[转载]Learning Worm Using Importance Scanning

信息来源：http://users.ece.gatech.edu/~zchen/

In this paper, we design a self-learning worm using importance scanning. An optimal yet practical importancescanning strategy is derived based on a new metric. A selflearning worm is demonstrated to have the ability to accurately estimate the underlying vulnerable-host distribution if a sufficient number of infected hosts are observed. Experimental results based on parameters chosen from Code Red show that after accurately estimating the distribution of vulnerable hosts, a self-learning worm can spread much faster than a random-scanning worm, a permutation-scanning worm, and a Class A routing worm. Some guidelines for detecting and defending against such self-learning worms are also discussed.