网络蠕虫的传播模型与防御策略研究
|
摘要
近年来,随着网络蠕虫在全球互联网的蔓延和流行,保护互联网用户,使其免受网络蠕虫的侵害,成为了一个至关重要的课题。尽管互联网科研人员和工程师们做出了不懈的努力,但是我们至今还没有一种完全有效的方法来阻止网络蠕虫的出现和传播。目前,针对网络蠕虫的一部分研究集中在建立其传播模型,并以此分析出最佳防御策略。在此研究领域中,必须保证传播模型的正确性,进而才能得出可信的和可靠的防御策略。然而,通过研究与分析,目前的各种传播模型都没有精确到足以正确,全面地反映网络蠕虫在互联网上的传播动态,以至于之前的防御策略缺乏充分的理论支持。
针对目前的问题,本文基于多种网络蠕虫提出了相应的传播模型。互联网中的网络蠕虫可划分为基于扫描策略传播的蠕虫和基于拓扑结构传播的蠕虫。其中,基于扫描的网络蠕虫,之前的模型主要采用微分方程来描述扫描型网络蠕虫。微分方程描述了网络蠕虫的总体传播动态,但无法从细节上反映其传播受网络节点出度,地理信息等因素的影响程度。因此,我们引入矩阵表示拓扑结构,运用矩阵与矢量的迭代来模拟网络蠕虫的传播过程。矢量结构能精确地表示各种因素对传播的影响,而矩阵的迭代则反映了传播的细节信息。所以,此矩阵模型比传统的微分方程模型更加精确。
基于拓扑结构传播的网络蠕虫,其传播与拓扑结构具有较大相关性。实验证明,传统的微分方程模型会引入较大误差。为保证模型精确性,本文引入一组差分方程来表示拓扑型网络蠕虫的传播动态。目前,社会网络蠕虫和电子邮件蠕虫都属于基于拓扑结构传播的网络蠕虫。作为两个典型的案例,本文着重研究这两种拓扑型网络蠕虫的传播动态。一方面,之前的模型通常假设社会网络中的拓扑节点状态独立。此独立性由传播环所导致。针对拓扑型网络蠕虫的传播,本文提出的模型成功地解决了独立性假设所带来的误差。另一方面,之前的模型主要集中于早期的“非重复感染网络蠕虫”。而目前流行的电子邮件网络蠕虫主要为“重复感染型网络蠕虫”。此问题导致之前的模型极大地低估了电子邮件网络蠕虫的传播范围和速度。通过引入虚拟用户,本文解决了重复感染过程的建模问题。实验表明,此模型具有非常高的准确性。
另外,从实际出发,安全管理员无法监控和防御所有的网络用户,也难以做到在一种新的网络蠕虫爆发前就知道此蠕虫的特征并开展有效地防御。基于本文提出的传播模型,本文进一步探索1)哪些用户是最佳防御点;2)何时为最佳防御时间;3)需要监控和防御多少用户才能有效地阻止各种网络蠕虫的传播。传统的观点认为最佳防御点是网络节点中的出度大的用户,但通过本文的研究,此观点未必正确。为此,本文引入网络节点的betweenness值,也即网络蠕虫传播经过某一个节点的全概率。运用数学证明,本文得出最佳的防御点应为网络拓扑中具有最大betweenness值的节点。并且,可以证明,防御20%的用户就能有效地阻止蠕虫在网络中的传播。
总之,本文的研究能帮助科研和工程人员理解网络蠕虫的传播动态,并较快地开发出应对方案以抑制它们在互联网中的传播。
In recent years, Internet worms pose critical security threats to the Internet. In the real world, although scientists have spared no effort to protect Internet users from detriments caused by various worms, unfortunately, there are no effective ways to eliminate and eradicate worms on the Internet. In order to counter worms, current research focuses on modeling the propagation dynamics, and then, on the basis of it, investigates methods which may possibly suppress their spreading speed and prevalence. In this field, it is mandatory to guarantee the accuracy of the proposed model before the derived countermeasures being convincible. However, according to our investigation, previous works is not accurate and cannot present the spreading of worms.
In order to address the problems in this field, this thesis proposes propagation models for various worms. In fact, existing worms in the Internet can be categorized into scanning-based worms and topology-based worms. Firstly, for those scanning-based worms, previous models generally adopt defferential equations to present the propagation. However, differential equations cannot reflect the impacts on the propagation procedure from the information like degrees of nodes and geographical positions. In this thesis, we introduce metrix to represent the topology, and adopt the iteration between matrix and vector to simulate the spreading procedure. The structure of vectors can help accurately present the impacts from various factors in the real world, and the iteration of matrixes refects the detailed information in the propagation. Therefore, our proposed model for scanning-based worms is more accurate than previous models based on differential equations.
Secondly, the propagation of topology-based worms is highly related to the structure of topologies. According to the experiments, we find traditional differential equations may introduce great errors to the modeling. In order to precisely model the propagation of topology-based worms, this thesis introduces a group of difference equations to present the spreading dynamics. As two examples, worm spreading in social networks and email networks belongs to topology-based worms. In this thesis, we mainly focus on modeling the propagation of these two types of topology-based worms. On one hand, previous models generally assume the states of nodes in social networks are independent. According to the analysis in this thesis, we find this assumption may cause great errors in the modeling as there are lots of spreading cycles formed in the topology. In order to solve this problem, this thesis proposes a SII model. By eliminating the the propagation cycles in the modeling, the SII model achieves better accuracy. On the other hand, previous models of topology-based worms mainly are based on the "nonreinfection" spreading mechanism. However, modern email worms spread by the "reinfection" and "self-start" mechanisms. As a result, previous models dramatically underestimate the scale and speed of the propagation of modern email worms. By introducing virtual nodes to present the repetitious spreading process, the proposed SII model solves the problem. The experiments show that the SII model significantly outperforms previous models.
Additionally, in the real world, it is almost impossible to monitor all the users in the Internet. Moreover, it is almost infeasible to character a new worm in the wild before this worm breaks out. Based on the proposed propagation model, this thesis further examines1) where to defend worm;2) when to defend worm;3) how many users should be monitored to prevent the propagation of worms. The traditional viewpoint considers the optimized positions for defense are at the nodes with maximal degrees. However, according to our analysis, this viewpoint may be always the truth. Through mathematical analysis, this thesis concludes the prior positions for defense should be at the nodes with maximal values of betweenness. Furthermore, this thesis concludes that the propagation of worms can be greatly suppressed by monitoring20%Internet users.
All in all, the research presented in this thesis can help scientists and security engineers characterize the propagation dynamics of worms, and benefit the development of countermeasures to suppress their spreading speed and prevalence.
