Internet worm attacks have become increasingly morefrequent and have had a major impact on the economy, making the detection andprevention of these attacks a top security concern. Several counter-measures have beenproposed and evaluated in recent literature. However, the effect of these proposeddefensive mechanisms on legitimate competing traffichas not been analyzed. This book presents a comparative analysis of theeffectiveness of several of these proposed mechanisms,including a measure of their effect on normal webbrowsing activities. This book also presents a study of the behavior ofTCP based worms in MANETs. We develop an analytical model for the worm spread ofTCP worms in the MANETs environment that accounts forpayload-size,bandwidth-sharing, radio range, nodal density and several other parameters speci c for MANETtopologies. We also present numerical solutions forthe model and verify the results usingpacket-level simulations. The results show that the analytical model developed here matches theresults of the packet-level simulation in most cases.
Active worms propagate across networks by employing various target discovery techniques. The significance of target discovery techniques in shaping a worm s propagation characteristics is derived from the life cycle of the worm. Various target discovery techniques that could be employed by active worms are discussed and compared. It is anticipated that future active worms would employ multiple target discovery techniques simultaneously to greatly accelerate their propagation. To accelerate a worm s propagation, the slow start phase in the worm s propagation must be shortened by letting the worm infect the first certain percentage of susceptible hosts as soon as possible. Strategies that future active worms might employ to shorten the slow start phase in their propagation are studied. Their respective cost-effectiveness is assessed. A novel active defense mechanism which can effectively defend against the propagation of active worms is proposed.