Abstract:
Since the Morris worm occurred in 1988, worms have threatened the network persistently, the traditional anti-virus technologies no longer scale to deal with the worm threat, and benign worms become a new active countermeasure. The idea of benign worm is to transform a malicious worm into an anti-worm which spreads itself using the same mechanism as the original worm and immunizes a host. This method allows for an active measure to malicious worms that can potentially be deployed with no additional infrastructure in place. First of all, an active-benign worm and a hybrid-benign worm are classified into three sub-types, respectively. Then, three sub-types of the active-benign worm and the hybrid-benign worm are modeled respectively based on the two-factor model, and the models of six types of benign worms are derived under the circumstances of no delay time and of delay time. Finally, the simulation validates the models. Furthermore, the effect of each type containing the spread of worms is discussed based on the results. And there comes the conclusion that a composition-hybrid-benign worm is the most effective approach for containing the propagation of worms under the same infectious condition.