针对目前的问题,本文基于多种网络蠕虫提出了相应的传播模型。互联网中的网络蠕虫可划分为基于扫描策略传播的蠕虫和基于拓扑结构传播的蠕虫。其中,基于扫描的网络蠕虫,之前的模型主要采用微分方程来描述扫描型网络蠕虫。微分方程描述了网络蠕虫的总体传播动态,但无法从细节上反映其传播受网络节点出度,地理信息等因素的影响程度。因此,我们引入矩阵表示拓扑结构,运用矩阵与矢量的迭代来模拟网络蠕虫的传播过程。矢量结构能精确地表示各种因素对传播的影响,而矩阵的迭代则反映了传播的细节信息。所以,此矩阵模型比传统的微分方程模型更加精确。
基于拓扑结构传播的网络蠕虫,其传播与拓扑结构具有较大相关性。实验证明,传统的微分方程模型会引入较大误差。为保证模型精确性,本文引入一组差分方程来表示拓扑型网络蠕虫的传播动态。目前,社会网络蠕虫和电子邮件蠕虫都属于基于拓扑结构传播的网络蠕虫。作为两个典型的案例,本文着重研究这两种拓扑型网络蠕虫的传播动态。一方面,之前的模型通常假设社会网络中的拓扑节点状态独立。此独立性由传播环所导致。针对拓扑型网络蠕虫的传播,本文提出的模型成功地解决了独立性假设所带来的误差。另一方面,之前的模型主要集中于早期的“非重复感染网络蠕虫”。而目前流行的电子邮件网络蠕虫主要为“重复感染型网络蠕虫”。此问题导致之前的模型极大地低估了电子邮件网络蠕虫的传播范围和速度。通过引入虚拟用户,本文解决了重复感染过程的建模问题。实验表明,此模型具有非常高的准确性。
另外,从实际出发,安全管理员无法监控和防御所有的网络用户,也难以做到在一种新的网络蠕虫爆发前就知道此蠕虫的特征并开展有效地防御。基于本文提出的传播模型,本文进一步探索1)哪些用户是最佳防御点;2)何时为最佳防御时间;3)需要监控和防御多少用户才能有效地阻止各种网络蠕虫的传播。传统的观点认为最佳防御点是网络节点中的出度大的用户,但通过本文的研究,此观点未必正确。为此,本文引入网络节点的betweenness值,也即网络蠕虫传播经过某一个节点的全概率。运用数学证明,本文得出最佳的防御点应为网络拓扑中具有最大betweenness值的节点。并且,可以证明,防御20%的用户就能有效地阻止蠕虫在网络中的传播。
总之,本文的研究能帮助科研和工程人员理解网络蠕虫的传播动态,并较快地开发出应对方案以抑制它们在互联网中的传播。
In recent years, Internet worms pose critical security threats to the Internet. In the real world, although scientists have spared no effort to protect Internet users from detriments caused by various worms, unfortunately, there are no effective ways to eliminate and eradicate worms on the Internet. In order to counter worms, current research focuses on modeling the propagation dynamics, and then, on the basis of it, investigates methods which may possibly suppress their spreading speed and prevalence. In this field, it is mandatory to guarantee the accuracy of the proposed model before the derived countermeasures being convincible. However, according to our investigation, previous works is not accurate and cannot present the spreading of worms.
In order to address the problems in this field, this thesis proposes propagation models for various worms. In fact, existing worms in the Internet can be categorized into scanning-based worms and topology-based worms. Firstly, for those scanning-based worms, previous models generally adopt defferential equations to present the propagation. However, differential equations cannot reflect the impacts on the propagation procedure from the information like degrees of nodes and geographical positions. In this thesis, we introduce metrix to represent the topology, and adopt the iteration between matrix and vector to simulate the spreading procedure. The structure of vectors can help accurately present the impacts from various factors in the real world, and the iteration of matrixes refects the detailed information in the propagation. Therefore, our proposed model for scanning-based worms is more accurate than previous models based on differential equations.
Secondly, the propagation of topology-based worms is highly related to the structure of topologies. According to the experiments, we find traditional differential equations may introduce great errors to the modeling. In order to precisely model the propagation of topology-based worms, this thesis introduces a group of difference equations to present the spreading dynamics. As two examples, worm spreading in social networks and email networks belongs to topology-based worms. In this thesis, we mainly focus on modeling the propagation of these two types of topology-based worms. On one hand, previous models generally assume the states of nodes in social networks are independent. According to the analysis in this thesis, we find this assumption may cause great errors in the modeling as there are lots of spreading cycles formed in the topology. In order to solve this problem, this thesis proposes a SII model. By eliminating the the propagation cycles in the modeling, the SII model achieves better accuracy. On the other hand, previous models of topology-based worms mainly are based on the "nonreinfection" spreading mechanism. However, modern email worms spread by the "reinfection" and "self-start" mechanisms. As a result, previous models dramatically underestimate the scale and speed of the propagation of modern email worms. By introducing virtual nodes to present the repetitious spreading process, the proposed SII model solves the problem. The experiments show that the SII model significantly outperforms previous models.
Additionally, in the real world, it is almost impossible to monitor all the users in the Internet. Moreover, it is almost infeasible to character a new worm in the wild before this worm breaks out. Based on the proposed propagation model, this thesis further examines1) where to defend worm;2) when to defend worm;3) how many users should be monitored to prevent the propagation of worms. The traditional viewpoint considers the optimized positions for defense are at the nodes with maximal degrees. However, according to our analysis, this viewpoint may be always the truth. Through mathematical analysis, this thesis concludes the prior positions for defense should be at the nodes with maximal values of betweenness. Furthermore, this thesis concludes that the propagation of worms can be greatly suppressed by monitoring20%Internet users.
All in all, the research presented in this thesis can help scientists and security engineers characterize the propagation dynamics of worms, and benefit the development of countermeasures to suppress their spreading speed and prevalence.
引文
[1]P. Wood and G Egan, "Symantec Internet Security Threat Report 2011," Symantec Corporation, Technical Report, April,2012.
[2]S. Staniford, V. Paxson and N. Weaver, "How to own the Internet in your spare time," In proceedings of USENIX Security Symposium, August 2002.
[3]N. Weaver, V. Paxson, S. Staniford and R. Cunningham, "A taxonomy of computer worms," In Proceedings of ACM CCS Workshop on Rapid Malcode (WORM), October 2003.
[4]D. Moore, V. Paxson, S. Savage, C. Shannon, S. Staniford and N. Weaver, "Inside the Slammer worm," IEEE Magazine on Security and Privacy,1(4), July 2003.
[5]D. Moore, C. Shannon and J. Brown, "Code-Red:a case study on the spread and victims of an Internet worm," In Proceedings of the second ACM SIGCOMM Workshop on Internet Measurement, November 2002.
[6]CERT, http://www.cert.org/advisories/CA-2003-20.html. available online 14/09/2012.
[7]Wikipedia, http://en.wikipedia.org/wiki/Sasser (computer worm"). available online 14/09/2012.
[8]CERT, http://www.cert.org/advisories/CA-2001-26.html. available online 14/09/2012.
[9]M. Bailey, E. Cooke, F. Jahanian, D. Watson and J. Nazario, "The Blaster Worm:Then and Now," in IEEE Security & Privacy. Vol.3,2005, pp.26-31.
[10]P. K. Manna, S. Chen and S. Ranka. "Inside the Permutation-Scanning Worms:Propagation Modeling and Analysis." IEEE/ACM Transaction on Networking, vol.18, no.3, JUNE 2010.
[11]Forbath, T., Kalaher, P. and O'Grady, "The Total Cost of Security Patch Management," Wipro Report, Wipro Technologies, Bangalore, India,2005.
[12]D. Schneider, "Fresh phish," IEEE Spectr.,45, pp.34-38,2008.
[13]R. Anderson and R. May, "Infectious Diseases of Humans:Dynamics and Control," Oxford University Press, Oxford,1991.
[14]H. Andersson and T. Britton, "Stochastic Epidemic Models and their Statistical Analysis," Springer, NewYork,2000.
