSE-03-01, Electrical and Computer Engineering Department, University of Massachusetts (2003)Google Scholar
  3. 3.
    Singh, S., et al.: Automated Worm Fingerprinting. In: Proceedings of Usenix Symp. Operating System Design and Implementation, Usenix Assoc. pp. 45–60 (2004)Google Scholar
  4. 4.
    Kim, H.A., Karp, B.: Autograph: Toward Automated Distributed Worm Signature Detection. In: Proceedings of Usenix Security Symp., Usenix Assoc. pp. 271–286 (2004)Google Scholar
  5. 5.
    Cai, M., Hwang, K., et al.: Fast Internet Worm Containment. IEEE Security and Privacy (2005)Google Scholar
  6. 6.
    Zou, C.C., et al.: Monitoring and Early Warning for Internet Worms. In: Proceedings of 10th ACM Conf. Computer and Comm. Security CCS 2003, pp. 190–199. ACM Press, New York (2003)CrossRefGoogle Scholar
  7. 7.
    Wang, H.J., et al.: Shield: Vulnerability-Driven Network Filters for Preventing Known Vulnerability Exploits. In: Proceedings of ACM SIGCOMM, ACM Press, New York (2004)Google Scholar
  8. 8.
    Sandhu, R., Xinwen, Z.: Peer-to-Peer Access Control Architecture Using Trusted Computing Technology. In: Proceedings of SACMAT 2005, Stockholm, Sweden (2005)Google Scholar
  9. 9.
    Whyte, D., Kranakis, E., van Oorschot, P.: DNS based detection of scanning worms in an enterprise network. In: Proceedings of the 12th Annual Network and Distributed System Security Symposium (2005)Google Scholar
  10. 10.
    Feng, Y., Haixin, D., Xing, L.: Modeling and analyzing interaction between worm and antiworm in network worm spread. SCIENCE IN CHINA SERIES E 34(8), 841–856 (2004)Google Scholar
  11. 11.
    Lidong, Z., Lintao, Z., Frank, M., Nicole, I., Manuel, C., Steve, C.: A first look at Peer-to-Peer Worms: Threats and Defense. In: Proceedings of the Peer-to-Peer Systems 4th International Workshop. Ithaca, NY, USA, pp. 24–35 (2005)Google Scholar
  12. 12.
    Jianming, F., Zhiyi, H., Binglan, C., Jingsong, C.: Containing Worm Based on Immune-group in Scale-free P2P. In: Proceedings of the First International Conference on Complex Systems and Applications, Huhhot, China, pp. 945–949 (2006)Google Scholar
  13. 13.
    Pastor Satorras, R., Vespignani, A.: Immunization of complex networks. Phys. Rev. E (2002)Google Scholar
  14. 14.
    Reuven, C., Shlomo, H., Danie, B.A.: Efficient Immunization Strategies for Computer Networks and Populations. Phys. Rev. Lett. (2003)Google Scholar
  15. 15.
    Weaver, N., Staniford, S., Paxson, V.: Very Fast Containment of Scanning Worms, In: Proceedings of 13th Usenix Security Symp., Usenix Assoc. pp. 29–44 (2004)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2007

Authors and Affiliations

  • Jianming Fu
    • 1
    • 2
  • Binglan Chen
    • 1
  • Huanguo Zhang
    • 1
  1. 1.School of Computer, Wuhan University, Wuhan 430072P.R.China
  2. 2.The State Key Lab of Software Engineering, Wuhan University, Wuhan 430072P.R.China

Personalised recommendations