We propose a simple game for modeling containment of the spread of viruses in a graph of n nodes. Each node must choose to either install anti-virus software at some known cost C, or risk infection and a loss L if a virus that starts at a random initial point in the graph can reach it without being stopped by some intermediate node. The goal of individual nodes is to minimize their individual expected cost. We prove many game theoretic properties of the model, including an easily applied characterization of Nash equilibria, culminating in our showing that allowing selfish users to choose Nash equilibrium strategies is highly undesirable, because the price of anarchy is an unacceptable Θ(n) in the worst case. This shows in particular that a centralized solution can give a much better total cost than an equilibrium solution. Though it is NP-hard to compute such a social optimum, we show that the problem can be reduced to a previously unconsidered combinatorial problem that we call the sum-of-squares partition problem. Using a greedy algorithm based on sparse cuts, we show that this problem can be approximated to within a factor of O(log² n), giving the same approximation ratio for the inoculation game.

In this paper, we study the defensibility of large scale-free networks against malicious rapidly self-propagating code such as worms and viruses. We develop a framework to investigate the profiles of such code as it infects a large network. Based on these profiles and large-scale network percolation studies, we investigate features of networks that render them more or less defensible against worms. However, we wish to preserve mission-relevant features of the network, such as basic connectivity and resilience to normal nonmalicious outages. We aim to develop methods to help design networks that preserve critical functionality and enable more e#ective defenses.

The availability of reliable models of computer virus propagation would prove useful in a number of ways, in order both to predict future threats, and to develop new containment measures. In this paper, we review the most popular models of virus propagation, analyzing the underlying assumptions of each of them, their strengths and their weaknesses. We also introduce a new model, which extends the Random Constant Spread modeling technique, allowing us to draw some conclusions about the behavior of the Internet infrastructure in presence of a self-replicating worm. A comparison of the results of the model with the actual behavior of the infrastructure during recent worm outbreaks is also presented.

Modern society is highly dependent on the smooth and safe flow of information over communication and computer networks. Computer viruses and worms pose serious threats to the society by disrupting the normal information flow and collecting or destroying information without authorization. Compared to the e#ectiveness and ease of spreading worms and viruses, currently adopted defense schemes are slow to react and costly to implement.

Abstract. In this article, we briefly review some of the most important open problems in computer virology, in three different areas: theoretical computer virology, virus propagation modeling and antiviral techniques. For each area, we briefly describe the open problems, we review the state of the art, and propose promising research directions. 1

As email becomes one of the most convenient and indispensable communication mediums in our life, it is very important to protect email users from increasing email worm attacks. In this paper, we present the architecture and system design of a “feedback email worm defense system ” to protect email users in enterprise networks. The defense system is flexible and able to integrate many existing detection techniques to provide effective and efficient email worm defense. First, in response to a “detection score ” of a detected worm email and information on the possible appearance of a malicious email worm in the global Internet, the defense system adaptively chooses a cost-effective defense action that can range from simply labelling this email to aggressively deleting it from an email server. Second, the system uses “honeypot ” [13] to thoroughly detect worm emails received by email servers and also to early detect the presence of an email worm in the global Internet. Third, the defense system implements a “multi-sifting detection ” technique and “differential email service ” to achieve accurate detection without causing much delay on most emails. Furthermore, the defense system separates email attachments from email texts and saves attachments in separate “attachment caching servers”, which facilitate both email worm detection and email service efficiency.

Abstract — As many people rely on email communications for business and everyday life, Internet email worms constitute one of the major security threats for our society. Unlike scanning worms such as Code Red or Slammer, email worms spread over a logical network defined by email address relationship, making traditional epidemic models invalid for modeling the propagation of email worms. In addition, we show that the topological epidemic models presented in [1], [2], [3], [4] largely overestimate epidemic spreading speed in topological networks due to their implicit homogeneous mixing assumption. For this reason, we rely on simulations to study email worm propagation in this paper. We present an email worm simulation model that accounts for the behaviors of email users, including email checking time and the probability of opening an email attachment. Our observations of email lists suggest that an Internet email network follows a heavy-tailed distribution in terms of node degrees, and we model it as a power law network. To study the topological impact, we compare email worm propagation on power law topology with worm propagation on two other topologies: small world topology and random graph topology. The impact of the power law topology on the spread of email worms is mixed: email worms spread more quickly than on a small world topology or a random graph topology, but immunization defense is more effective on a power law topology. Index Terms — Network security, email worm, worm modeling, epidemic model, simulation I.

Recent worm epidemics have proven beyond any doubt that the existing centralized worm containment mechanisms are no longer adequate to protect vulnerable systems, resulting in a shift towards distributed cooperative mechanisms that aim to safeguard and immunize the susceptible population. We are presenting PROMIS, a P2P based algorithm that provides its participants with early information regarding the existence of a worm epidemic and allows them to automatically adjust their security level. Our argument is that our approach is based on the principles of hygiene: taking the basic precautions to avoid infection when an epidemic is on the rise and no cure is available.

Abstract not found

Current Bluetooth worms pose relatively little danger compared to Internet scanning worms—but things might change soon. The authors ’ BlueBag project shows targeted attacks through Bluetooth malware using proof-of-concept codes and devices that demonstrate their feasibility. Thanks to its characteristics, Bluetooth is emerging as a pervasive technology that can support wireless communication in various contexts in everyday life. For this reason, it’s important to understand the potential risks linked with various wireless devices and communication protocols. At present, the greatest level of diffusion exists in so-called smart phones. These devices offer all the functions of cuttingedge telephones while integrating those of advanced handheld computers managed by operating systems such