[15]T. Bailey, "The Mathematical Theory of Infectious Diseases and its Application," Hafher Press, NewYork,1975.
[16]S. Staniford, V. Paxson and N. Weaver, "How to Own the Internet in Your Spare Time," in Proeedings of the 11th USENTX Security Symp. (Security'02), San Francisco, CA, USA, August 5-9, pp.149-167. USENTX Association, Berkeley.
[17]C. Frauenthal, "Mathematical Models in Epidemiology," Springer, NewYork,1980.
[18]J. Kim, S. Radhakrishnan and S. Dhall, "Measurement and Analysis of Worm Propagation on Internet Network Topology," In Proceedings of the 13th Int. Conf. Computer Communications and Networks (ICCCN'04), Chicago, USA, pp.495-500,2004.
[19]C. Zou, W.Gong and D. Towsley, "Code Red Worm Propagation Modeling and Analysis," in Proceedings of the 9th ACM Conf. Computer and Communications Security (CCS'02), Washington, DC, USA, November 17-21, pp.138-147,2002.
[20]C. Zou, D. Towsley, and W. Gong, "Modeling and simulation study of the propagation and defense of internet email worms," IEEE Transaction on Dependable and Secure Computing, 4, pp.105-118,2007.
[21]C. Wang, C. Knight and C. Elder, "On Computer Viral Infection and the Effect of Immunization," in the 16th Annual Computer Security Applications Conf. (ACSAC'00), New Orleans, LA, pp.246-256,2000.
[22]X. Fan, and Y. Xiang, "Modeling the propagation of peer-to-peer worms," Future Generation Computer System,26, pp.1433-1443,2010.
[23]D. Moore, C. Shannon and J. Brown, "Code-Red:A Case Study on the Spread and Victims of an Internet Worm," in Proceedings of the 2nd ACM SIGCOMMWorkshop on Internet Measurement, Marseille, France, pp.273-284,2002.
[24]D. Moore, "The spread of the Code-Red Worm (CRv2)," CAIDA analysis. http://www.caida.org/analysis/security/codered/coderedv2 analysis.xml. available 2011.
[25]CAIDA. CAIDA analysis of code-red, http://www.caida.org/analysis/security/code-red/. (12 August 2011, date online accessed).
[26]C. Zou, D. Towsley and W. Gong, "On the performance of internet worm scanning strategies," Performance Evaluation,63, pp.700-723,2006.
[27]K. Rohloff and T. Basar, "Stochastic Behavior of Random Constant Scanning Worms," in Proceedings of the 14th International Conerence on Computer Communications and Networks (ICCCN'05), San Diego, CA, USA, pp.339-344,2005.
[28]S.Sellke B. Shroff and S. Bagchi, "Modeling and Automated Containment of Worms," in Proceedings of the International Conerence on Dependable Systems and Networks, Yokohama, Japan, pp.528-537,2005.
[29]Z. Chen, L. Gao and K. Kwiat, "Modeling the Spread of Active Worms," in the 22th Annual Joint Conf. IEEE Computer and Communications (INFOCOM'03), San Franciso, CA, USA, pp.1890-1900,2003.
[30]J. Horng, Y. Su, H. Chen, W. Kao, J. Chen, L. Lai and D. Perkasa, "A novel intrusion detection system based on hierarchical clustering and support vector machines," Expert System Application,38, pp.306-313,2011.
[31]M. Bailey, E. Cooke, F. Jahanian, D. Watson and J. Nazario, "The blaster worm:then and now. IEEE Security and Privacy," 3, pp.26-31,2005.
[32]C. Zou, W. Gong and D. Towsley, "Worm Propagation Modeling and Analysis under Dynamic Quarantine Defense," in the Proceedings of ACM Workshop on Rapid Malcode (WORM'03), Washington, DC, USA, pp.51-60,2005.
[33]C. Zou, W. Gong, D. Towsley and L. Gao, "The monitoring and early detection of Internet worms," IEEE/ACM Transaction on Networking,13, pp.961-974,2005.
[34]D. Moore, V. Paxson, S. Savage, C. Shannon, S. Staniford and N. Weaver, "Inside the SlammerWorm," IEEE Security and Privacy,1, pp.33-39,2003.
[35]J. Wu, S. Vangala, L. Gao and K. Kwiat, "An Efficient Architecture and Algorithm for Detecting Worms with Various Scan Techniques," in Proceedings of the 11th Annual Network and Distributed System Security Symposium (NDSS'04), USA, pp.143-156,2004.
[36]M. Fossi and J. Blackbird, "Symantec Internet Security Threat Report 2010," Symantec Corporation, Technical Report, March,2011.
[37]D. Moore, V. Paxson, S. Savage, C. Shannon, S. Staniford, and N. Weaver, "The Spread of the Sapphire/Slammer Worm", Technical Report, CAIDA, Jan 2003.
[38]H. Ebel, L. Mielsch, S. Bornholdt, "Scale-free topology of e-mail networks," Physical Review E,66,2002.
[39]A. Mislove, M. Marcon, K. P. Gummadi, P. Druschel, B. Bhattacharjee, "Measurement and analysis of online social networks," in the Proceedings of the 7th ACM SIGCOMM Conference on Internet measurement, (IMC'07), New York, NY, USA,2007.
[40]R. Pastor-Satorras and A. Vespignani, "Epidemic spreading in scale-free networks," Physical Review Letter,86, pp.3200-3203,2001.
[41]Y. Moreno, J. B. Gomez and A. F. Pacheco, "Epidemic incidence in correlated complex networks," Physical Review E,68,2003.
[42]Y. Moreno, R. Pastor-Satorras, A. Vespignani, "Epidemic outbreaks in complex heterogeneous networks," European Physical J. B,26, pp.521-529,2002.
[43]M. Boguna, R. Pastor-Satorras and A. Vespignani, "Epidemic spreading in complex networks with degree correlations," Lecture Notes in Physics:Statistical Mechanics of Complex Networks, pp.127-147,2003.
[44]R. Thommes, M. Coates, "Epidemiological modeling of peer-to-peer viruses and pollution," in Proceedings of the 25th IEEE International Conference on Computer Communication (Infocom'06). pp.1-12,2006.
[45]D. Chakrabarti, J. Leskovec, C. Faloutsos, S. Madden, C. Guestrin, M. Faloutsos, "Information survival threshold in sensor and p2p networks," in Proceedings of the 26th IEEE International Conference on Computer Communication (Infocom '07), pp.1316-1324,2007.
[46]A. Ganesh, L. Massoulie, D. Towsley, "The effect of network topology on the spread of epidemics," in Proceedings of the 24th IEEE International Conference on Compuer Communication, (Infocom '05), pp.1455-1466,2005.
[47]Y. Wang, D. Chakrabarti, C. Wang, C. Faloutsos, "Epidemic spreading in real networks:an eigenvalue viewpoint," in Proceedings of the IEEE Symposium on Reliable Distributed Systems, pp.25-34,2003.
[48]Z. Chen, C. Ji, "Spatial-temporal modeling of malware propagation in networks," IEEE Transactions on Neural Networks,16, pp.1291-1303,2005.
[49]G Yan, G Chen, S. Eidenbenz, N. Li, "Malware propagation in online social networks:nature, dynamics, and defense implications," in Proceedings of the 6th ACM Symposium on Information Computer Communication and Security, (ASIACCS'11), New York, USA,2011.
