Hotspots: The Root Causes of Non-Uniformity in Self-Propagating Malware

Philadelphia, Pennsylvania June 25-June 28

DOI Bookmark:

http://doi.ieeecomputersociety.org/10.1109/DSN.2006.39

International Conference on Dependabl ...

	This Article
	PURCHASE ARTICLE: $19 PDF HTML IEEE Xplore Subscribers
	Share
	Email this Article to a friend
	Bibliographic References
	ASCII Text BibTex RefWorks Procite/RefMan/Endnote
	Add to:
	Digg Furl Spurl Blink Simpy Google Del.icio.us Y!MyWeb
	Search
	Similar Articles Articles by Evan Cooke Articles by Z. Morley Mao Articles by Farnam Jahanian

	ASCII Text	x
	Evan Cooke, Z. Morley Mao, Farnam Jahanian, "Hotspots: The Root Causes of Non-Uniformity in Self-Propagating Malware," Dependable Systems and Networks, International Conference on, pp. 179-188, International Conference on Dependable Systems and Networks (DSN'06), 2006.

	BibTex	x
	@article{ 10.1109/DSN.2006.39, author = {Evan Cooke and Z. Morley Mao and Farnam Jahanian}, title = {Hotspots: The Root Causes of Non-Uniformity in Self-Propagating Malware}, journal ={Dependable Systems and Networks, International Conference on}, volume = {0}, year = {2006}, isbn = {0-7695-2607-1}, pages = {179-188}, doi = {http://doi.ieeecomputersociety.org/10.1109/DSN.2006.39}, publisher = {IEEE Computer Society}, address = {Los Alamitos, CA, USA}, }

	RefWorks Procite/RefMan/Endnote	x
	TY - CONF JO - Dependable Systems and Networks, International Conference on TI - Hotspots: The Root Causes of Non-Uniformity in Self-Propagating Malware SN - 0-7695-2607-1 SP179 EP188 A1 - Evan Cooke, A1 - Z. Morley Mao, A1 - Farnam Jahanian, PY - 2006 KW - null VL - 0 JA - Dependable Systems and Networks, International Conference on ER -

Evan Cooke, University of Michigan

Z. Morley Mao, University of Michigan

Farnam Jahanian, University of Michigan

Self-propagating malware like worms and bots can dramatically impact the availability and reliability of the Internet. Techniques for the detection and mitigation of Internet threats using content prevalence and scan detectors are based on assumptions of how threats propagate. Some of these assumptions have recently been called into question by observations of huge discrepancies in the quantity of specific threats detected at different points around the Internet. We call these deviations from uniform propagation "hotspots". This paper quantifies and explains these influences on malware propagation. We then propose that hotspots can be explained by two fundamental influences on propagation: algorithmic factors and environmental factors. We use measurement data from sensors deployed at 11 locations around the Internet to demonstrate the impact of these factors on worm and bot propagation. With this understanding, we simulate the outbreak of new threats with hotspots and show how algorithmic and environmental factors reduce the visibility of distributed detectors resulting in the inability to identify new threats.

Citation:

Evan Cooke, Z. Morley Mao, Farnam Jahanian, "Hotspots: The Root Causes of Non-Uniformity in Self-Propagating Malware," dsn, pp.179-188, International Conference on Dependable Systems and Networks (DSN'06), 2006

Peer Review Notice | Give Us Feedback

Usage of this product signifies your acceptance of the Terms of Use.