Modeling and containment of search worms targeting web applications

Jingyu Hua, Kouichi Sakurai

研究成果: 書籍/レポート タイプへの寄稿会議への寄与

1 被引用数 (Scopus)

抄録

Many web applications leak sensitive pages (we name them eigenpages) that can disclose their vulnerabilities. As a result, some worms like Santy locate their targets by searching specific eigenpages in search engines with well-crafted keywords. Such worms are so called search worms. In this paper, we focus on the modeling and containment of these search worms. We first study the influence of the eigenpage distribution on their spreading by introducing two propagation models: U-Model assuming eigenpages uniformly distributed on servers and PL-Model assuming the distribution follows a power law. We show that the uniform distribution maximizes the spreading speed of the search worm. Then we study the influence of the page ranking and introduce another propagation model: PR-Model. In this model, search results are ranked based on their PageRank values and the relative importance of their resident servers. Finally, we propose a containment system for search worms based on honey-page insertion: a small number of fake pages which will induce visitors to pre-established honeypots are randomly inserted into search results, and then infectious can be detected and reported to search engines when their malicious scans hit honeypots. We study the relationship between the containment effectiveness and the honey-page insert rate with our propagation models and find that the Santy worm can be almost completely stopped at its early age by inserting no more than 2 honey pages in every 100 search results, which is extremely effective.

本文言語英語
ホスト出版物のタイトルDetection of Intrusions and Malware, and Vulnerability Assessment - 7th International Conference, DIMVA 2010, Proceedings
ページ183-199
ページ数17
DOI
出版ステータス出版済み - 2010
イベント7th GI International Conference on Detection of Intrusions and Malware and Vulnerability Assessment, DIMVA 2010 - Bonn, ドイツ
継続期間: 7月 8 20107月 9 2010

出版物シリーズ

名前Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
6201 LNCS
ISSN(印刷版)0302-9743
ISSN(電子版)1611-3349

その他

その他7th GI International Conference on Detection of Intrusions and Malware and Vulnerability Assessment, DIMVA 2010
国/地域ドイツ
CityBonn
Period7/8/107/9/10

!!!All Science Journal Classification (ASJC) codes

  • 理論的コンピュータサイエンス
  • コンピュータサイエンス一般

フィンガープリント

「Modeling and containment of search worms targeting web applications」の研究トピックを掘り下げます。これらがまとまってユニークなフィンガープリントを構成します。

引用スタイル