[50]W. Fan, K. Yeung, "Online social networks paradise of computer viruses," Physics. A: Statistical Mechanics and its Applications, pp.189-197,2011.
[51]S.M. Cheng, W. Ao, P.Y. Chen, K.C. Chen, "On Modeling malware Propagation in Generalized Social Networks," IEEE Communication Letters,15, pp.25-27,2011.
[52]Y.Y. Ahn, S. Han, H. Kwak, S. Moon, H. Jeong, "Analysis of Topological Characteristics of Huge Online Social Networking Services," in Proceedings of the ACM International Conference on World Wide Web, (WWW'07), Banff, Alberta, Canada,2007.
[53]Y. Wang, S. Wen, S. Cesare, W. Zhou, Y. Xiang, "Eliminating errors in worm propagation models," IEEE Communication Letters,15, pp.1022-1024,2011.
[54]BrightKite Social Network, http://www.brightkite.com.
[55]M.E.J Newman, S. Forrest, J. Balthrop, "Email Networks and the Spread of Computer Viruses," Physics Review E,66,2002.
[56]S. Karlin and H. Taylor, "A First Course in Stochastic Processes 2nd Edition". Elsevier, March 1975.
[57]T. Bu and D. Towsley, "On Distinguishing between Internet Power-law Topology Generators," in Proceedings of the 21th IEEE International Conference on Computer Communication, (Infocom'02), pp.638-647,2002.
[58]Y. Xiang, X. Fan and W. Zhu, "Propagation of Active Worms:A Survey," International Journal of Computer System Science & Engineering,24, pp.157-172,2009.
[59]S. Wen, "Topology Generator and Propagation Simulator of Social Network Worms," http://www.deakin.edu.au/~wshen g/propagation.html,2011.
[60]G Yan, H.D. Flores, L. Cuellar, N. Hengartner, S. Eidenbenz and V. Vu, "Bluetooth Worm Propagation:Mobility Pattern Matters," in Proceedings of the 2nd ACM Symposium on Information Computer Communication and Security, (ASIACCS'07), New York, USA,2007.
[61]G Yan and S. Eidenbenz, "Modeling Propagation Dynamics of Bluetooth Worms (Extended Version)," IEEE Transaction on Mobile Computing,8, pp.353-367,2009.
[62]C. Gao, J. Liu and N. Zhong, "Network Immunization and Virus Propagation in Email Networks:Experimental Evaluation and Analysis," Knowledge Information System,27, pp. 253-279,2011.
[63]G Eschelbeck, "The Laws of Vulnerabilities," BlackHat Conference, Qualys Inc., Technical Report, Japan,2004.
[64]M. C. Calzarossa, E. Gelenbe, "Performance Tools and Applications to Networked Systems: Revised Tutorial Lectures," Lecture Notes in Computer Science, Springer-Verlag New York, Inc., Secaucus, NJ, USA,2004.
[65]S. Wen, W. Zhou, Y. Wang, W.L. Zhou and Y. Xiang, "Locating Defense Positions for Thwarting the Propagation of Topological Worms," IEEE Communication Letters, vol.16, no. 4, pp.560-563,2012.
[66]M. Newman, "A measure of betweenness centrality based on random walks," Social Networks,27, pp.39-54,2005.
[67]J. Xiong, "ACT:Attachment Chain Tracing Scheme for Email Virus Detection and Control," in Proceedings of The 2nd ACM Workshop on Rapid Malcode (Worm'04), Washington, DC, USA, Oct.2004.
[68]CERT, Advisory CA-1999-04, Melissa Macro Virus, http://www.cert.org/advisories/CA-1999-04.html,2012.
[69]CERT, Advisory CA-2000-04, Love Letter Worm, http://www. cert.org/advisories/CA-2000-04.html,2012.
[70]C. Wong, S. Bielski, J.M. McCune and C. Wang, "A Study of Mass-mailing Worms," in Proceedings of the 2nd ACM Workshop on Rapid Malcode (Worm'04), Washington, DC, USA, Oct.2004.
[71]G. Serazzi and S. Zanero, "Computer Virus Propagation Models," in Proceedings of the 11th IEEE/ACM International Conference on Modeling, Analysis and Simulation of Computer and Telecommun. System, Orlando, USA, Oct.2003.
[72]B. Rozenberg, E. Gudes and Y. Elovici, "SISR:A New Model for Epidemic Spreading of Electronic Threats," Lecture Notes in Computer Science, vol.5735, pp.242-249,2009.
[73]C.C. Zou, "Internet Email Worm Propagation Simulator," http://www.cs.ucf.edu/-czou/research/emailWormSimulation.html.2005.
[74]D. Moore and C. Shannon, "The Nyxem Email Virus:Analysis and Inferences," Technical Report, CAIDA, Feb.2006.
[75]S. Wen, "Topology Generator and Propagation Simulator of Modern Email Malware," http://www.deakin.edu.au/~wsheng/emailpropagation.html,2012.
[76]A. Mislove, M. Marcon, K. P. Gummadi, P. Druschel, B. Bhattacharjee, "Measurement and analysis of online social networks," in:Proceedings of the 7th ACM SIGCOMM conference on Internet measurement, IMC'07, New York, NY, USA,2007.
[77]M. Kitsak, L. K. Gallos, S. Havlin, F. Liljeros, L. Muchnik, H. E. Stanley and H. A. makes, "Identification of influential spreaders in complex networks," Nature Physics, vol.6, November 2010.
[78]P. V. Mieghem, J. Omic and R. Kooij, "Virus Spread in Networks," IEEE/ACM Transaction on Networking, vol.17, No.1, February 2009.
[79]D. Chakrabarti, Y. Wang, C. Wang, J. Leskovec and C. Faloutsos, "Epidemic Thresholds in Real Networks," ACM Transaction on Information and System Security, vol.10, No.4, January 2008.
[80]Y. Y. Liu, J. J. Slotine and A. L. Barabasi, "Controllability of Complex Networks," Nature, vol.473, May 2011.
[81]T. Nepusz and T. Vicsek, "Controlling Edge Dynamics in Complex Networks," Nature Physics, vol.8, July 2012.
[82]J.O. Kephart, D. M. Chess and S.R White, "Computers and Epidemiology," IEEE Spectrum, 30(5), May 1993.
[83]M. Vojnovic and A. J. Ganesh, "On the Race of Worms, Alerts and Patches," IEEE/ACM Transaction on Networking, vol.16, No.5, October 2008.
[84]M. Vojnovic, V. Gupta, T. karagiannis and C. Gkantsidis, "Sampling Strategies for Epidemic-Style Information Dissemination," IEEE/ACM Transactions on Networking, vol. 18, No.4, August 2010.
[85]Gamespy. Gamespy arcade, http://www.gamespyarcade.com.Available online,2012.
[86]Valve Software. Half Life, http://www.half-life.com.
[87]D. J. Daley and J. Gani, "Epidemic Modelling:An Introduction," Cambridge:Cambriage University Press,1999.
[88]D. Moore, C. Shannon, GM. Voelker and S. Savage, "Internet Quarantine:requirements for Containing Self-Propagating Code," in Proceedings of the 22nd IEEE International Conference on Computer Communication, (Infocom'03), pp.1901-1910, San Francisco, USA,2003.
