Title page for ETD etd-11102007-155500

Type of Document Dissertation
Author Abdelhafez, Mohamed Abdelfattah
Author's Email Address mohamed.hafez@ece.gatech.edu
URN etd-11102007-155500
Title MODELING AND SIMULATIONS OF WORMS AND MITIGATION TECHNIQUES
Degree Doctor of Philosophy
Department Electrical and Computer Engineering
Advisory Committee
Advisor Name Title
Riley, George Committee Chair
Cole, Robert Committee Member
Copeland, John Committee Member
Owen, Henry Committee Member
Wardi, Yorai Committee Member
Keywords
  • Mobile Ad-hoc Network
  • Modeling
  • Simulations
  • Worms
  • Mitigation Techniques
  • Networking
  • Network Security
  • MANET
Date of Defense 2007-11-08
Availability unrestricted
Abstract
Internet worm attacks have become increasingly more frequent and have had a major impact on the economy, making the detection and prevention of these attacks a top security concern. Several counter–measures have been proposed and evaluated in recent literature. However, the e ect of these proposed defensive mechanisms on legitimate competing traffic has not been analyzed.

The first contribution of this thesis is a comparative analysis of the effectiveness of

several of these proposed mechanisms, including a measure of their effect on normal web browsing activities. In addition, we introduce a new defensive approach that can easily be implemented on existing hosts, and which significantly reduces the rate of spread of worms

using TCP connections to perform the infiltration. Our approach has no measurable effect on legitimate traffic.

The second contribution is presenting a variant of the flash worm that we term Compact Flash or CFlash that is capable of spreading even faster than its predecessor. We perform a comparative study between the flash worm and the CFlash worm using a full-detail packet-level simulator, and the results show the increase in propagation rate of the new worm given the same set of parameters.

The third contribution is the study of the behavior of TCP based worms in MANETs. We develop an analytical model for the worm spread of TCP worms in the MANETs environment that accounts for payload–size, bandwidth–sharing, radio range, nodal density and several other parameters specific for MANET topologies. We also present numerical solutions for the model and verify the results using packet–level simulations. The results show that the analytical model developed here matches the results of the packet–level simulation in most cases.
Files
  Filename       Size       Approximate Download Time (Hours:Minutes:Seconds) 
 
 28.8 Modem   56K Modem   ISDN (64 Kb)   ISDN (128 Kb)   Higher-speed Access 
  abdelhafez_mohamed_a_200712_phd.pdf 810.48 Kb 00:03:45 00:01:55 00:01:41 00:00:50 00:00:04
Browse All Available ETDs by ( Author | Department )
Send Email to the ETD Team
Page Updated: June 11, 2003