Sciweavers

TON
2008

On the race of worms, alerts, and patches

14 years 14 days ago
On the race of worms, alerts, and patches
We study the effectiveness of automatic patching and quantify the speed of patch or alert dissemination required for worm containment. We focus on random scanning as this is representative of current generation worms, though smarter strategies exist. We find that even such "dumb" worms require very fast patching. Our primary focus is on how delays due to worm detection and patch generation and dissemination affect worm spread. Motivated by scalability and trust issues, we consider a hierarchical system where network hosts are partitioned into subnets, each containing a patch server (termed superhost). Patches are disseminated to superhosts through an overlay connecting them and, after verification, to end hosts within subnets. When patch dissemination delay on the overlay is negligible, we find that the number of hosts infected is exponential in the ratio of worm infection rate to patch rate. This implies strong constraints on the time to disseminate, verify and install patch...
Milan Vojnovic, Ayalvadi J. Ganesh
Added 15 Dec 2010
Updated 15 Dec 2010
Type Journal
Year 2008
Where TON
Authors Milan Vojnovic, Ayalvadi J. Ganesh
Comments (0)