[89]K. G Anagnostakis, M. Greenwald, S. Ioannidis and A. Keromytis, "Robust reactions to Potential Day-Zero Worms Through Cooperation and Validation," in Proceedings of the 9th International conference on Information Security (ISC'06), Berlin, pp.427-442,2006.
[90]C. Cowan, C. Pu, D. Maier, J. Walpole, P. Bakke, S. Beattie, A. Grier, "P. Wagle, Q. Zhang, and H. Hinton, "StackGuard:Automatic Adaptive Detection and Prevention of Buffer-Overflow Attacks," in Proceedings of the 7th USENIX Security Conference, San Antonio, Texas, pp.63-78, Jan.1998.
[91]D. Wagner, J. S. Foster, E. A. Brewer, and A. Aiken, "A First Step towards Automated Detection of Buffer Overrun Vulnerabilities," in Proceedings of the Network and Distributed System Security Symposium, San Diego, CA, pp.3-17, Feb.2000.
[92]G C. Necula, "Proof-Carrying Code," in Proceedings of the 24th ACM Sigplan-Sigact Symposium on Principles of Programming Languages (POPL'97), Paris, France, pp. 106-119,Jan.1997.
[93]A. Somayaji, S. Hofmeyr, and S. Forrest, "Principles of a Computer Immune System," in New Security Paradigms Workshop, pp.75-82, Sept.1997.
[94]Symantec, "Symantec Security Response," http://securityresponse.symantec.com/.
[95]Microsoft Corporation, "Microsoft windows update," http://windowsupdate.microsoft.com.
[96]P. Li, M. Salour and X. Su, "A Survey of Internet Worm Detection and Containment," IEEE Communications Survey and Tutorials, vol.10, No.1,1st Quarter 2008.
[97]D. Dagon, C. Zou and W. Lee, "Modeling Botnet Propagation Using Time Zones," in Proceedings of the 13th Annual Network and Distributed System Security Symposium (NDSS'06), USA,2006.
[98]Z. Chen, C. Ji, "An Information-Theoretic View of Network-Aware Malware Attacks," IEEE Transactions on Information Forensics and Security, vol.4, No.3, Sept.2009.
[99]Z. Chen, C. Chen and C. Ji, "Understanding Localized-Scanning Worms," in Proceedings of 26th IEEE International Performance Computing and Communications (IPCCC'2007), pp. 186-193,2007.
[100]R. Pastor-Satorras, "Epidemic Dynamics in Finite Size Scale-free Networks," Physical Review E, vol.65, pp.1-4,2002.
[101]Z. dezso and A. Barabasi, "Halting Viruses in Scale-free Networks," Physical Review E, vol. 65,pp.103-107,2002.
[102]A. Ganesh, D. Gunawardena, P. Key, L. Massoulie and J. Scott, "Efficient Quarantining of Scanning Worms:Optimal Detection and Coordination," in Proceedings of the 25th IEEE International Conference on Computer Communication (Infocom '06). pp.222-236,2006.
[103]G Yan, L. Cuellar, S. Eidenbenz, H. D. Flores, N. hengartner and V. Vu, "Bluetooth Worm Propagation:Mobility Pattern Matter," in Proceedings of the 2nd ACM Symposium on Information, Computer and Communications Security (ASIACCS'07), pp.32-45, Singapore, March,2007.
[104]Y. Tang and S. Chen, "An Automated Signature-based Approach against Polymorphic Internet Worms," IEEE Transactions on Parallel and Distributed Systems, pp.879-893, vol. 18, No.7, July 2007.
[105]K. R. Rohloff and T. Basar, "deterministic and Stochastic Models for the Detection of Random Constant Scanning Worms," ACM Transaction on Modeling and Computer Simulation, vol.18, No.2, article 8, April 2008.
[106]B. Stephenson and B. Sikdar, "A Quasi-species Model for the Propagation and Containment of Polymorphic Worms," IEEE Transaction on Computers, vol.58, No.9, pp.1289-1297, Sept.2009.
[107]L. Wang, Z. Li, Y. Chen, Z. Fu and X. Li, "Thwarting Zero-day Polymorphic Worms With Network-level length-Based Signature Generation," IEEE/ACM Transactions on Networking, vol.18, No.1, Feb.2010.
[108]W. Yu, X. Wang, P. Calyam, D. Xuan and W. Zhao, "Modeling and Detection of Camouflaging Worm," IEEE Transactions on Dependable and Secure Computing, vol.8, No. 3, pp.377-391, May 2011.
[109]C. Anagnostopoulos, S. Hadjiefthymiades and E. Zervas, "Information Dissemination Between Mobile Nodes for Collaborative Context Awareness," IEEE Transactions on Mobile Computing, vol.10, No.12, December 2011.
[110]N. Nikiforakis, L. Invernizzi, A. Kapravelos, S. V. Acker, W. Joosen, C. Kruegel, F. Piessens and G Vigna, "You Are What You Include:large-scale Evaluation of Remote javascript Inclusions," in proceedings of ACM Computer Communication Security (CCS'12), Raleigh, North Carolina, USA, October,2012.
[111]L. Invernizzi, P. M. Comparetti, S. benvenuti, C. Kruegel, M. Cova and G Vigna, "Evilseed: A Guided Approach to Finding Malicious Web pages," IEEE Symposium on Security and Privacy, Luca Invernizzi, May,2012.
[112]M. Cova, C. Kruegel, and G Vigna, "Detection and Analysis of Drive-by-Download Attacks and Malicious JavaScript Code," in International World Wide Web Conference (WWW), USA,2010.
[113]M. Polychronakis, P. Mavrommatis, and N. Provos, "Ghost Turns Zombie:Exploring the Life Cycle of Web-based Malware," in USENIX Workshop on Large-Scale Exploits and Emergent Threats,2008.
[114]P. Likarish, E. Jung, and I. Jo, "Obfuscated Malicious Javascript Detection using Classification Techniques," in Proceedings of the Conference on Malicious and Unwanted Software (Malware,09),2009.
[115]M. Cova, C. Leita, O. Thonnard, A. Keromytis, and M. Dacier, "An Analysis of Rogue AV Campaigns," in Proceedings of the Symposium on Recent Advances in Intrusion Detection (RAID),2010.
[116]CAIDA, http://www.caida.org. Available online. Access in 20/10/2012.
[2]S. Staniford, V. Paxson and N. Weaver, "How to own the Internet in your spare time," In proceedings of USENIX Security Symposium, August 2002.
[3]N. Weaver, V. Paxson, S. Staniford and R. Cunningham, "A taxonomy of computer worms," In Proceedings of ACM CCS Workshop on Rapid Malcode (WORM), October 2003.
[4]D. Moore, V. Paxson, S. Savage, C. Shannon, S. Staniford and N. Weaver, "Inside the Slammer worm," IEEE Magazine on Security and Privacy,1(4), July 2003.
[5]D. Moore, C. Shannon and J. Brown, "Code-Red:a case study on the spread and victims of an Internet worm," In Proceedings of the second ACM SIGCOMM Workshop on Internet Measurement, November 2002.
[6]CERT, http://www.cert.org/advisories/CA-2003-20.html. available online 14/09/2012.
[7]Wikipedia, http://en.wikipedia.org/wiki/Sasser (computer worm"). available online 14/09/2012.
