Abstract
In this paper, we propose and analyze an analytical propagation model of a vulnerability mitigation worm (SeaWave). The model takes into consideration the topology structure of enterprise networks such as switches, LANs, and backbone, proposing the first computer worm that use layer two of the OSI model as its main propagation medium. The model also addresses the worm's communication delays due to CAM table reading (α), neighbor switch communication (β), and backbone mapping (ε). We also propose a bandwidth model to measure the traffic generated within different stages of worm propagation. Different simulations of different hierarchical topologies of enterprise networks have been driven to further evaluate and observe the defensive worm's performance in large scale networks.
Original language | English |
---|---|
Title of host publication | Proceedings of the 2011 5th International Network and System Security Conference (NSS 2011) |
Publisher | IEEE Computer Society Press |
Pages | 347-352 |
ISBN (Print) | 978-1-4577-0458-1 |
DOIs | |
Publication status | Published - 6 Sept 2011 |