We investigate the behavior of {\it Lumbriculus variegatus} in circular and polygonal chambers and show that the worms align with the boundaries as they move forward and then become dynamically trapped at the concave corners over prolonged periods. We model the worm as a self-propelled rod and derive analytical expressions for the evolution of its orientation when it encounters the flat and the circular boundaries of the chamber. By further incorporating translational and rotational diffusion, arising due to the undulatory and peristaltic body strokes, we demonstrate through numerical simulations that the self-propelled rod model can capture both the boundary aligning and the corner trapping behavior of the worm. The Péclet number $Pe$, representing the ratio of forward propulsion to rotational diffusion, is found to characterize the boundary alignment dynamics and trapping time distribution of the worm. Simulations show that the angle of the worm's body with the boundary while entering a concave corner plays a key role in determining the trapping time, with shallow angles leading to faster escapes. Our study demonstrates that directed motion combined with limited angular diffusion
Write Once Read Many (WORM) properties for storage devices are desirable to ensure data immutability for applications such as secure logging, regulatory compliance, archival storage, and other types of backup systems. WORM devices guarantee that data, once written, cannot be altered or deleted. However, implementing secure and compatible WORM storage remains a challenge. Traditional solutions often rely on specialized hardware, which is either costly, closed, or inaccessible to the general public. Distributed approaches, while promising, introduce additional risks such as denial-of-service vulnerabilities and operational complexity. We introduce Socarrat, a novel, cost-effective, and local WORM storage solution that leverages a simple external USB device (specifically, a single-board computer running Linux with USB On-The-Go support). The resulting device can be connected via USB, appearing as an ordinary external disk formatted with an ext4 or exFAT file system, without requiring any specialized software or drivers. By isolating the WORM enforcement mechanism in a dedicated USB hardware module, Socarrat significantly reduces the attack surface and ensures that even privileged atta
We propose a new decoder for "matchable'' qLDPC codes that uses a Markov Chain Monte Carlo algorithm - called the worm algorithm - to approximately compute the probabilities of logical error classes given a syndrome. The algorithm hence performs (approximate) optimal decoding, and we expect it to be computationally efficient in certain settings. The algorithm is applicable to decoding random errors for the surface code, the honeycomb Floquet code, and hyperbolic surface codes with constant rate, in all cases with and without measurement errors. The efficiency of the decoder hinges on the mixing time of the underlying Markov chain. We give a rigorous mixing time guarantee in terms of a quantity that we call the defect susceptibility. We connect this quantity to the notion of disorder operators in statistical mechanics and use this to argue (non-rigorously) that the algorithm is efficient for typical errors in the entire decodable phase. We also demonstrate the effectiveness of the worm decoder numerically by applying it to the surface code with measurement errors as well as a family of hyperbolic surface codes. For most codes, the matchability condition restricts direct application
Encounter-based network is a frequently-disconnected wireless ad-hoc network requiring immediate neighbors to store and forward aggregated data for information disseminations. Using traditional approaches such as gateways or firewalls for deterring worm propagation in encounter-based networks is inappropriate. We propose the worm interaction approach that relies upon automated beneficial worm generation aiming to alleviate problems of worm propagations in such networks. To understand the dynamic of worm interactions and its performance, we mathematically model worm interactions based on major worm interaction factors including worm interaction types, network characteristics, and node characteristics using ordinary differential equations and analyze their effects on our proposed metrics. We validate our proposed model using extensive synthetic and trace-driven simulations. We find that, all worm interaction factors significantly affect the pattern of worm propagations. For example, immunization linearly decreases the infection of susceptible nodes while on-off behavior only impacts the duration of infection. Using realistic mobile network measurements, we find that encounters are bu
Nonreversible Markov chains can outperform reversible chains in the Markov chain Monte Carlo method. Lifting is a versatile approach to introducing net stochastic flow in state space and constructing a nonreversible Markov chain. We present here an application of the lifting technique to the directed-worm algorithm. The transition probability of the worm update is optimized using the geometric allocation approach; the worm backscattering probability is minimized, and the stochastic flow breaking the detailed balance is maximized. We demonstrate the performance improvement over the previous worm and cluster algorithms for the four-dimensional hypercubic lattice Ising model. The sampling efficiency of the present algorithm is approximately 80, 5, and 1.7 times as high as those of the standard worm algorithm, the Wolff cluster algorithm, and the previous lifted worm algorithm, respectively. We estimate the dynamic critical exponent of the hypercubic lattice Ising model to be $z \approx 0$ in the worm and the Wolff cluster updates. The lifted version of the directed-worm algorithm can be applied to a variety of quantum systems as well as classical systems.