[8]CERT, http://www.cert.org/advisories/CA-2001-26.html. available online 14/09/2012.
[9]M. Bailey, E. Cooke, F. Jahanian, D. Watson and J. Nazario, "The Blaster Worm:Then and Now," in IEEE Security & Privacy. Vol.3,2005, pp.26-31.
[10]P. K. Manna, S. Chen and S. Ranka. "Inside the Permutation-Scanning Worms:Propagation Modeling and Analysis." IEEE/ACM Transaction on Networking, vol.18, no.3, JUNE 2010.
[11]Forbath, T., Kalaher, P. and O'Grady, "The Total Cost of Security Patch Management," Wipro Report, Wipro Technologies, Bangalore, India,2005.
[12]D. Schneider, "Fresh phish," IEEE Spectr.,45, pp.34-38,2008.
[13]R. Anderson and R. May, "Infectious Diseases of Humans:Dynamics and Control," Oxford University Press, Oxford,1991.
[14]H. Andersson and T. Britton, "Stochastic Epidemic Models and their Statistical Analysis," Springer, NewYork,2000.
[15]T. Bailey, "The Mathematical Theory of Infectious Diseases and its Application," Hafher Press, NewYork,1975.
[16]S. Staniford, V. Paxson and N. Weaver, "How to Own the Internet in Your Spare Time," in Proeedings of the 11th USENTX Security Symp. (Security'02), San Francisco, CA, USA, August 5-9, pp.149-167. USENTX Association, Berkeley.
[17]C. Frauenthal, "Mathematical Models in Epidemiology," Springer, NewYork,1980.
[18]J. Kim, S. Radhakrishnan and S. Dhall, "Measurement and Analysis of Worm Propagation on Internet Network Topology," In Proceedings of the 13th Int. Conf. Computer Communications and Networks (ICCCN'04), Chicago, USA, pp.495-500,2004.
[19]C. Zou, W.Gong and D. Towsley, "Code Red Worm Propagation Modeling and Analysis," in Proceedings of the 9th ACM Conf. Computer and Communications Security (CCS'02), Washington, DC, USA, November 17-21, pp.138-147,2002.
[20]C. Zou, D. Towsley, and W. Gong, "Modeling and simulation study of the propagation and defense of internet email worms," IEEE Transaction on Dependable and Secure Computing, 4, pp.105-118,2007.
[21]C. Wang, C. Knight and C. Elder, "On Computer Viral Infection and the Effect of Immunization," in the 16th Annual Computer Security Applications Conf. (ACSAC'00), New Orleans, LA, pp.246-256,2000.
[22]X. Fan, and Y. Xiang, "Modeling the propagation of peer-to-peer worms," Future Generation Computer System,26, pp.1433-1443,2010.
[23]D. Moore, C. Shannon and J. Brown, "Code-Red:A Case Study on the Spread and Victims of an Internet Worm," in Proceedings of the 2nd ACM SIGCOMMWorkshop on Internet Measurement, Marseille, France, pp.273-284,2002.
[24]D. Moore, "The spread of the Code-Red Worm (CRv2)," CAIDA analysis. http://www.caida.org/analysis/security/codered/coderedv2 analysis.xml. available 2011.
[25]CAIDA. CAIDA analysis of code-red, http://www.caida.org/analysis/security/code-red/. (12 August 2011, date online accessed).
[26]C. Zou, D. Towsley and W. Gong, "On the performance of internet worm scanning strategies," Performance Evaluation,63, pp.700-723,2006.
[27]K. Rohloff and T. Basar, "Stochastic Behavior of Random Constant Scanning Worms," in Proceedings of the 14th International Conerence on Computer Communications and Networks (ICCCN'05), San Diego, CA, USA, pp.339-344,2005.
[28]S.Sellke B. Shroff and S. Bagchi, "Modeling and Automated Containment of Worms," in Proceedings of the International Conerence on Dependable Systems and Networks, Yokohama, Japan, pp.528-537,2005.
[29]Z. Chen, L. Gao and K. Kwiat, "Modeling the Spread of Active Worms," in the 22th Annual Joint Conf. IEEE Computer and Communications (INFOCOM'03), San Franciso, CA, USA, pp.1890-1900,2003.
[30]J. Horng, Y. Su, H. Chen, W. Kao, J. Chen, L. Lai and D. Perkasa, "A novel intrusion detection system based on hierarchical clustering and support vector machines," Expert System Application,38, pp.306-313,2011.
[31]M. Bailey, E. Cooke, F. Jahanian, D. Watson and J. Nazario, "The blaster worm:then and now. IEEE Security and Privacy," 3, pp.26-31,2005.
[32]C. Zou, W. Gong and D. Towsley, "Worm Propagation Modeling and Analysis under Dynamic Quarantine Defense," in the Proceedings of ACM Workshop on Rapid Malcode (WORM'03), Washington, DC, USA, pp.51-60,2005.
[33]C. Zou, W. Gong, D. Towsley and L. Gao, "The monitoring and early detection of Internet worms," IEEE/ACM Transaction on Networking,13, pp.961-974,2005.
[34]D. Moore, V. Paxson, S. Savage, C. Shannon, S. Staniford and N. Weaver, "Inside the SlammerWorm," IEEE Security and Privacy,1, pp.33-39,2003.
[35]J. Wu, S. Vangala, L. Gao and K. Kwiat, "An Efficient Architecture and Algorithm for Detecting Worms with Various Scan Techniques," in Proceedings of the 11th Annual Network and Distributed System Security Symposium (NDSS'04), USA, pp.143-156,2004.
[36]M. Fossi and J. Blackbird, "Symantec Internet Security Threat Report 2010," Symantec Corporation, Technical Report, March,2011.
[37]D. Moore, V. Paxson, S. Savage, C. Shannon, S. Staniford, and N. Weaver, "The Spread of the Sapphire/Slammer Worm", Technical Report, CAIDA, Jan 2003.
[38]H. Ebel, L. Mielsch, S. Bornholdt, "Scale-free topology of e-mail networks," Physical Review E,66,2002.
[39]A. Mislove, M. Marcon, K. P. Gummadi, P. Druschel, B. Bhattacharjee, "Measurement and analysis of online social networks," in the Proceedings of the 7th ACM SIGCOMM Conference on Internet measurement, (IMC'07), New York, NY, USA,2007.
[40]R. Pastor-Satorras and A. Vespignani, "Epidemic spreading in scale-free networks," Physical Review Letter,86, pp.3200-3203,2001.
[41]Y. Moreno, J. B. Gomez and A. F. Pacheco, "Epidemic incidence in correlated complex networks," Physical Review E,68,2003.
[42]Y. Moreno, R. Pastor-Satorras, A. Vespignani, "Epidemic outbreaks in complex heterogeneous networks," European Physical J. B,26, pp.521-529,2002.
[43]M. Boguna, R. Pastor-Satorras and A. Vespignani, "Epidemic spreading in complex networks with degree correlations," Lecture Notes in Physics:Statistical Mechanics of Complex Networks, pp.127-147,2003.
[44]R. Thommes, M. Coates, "Epidemiological modeling of peer-to-peer viruses and pollution," in Proceedings of the 25th IEEE International Conference on Computer Communication (Infocom'06). pp.1-12,2006.
