Read Paper (in PDF)
Ajay Gupta
Stony Brook University
USA
Daniel C. DuVarney
Stony Brook University
USA
Large-scale attacks generated by fast-spreading or stealthy malicious mobile code, such as flash worms and e-mail viruses, demand new approaches to patch management and disinfection. Currently popular centralized approaches suffer from distribution bottlenecks which cannot be solved by merely increasing the number of servers, as the number of servers required to eliminate all bottlenecks is impractically large. Recently, use of predators has been proposed as a technique for eliminating automated mobile malware from computer networks. Predators are benevolent, self-propagating mobile programs which have the ability to clean up systems infected by malignant worms/viruses and install patches which eliminate vulnerabilities exploited by the malignant code. We propose a number of extensions to the original predator model, including immunizing predators, persistent predators, and seeking predators. We report on
a set of simulations which explore the effects of predators on small-scale (800 to 1600 node) networks. Our results indicate that predators hold significant promise as an alternative to the centralized patch distribution mechanism. The results show that predators can be used to disinfect systems and distribute patches rapidly across the network, without suffering from bottlenecks or causing network congestion. The results also show that the new predator models provide significant benefits over the original predator model. Our simulation tool is also useful for tuning predator behavior, so that an optimal tradeoff between the peak virus/worm infection rate and the overhead generated by the predator can be chosen before a predator is released.
Keywords: Worms, Viruses, Predators, Self-Propagating, Patch-management