Modeling and Automated Containment of Worms

   October 25, 2012    Comments Off on Modeling and Automated Containment of Worms    Posted in: Final year projects

Modeling and Automated Containment of Worms

Abstract

Self-propagating codes, called worms, such as Code Red, Nimda, and Slammer, have drawn significant attention due to their enormously adverse impact on the Internet. Thus, there is great interest in the research community in modeling the spread of worms and in providing adequate defense mechanisms against them. In this paper, we present a (stochastic) branching process model for characterizing the propagation of Internet worms. The model is developed for uniform scanning worms and then extended to preference scanning worms. This model leads to the development of an automatic worm containment strategy that prevents the spread of a worm beyond its early stage. Specifically, for uniform scanning worms, we are able to determine whether the worm spread will eventually stop. We then extend our results to contain uniform scanning worms. Our automatic worm containment schemes effectively contain both uniform scanning worms and local preference scanning worms, and it is validated through simulations and real trace data to be non intrusive.

Existing System:

• In previous simulation model uses a combination of the deterministic epidemic model and a general stochastic epidemic model to model the effect of large-scale worm attacks.

• In an Existing system the complexity of the general stochastic epidemic model makes it difficult to derive insightful results that could be used to contain the worm.

• In a previous study it is used to detect the presence of a worm by detecting the trend, not the rate, of the observed illegitimate scan traffic.

• The filter is used to separate worm traffic from background non worm scan traffic.

Proposed System:

• This model leads to the development of an automatic worm containment strategy that prevents the spread of a worm beyond its early stage.

• We obtain the probability that the total number of hosts that the worm infects is below a certain level.

• Our strategy can effectively contain both fast scan worms and slow scan worms without knowing the worm signature in advance or needing to explicitly detect the worm.

• Our automatic worm containment schemes effectively contain the worms and stop its spreading.

System Requirements

Hardware:
PROCESSOR : PENTIUM IV 2.6 GHz
RAM : 512 MB
MONITOR : 15”
HARD DISK : 20 GB
CDDRIVE : 52X
KEYBOARD : STANDARD 102 KEYS
MOUSE : 3 BUTTONS

Software:

FRONT END : JAVA, SWING
TOOLS USED : JFRAME BUILDER
OPERATING SYSTEM : WINDOWS XP

   Tags: ,

Comments are closed.