[45]D. Chakrabarti, J. Leskovec, C. Faloutsos, S. Madden, C. Guestrin, M. Faloutsos, "Information survival threshold in sensor and p2p networks," in Proceedings of the 26th IEEE International Conference on Computer Communication (Infocom '07), pp.1316-1324,2007.
[46]A. Ganesh, L. Massoulie, D. Towsley, "The effect of network topology on the spread of epidemics," in Proceedings of the 24th IEEE International Conference on Compuer Communication, (Infocom '05), pp.1455-1466,2005.
[47]Y. Wang, D. Chakrabarti, C. Wang, C. Faloutsos, "Epidemic spreading in real networks:an eigenvalue viewpoint," in Proceedings of the IEEE Symposium on Reliable Distributed Systems, pp.25-34,2003.
[48]Z. Chen, C. Ji, "Spatial-temporal modeling of malware propagation in networks," IEEE Transactions on Neural Networks,16, pp.1291-1303,2005.
[49]G Yan, G Chen, S. Eidenbenz, N. Li, "Malware propagation in online social networks:nature, dynamics, and defense implications," in Proceedings of the 6th ACM Symposium on Information Computer Communication and Security, (ASIACCS'11), New York, USA,2011.
[50]W. Fan, K. Yeung, "Online social networks paradise of computer viruses," Physics. A: Statistical Mechanics and its Applications, pp.189-197,2011.
[51]S.M. Cheng, W. Ao, P.Y. Chen, K.C. Chen, "On Modeling malware Propagation in Generalized Social Networks," IEEE Communication Letters,15, pp.25-27,2011.
[52]Y.Y. Ahn, S. Han, H. Kwak, S. Moon, H. Jeong, "Analysis of Topological Characteristics of Huge Online Social Networking Services," in Proceedings of the ACM International Conference on World Wide Web, (WWW'07), Banff, Alberta, Canada,2007.
[53]Y. Wang, S. Wen, S. Cesare, W. Zhou, Y. Xiang, "Eliminating errors in worm propagation models," IEEE Communication Letters,15, pp.1022-1024,2011.
[54]BrightKite Social Network, http://www.brightkite.com.
[55]M.E.J Newman, S. Forrest, J. Balthrop, "Email Networks and the Spread of Computer Viruses," Physics Review E,66,2002.
[56]S. Karlin and H. Taylor, "A First Course in Stochastic Processes 2nd Edition". Elsevier, March 1975.
[57]T. Bu and D. Towsley, "On Distinguishing between Internet Power-law Topology Generators," in Proceedings of the 21th IEEE International Conference on Computer Communication, (Infocom'02), pp.638-647,2002.
[58]Y. Xiang, X. Fan and W. Zhu, "Propagation of Active Worms:A Survey," International Journal of Computer System Science & Engineering,24, pp.157-172,2009.
[59]S. Wen, "Topology Generator and Propagation Simulator of Social Network Worms," http://www.deakin.edu.au/~wshen g/propagation.html,2011.
[60]G Yan, H.D. Flores, L. Cuellar, N. Hengartner, S. Eidenbenz and V. Vu, "Bluetooth Worm Propagation:Mobility Pattern Matters," in Proceedings of the 2nd ACM Symposium on Information Computer Communication and Security, (ASIACCS'07), New York, USA,2007.
[61]G Yan and S. Eidenbenz, "Modeling Propagation Dynamics of Bluetooth Worms (Extended Version)," IEEE Transaction on Mobile Computing,8, pp.353-367,2009.
[62]C. Gao, J. Liu and N. Zhong, "Network Immunization and Virus Propagation in Email Networks:Experimental Evaluation and Analysis," Knowledge Information System,27, pp. 253-279,2011.
[63]G Eschelbeck, "The Laws of Vulnerabilities," BlackHat Conference, Qualys Inc., Technical Report, Japan,2004.
[64]M. C. Calzarossa, E. Gelenbe, "Performance Tools and Applications to Networked Systems: Revised Tutorial Lectures," Lecture Notes in Computer Science, Springer-Verlag New York, Inc., Secaucus, NJ, USA,2004.
[65]S. Wen, W. Zhou, Y. Wang, W.L. Zhou and Y. Xiang, "Locating Defense Positions for Thwarting the Propagation of Topological Worms," IEEE Communication Letters, vol.16, no. 4, pp.560-563,2012.
[66]M. Newman, "A measure of betweenness centrality based on random walks," Social Networks,27, pp.39-54,2005.
[67]J. Xiong, "ACT:Attachment Chain Tracing Scheme for Email Virus Detection and Control," in Proceedings of The 2nd ACM Workshop on Rapid Malcode (Worm'04), Washington, DC, USA, Oct.2004.
[68]CERT, Advisory CA-1999-04, Melissa Macro Virus, http://www.cert.org/advisories/CA-1999-04.html,2012.
[69]CERT, Advisory CA-2000-04, Love Letter Worm, http://www. cert.org/advisories/CA-2000-04.html,2012.
[70]C. Wong, S. Bielski, J.M. McCune and C. Wang, "A Study of Mass-mailing Worms," in Proceedings of the 2nd ACM Workshop on Rapid Malcode (Worm'04), Washington, DC, USA, Oct.2004.
[71]G. Serazzi and S. Zanero, "Computer Virus Propagation Models," in Proceedings of the 11th IEEE/ACM International Conference on Modeling, Analysis and Simulation of Computer and Telecommun. System, Orlando, USA, Oct.2003.
[72]B. Rozenberg, E. Gudes and Y. Elovici, "SISR:A New Model for Epidemic Spreading of Electronic Threats," Lecture Notes in Computer Science, vol.5735, pp.242-249,2009.
[73]C.C. Zou, "Internet Email Worm Propagation Simulator," http://www.cs.ucf.edu/-czou/research/emailWormSimulation.html.2005.
[74]D. Moore and C. Shannon, "The Nyxem Email Virus:Analysis and Inferences," Technical Report, CAIDA, Feb.2006.
[75]S. Wen, "Topology Generator and Propagation Simulator of Modern Email Malware," http://www.deakin.edu.au/~wsheng/emailpropagation.html,2012.
[76]A. Mislove, M. Marcon, K. P. Gummadi, P. Druschel, B. Bhattacharjee, "Measurement and analysis of online social networks," in:Proceedings of the 7th ACM SIGCOMM conference on Internet measurement, IMC'07, New York, NY, USA,2007.
[77]M. Kitsak, L. K. Gallos, S. Havlin, F. Liljeros, L. Muchnik, H. E. Stanley and H. A. makes, "Identification of influential spreaders in complex networks," Nature Physics, vol.6, November 2010.
[78]P. V. Mieghem, J. Omic and R. Kooij, "Virus Spread in Networks," IEEE/ACM Transaction on Networking, vol.17, No.1, February 2009.
[79]D. Chakrabarti, Y. Wang, C. Wang, J. Leskovec and C. Faloutsos, "Epidemic Thresholds in Real Networks," ACM Transaction on Information and System Security, vol.10, No.4, January 2008.
[80]Y. Y. Liu, J. J. Slotine and A. L. Barabasi, "Controllability of Complex Networks," Nature, vol.473, May 2011.
[81]T. Nepusz and T. Vicsek, "Controlling Edge Dynamics in Complex Networks," Nature Physics, vol.8, July 2012.
[82]J.O. Kephart, D. M. Chess and S.R White, "Computers and Epidemiology," IEEE Spectrum, 30(5), May 1993.
