Abstract | Recently, an interest has arisen for network worms that propagate using Domain Name Servers (DNS) in order to discover victim hosts.These worms generate random strings, as possible network domain names, and then query Domain Name Servers in order to discover the corresponding IP addresses. In this paper we present models for the dynamics of the co-evolution of worm agents in the presence of anti-worm agents that move in the network in order to stop worm propagation. The proposed models consider anti-worm agents who know the network and anti-worm agents that do not know it and need to issue queries in order to discover valid IP addresses. We,further, introduce "honeypot'' domain name servers that attempt to lure worms, introducing only a delay and providing no answer.We show that by simply delaying the response to DNS queries issued by the worm has little positive effect on the worms propagation. |