Abstract: Despite the recent surge of research in control of
worm propagation, currently, there is no effective defense system
against such cyber attacks. We first design a distributed detection
architecture called Detection via Distributed Blackholes (DDBH).
Our novel detection mechanism could be implemented via virtual
honeypots or honeynets. Simulation results show that a worm can be
detected with virtual honeypots on only 3% of the nodes. Moreover,
the worm is detected when less than 1.5% of the nodes are infected.
We then develop two control strategies: (1) optimal dynamic trafficblocking,
for which we determine the condition that guarantees
minimum number of removed nodes when the worm is contained and
(2) predictive dynamic traffic-blocking–a realistic deployment of
the optimal strategy on scale-free graphs. The predictive dynamic
traffic-blocking, coupled with the DDBH, ensures that more than
40% of the network is unaffected by the propagation at the time
when the worm is contained.