| This paper considers the effects of Internet worms on persistently unpatched hosts and hosts for which vulnerabilities are refreshed. Equilibrium conditions are obtained for which an Internet worm will self-propagate indefinitely.
Computer malware is a serious threat to our information infrastructure. Since the “Morris Worm” event of 1988, attacks have moved at the exponentially increasing speed of computers that are globally connected through optical fiber and wireless links. This paper focuses specifically on the issues related to pure Internet worms, which are self-replicating code that spreads over the public Internet automatically from infected hosts to uninfected vulnerable hosts.
Security patches eliminate specific instances of, say, a buffer overflow exploit, in a particular version of an application or operating system. This paper is concerned primarily with vulnerabilities for which a security patch already exists, but for one reason or another has not been applied to a host until a successful attack against the vulnerable host has taken place and been detected.
Over their life cycle, applications and operating systems are upgraded and old vulnerabilities are frequently reintroduced. A patch for one problem may create a different vulnerability. A host may be restored and rolled back to an unpatched state. Many hosts are simply never patched at all.
Due to these facts, new worms emerge that exploit the same classic set of vulnerabilities and “old” worms continuously reemerge or simply never go away. This paper deals with the spread, longevity, and possible extinction of Internet worms with respect to the temporary, permanent, or refreshed vulnerability of hosts. Simulated and analytical results predict the “physics” of self-propagation of a worm attack via a persistent pool of vulnerable hosts.
|
| Warren Debany has been with the Information Directorate of the U.S. Air Force Research Laboratory in Rome, New York since 1977.
Warren is the Technical Advisor to the Information Grid Division, which is responsible for communications, networking, and cyber operations technology.
Warren has over 50 technical publications, holds one patent and one patent pending, and several Air Force Invention Awards.
He received a B.S. in Electrical Engineering from the State University of New York at Buffalo, an M.S. in Computer Engineering from Syracuse University, and a Ph.D. in Computer and Information Science also from Syracuse University. He is a licensed Professional Engineer in the State of New York.
|