A Self-Learning Worm Using Importance Scanning

INTRODUCTION
A worm attacks vulnerable computer systems and employs self-propagating method to flood the Internet rapidly Worms, such as Code Red [10], Slammer [9], and Witty [17], have infected hundreds of thousands of hosts and become a significant threat to network security and management. It is therefore of great importance for defenders to characterize the spread of worms that employ distinct scanning methods and to study countermeasures accordingly.

Different scanning methods have been employed by previous worms. For instance, Morris worm used topological scanning that relies on the information contained in the victim
host to find new targets. Code Red v2 and Slammer worms employed random scanning that selects targets randomly. Code Red II and Nimda worms exercised localized scanning that preferentially searches for targets on the “local” address space.

Some advanced scanning mechanisms have been developed based on such a philosophy: The use of side information by an attacker can help a worm speed up the propagation. For example, hitlist scanning collects a list of vulnerable hosts before the worm is released [20]. Flash worm is an extreme case of hitlist-scanning worms, where IP addresses of all vulnerable hosts are known in advance [19]. Routable scanning exploits the information provided by BGP routing tables [26, 22]. Importance scanning takes advantage of the knowledge of vulnerable-host group distribution, assuming that this distribution is either available or obtainable [2].

Download file here

Incoming Search Terms : advantage of vbsim, advantage of vbsim program, vbsim advantages, vbsim program advantages