[83]M. Vojnovic and A. J. Ganesh, "On the Race of Worms, Alerts and Patches," IEEE/ACM Transaction on Networking, vol.16, No.5, October 2008.
[84]M. Vojnovic, V. Gupta, T. karagiannis and C. Gkantsidis, "Sampling Strategies for Epidemic-Style Information Dissemination," IEEE/ACM Transactions on Networking, vol. 18, No.4, August 2010.
[85]Gamespy. Gamespy arcade, http://www.gamespyarcade.com.Available online,2012.
[86]Valve Software. Half Life, http://www.half-life.com.
[87]D. J. Daley and J. Gani, "Epidemic Modelling:An Introduction," Cambridge:Cambriage University Press,1999.
[88]D. Moore, C. Shannon, GM. Voelker and S. Savage, "Internet Quarantine:requirements for Containing Self-Propagating Code," in Proceedings of the 22nd IEEE International Conference on Computer Communication, (Infocom'03), pp.1901-1910, San Francisco, USA,2003.
[89]K. G Anagnostakis, M. Greenwald, S. Ioannidis and A. Keromytis, "Robust reactions to Potential Day-Zero Worms Through Cooperation and Validation," in Proceedings of the 9th International conference on Information Security (ISC'06), Berlin, pp.427-442,2006.
[90]C. Cowan, C. Pu, D. Maier, J. Walpole, P. Bakke, S. Beattie, A. Grier, "P. Wagle, Q. Zhang, and H. Hinton, "StackGuard:Automatic Adaptive Detection and Prevention of Buffer-Overflow Attacks," in Proceedings of the 7th USENIX Security Conference, San Antonio, Texas, pp.63-78, Jan.1998.
[91]D. Wagner, J. S. Foster, E. A. Brewer, and A. Aiken, "A First Step towards Automated Detection of Buffer Overrun Vulnerabilities," in Proceedings of the Network and Distributed System Security Symposium, San Diego, CA, pp.3-17, Feb.2000.
[92]G C. Necula, "Proof-Carrying Code," in Proceedings of the 24th ACM Sigplan-Sigact Symposium on Principles of Programming Languages (POPL'97), Paris, France, pp. 106-119,Jan.1997.
[93]A. Somayaji, S. Hofmeyr, and S. Forrest, "Principles of a Computer Immune System," in New Security Paradigms Workshop, pp.75-82, Sept.1997.
[94]Symantec, "Symantec Security Response," http://securityresponse.symantec.com/.
[95]Microsoft Corporation, "Microsoft windows update," http://windowsupdate.microsoft.com.
[96]P. Li, M. Salour and X. Su, "A Survey of Internet Worm Detection and Containment," IEEE Communications Survey and Tutorials, vol.10, No.1,1st Quarter 2008.
[97]D. Dagon, C. Zou and W. Lee, "Modeling Botnet Propagation Using Time Zones," in Proceedings of the 13th Annual Network and Distributed System Security Symposium (NDSS'06), USA,2006.
[98]Z. Chen, C. Ji, "An Information-Theoretic View of Network-Aware Malware Attacks," IEEE Transactions on Information Forensics and Security, vol.4, No.3, Sept.2009.
[99]Z. Chen, C. Chen and C. Ji, "Understanding Localized-Scanning Worms," in Proceedings of 26th IEEE International Performance Computing and Communications (IPCCC'2007), pp. 186-193,2007.
[100]R. Pastor-Satorras, "Epidemic Dynamics in Finite Size Scale-free Networks," Physical Review E, vol.65, pp.1-4,2002.
[101]Z. dezso and A. Barabasi, "Halting Viruses in Scale-free Networks," Physical Review E, vol. 65,pp.103-107,2002.
[102]A. Ganesh, D. Gunawardena, P. Key, L. Massoulie and J. Scott, "Efficient Quarantining of Scanning Worms:Optimal Detection and Coordination," in Proceedings of the 25th IEEE International Conference on Computer Communication (Infocom '06). pp.222-236,2006.
[103]G Yan, L. Cuellar, S. Eidenbenz, H. D. Flores, N. hengartner and V. Vu, "Bluetooth Worm Propagation:Mobility Pattern Matter," in Proceedings of the 2nd ACM Symposium on Information, Computer and Communications Security (ASIACCS'07), pp.32-45, Singapore, March,2007.
[104]Y. Tang and S. Chen, "An Automated Signature-based Approach against Polymorphic Internet Worms," IEEE Transactions on Parallel and Distributed Systems, pp.879-893, vol. 18, No.7, July 2007.
[105]K. R. Rohloff and T. Basar, "deterministic and Stochastic Models for the Detection of Random Constant Scanning Worms," ACM Transaction on Modeling and Computer Simulation, vol.18, No.2, article 8, April 2008.
[106]B. Stephenson and B. Sikdar, "A Quasi-species Model for the Propagation and Containment of Polymorphic Worms," IEEE Transaction on Computers, vol.58, No.9, pp.1289-1297, Sept.2009.
[107]L. Wang, Z. Li, Y. Chen, Z. Fu and X. Li, "Thwarting Zero-day Polymorphic Worms With Network-level length-Based Signature Generation," IEEE/ACM Transactions on Networking, vol.18, No.1, Feb.2010.
[108]W. Yu, X. Wang, P. Calyam, D. Xuan and W. Zhao, "Modeling and Detection of Camouflaging Worm," IEEE Transactions on Dependable and Secure Computing, vol.8, No. 3, pp.377-391, May 2011.
[109]C. Anagnostopoulos, S. Hadjiefthymiades and E. Zervas, "Information Dissemination Between Mobile Nodes for Collaborative Context Awareness," IEEE Transactions on Mobile Computing, vol.10, No.12, December 2011.
[110]N. Nikiforakis, L. Invernizzi, A. Kapravelos, S. V. Acker, W. Joosen, C. Kruegel, F. Piessens and G Vigna, "You Are What You Include:large-scale Evaluation of Remote javascript Inclusions," in proceedings of ACM Computer Communication Security (CCS'12), Raleigh, North Carolina, USA, October,2012.
[111]L. Invernizzi, P. M. Comparetti, S. benvenuti, C. Kruegel, M. Cova and G Vigna, "Evilseed: A Guided Approach to Finding Malicious Web pages," IEEE Symposium on Security and Privacy, Luca Invernizzi, May,2012.
[112]M. Cova, C. Kruegel, and G Vigna, "Detection and Analysis of Drive-by-Download Attacks and Malicious JavaScript Code," in International World Wide Web Conference (WWW), USA,2010.
[113]M. Polychronakis, P. Mavrommatis, and N. Provos, "Ghost Turns Zombie:Exploring the Life Cycle of Web-based Malware," in USENIX Workshop on Large-Scale Exploits and Emergent Threats,2008.
[114]P. Likarish, E. Jung, and I. Jo, "Obfuscated Malicious Javascript Detection using Classification Techniques," in Proceedings of the Conference on Malicious and Unwanted Software (Malware,09),2009.
[115]M. Cova, C. Leita, O. Thonnard, A. Keromytis, and M. Dacier, "An Analysis of Rogue AV Campaigns," in Proceedings of the Symposium on Recent Advances in Intrusion Detection (RAID),2010.
[116]CAIDA, http://www.caida.org. Available online. Access in 20/10/2012.