Skip to Content
[CAIDA - Center for Applied Internet Data Analysis logo]
Center for Applied Internet Data Analysis
Internet Quarantine: Requirements for Containing Self-Propagating Code
D. Moore, C. Shannon, G. Voelker, and S. Savage, "Internet Quarantine: Requirements for Containing Self-Propagating Code", in IEEE Conference on Computer Communications (INFOCOM), Apr 2003, pp. 1901--1910.
|   View full paper:    PDF    gzipped postscript    |  Citation:    BibTeX    Resource Catalog   |

Internet Quarantine: Requirements for Containing Self-Propagating Code

David Moore
Colleen Shannon
Geoffrey Voelker
Stefan Savage

CAIDA, San Diego Supercomputer Center, University of California San Diego

It has been clear since 1988 that self-propagating code can quickly spread across a network by exploiting homoge-neous security vulnerabilities. However, the last few years have seen a dramatic increase in the frequency and virulence of such "worm" outbreaks. For example, the Code-Red worm epidemics of 2001 infected hundreds of thousands of Internet hosts in a very short period - incurring enormous operational expense to track down, contain, and repair each infected machine. In response to this threat, there is considerable effort focused on developing technical means for detecting and containing worm infections before they can cause such damage.

This paper does not propose a particular technology to address this problem, but instead focuses on a more basic question: How well will any such approach contain a worm epidemic on the Internet? We describe the design space of worm containment systems using three key parameters- reaction time, contain-ment strategy and deployment scenario. Using a combination of analytic modeling and simulation, we describe how each of these design factors impacts the dynamics of a worm epidemic and, conversely, the minimum engineering requirements necessary to contain the spread of a given worm. While our analysis cannot provide definitive guidance for engineering defenses against all future threats, we demonstrate the lower bounds that any such system must exceed to be useful today. Unfortunately, our results suggest that there are significant technological and administrative gaps to be bridged before an effective defense can be provided in today's Internet.

Keywords: security
  Last Modified: Tue Oct-27-2020 03:30:13 UTC
  Page URL: