Copyright © 2012 Yu Yao et al. This is an open access article distributed under the Creative Commons Attribution License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.

Abstract

Worms exploiting zero-day vulnerabilities have drawn significant attention owing to their enormous threats to the Internet. In general, users may immunize their computers with countermeasures in exposed and infectious state, which may take a period of time. Through theoretical analysis, time delay may lead to Hopf bifurcation phenomenon so that the worm propagation system will be unstable and uncontrollable. In view of the above factors, a quarantine strategy is thus proposed in the study. In real network, unknown worms and worm variants may lead to great risks, which misuse detection system fails to detect. However, anomaly detection is of help in detecting these kinds of worm. Consequently, our proposed quarantine strategy is built on the basis of anomaly intrusion detection system. Numerical experiments show that the quarantine strategy can diminish the infectious hosts sharply. In addition, the threshold is much larger after using our quarantine strategy, which implies that people have more time to remove worms so that the system is easier to be stable and controllable without Hopf bifurcation. Finally, simulation results match numerical ones well, which fully supports our analysis.