The Lottery Ticket hypothesis proposes that ideal, sparse subnetworks, called lottery tickets, exist in untrained dense neural networks. The Early Bird hypothesis proposes an efficient algorithm to find these winning lottery tickets in convolutional neural networks, using the novel concept of distance between subnetworks to detect convergence in the subnetworks of a model. However, this approach overlooks unchanging groups of unimportant neurons near the search's end. We proposes WORM, a method that exploits these static groups by truncating their gradients, forcing the model to rely on other neurons. Experiments show WORM achieves faster ticket identification during training on convolutional neural networks, despite the additional computational overhead, when compared to EarlyBird search. Additionally, WORM-pruned models lose less accuracy during pruning and recover accuracy faster, improving the robustness of a given model. Furthermore, WORM is also able to generalize the Early Bird hypothesis reasonably well to larger models, such as transformers, displaying its flexibility to adapt to more complex architectures.
In this paper, we show that when the communication between GenAI-powered applications relies on RAG-based inference, an attacker can initiate a computer worm-like chain reaction that we call Morris-II. This is done by crafting an adversarial self-replicating prompt that triggers a cascade of indirect prompt injections within the ecosystem and forces each affected application to perform malicious actions and compromise the RAG of additional applications. We evaluate the performance of the worm in creating a chain of confidential user data extraction within a GenAI ecosystem of GenAI-powered email assistants and analyze how the performance of the worm is affected by the size of the context, the adversarial self-replicating prompt used, the type and size of the embedding algorithm employed, and the number of hops in the propagation. Finally, we introduce the Virtual Donkey, a guardrail intended to detect and prevent the propagation of Morris-II with minimal latency, high accuracy, and a low false-positive rate. We evaluate the guardrail's performance and show that it yields a perfect true-positive rate of 1.0 with a false-positive rate of 0.015, and is robust against out-of-distributi
The Diederich-Fornæss worm domain, an important example of a smoothly bounded pseudoconvex domain without a Stein neighborhood basis, provides key counterexamples in the theory of Several Complex Variables. In this paper, we examine its automorphism group and observe that its boundary is locally spherical everywhere except at the exceptional locus and the caps.
Many types of organisms utilize group aggregation as a method for survival. The freshwater oligochaete, California blackworms Lumbriculus variegatus form tightly entangled structures, or worm "blobs", that have adapted to survive in extremely low levels of dissolved oxygen (DO). Individual blackworms adapt to hypoxic environments through respiration via their mucous body wall and posterior ciliated hindgut, which they wave above them. However, the change in collective behavior at different levels of DO is not known. Using a closed-loop respirometer with flow, we discover that the relative tail reaching activity flux in low DO is $\sim$75x higher than in the high DO condition. Additionally, when flow rate is increased to suspend the worm blobs upward, we find that the average exposed surface area of a blob in low DO is $\sim$1.4x higher than in high DO. Furthermore, we observe emergent properties that arise when a worm blob is exposed to extreme DO levels. Here we show that internal stress is generated when worm blobs are exposed to high DO levels, allowing them to be physically lifted off from the bottom of a conical container using a serrated endpiece. Our results demonstrate how
We construct new $3$-dimensional variants of the classical Diederich-Fornaess worm domain. We show that they are smoothly bounded, pseudoconvex, and have nontrivial Nebenhülle. We also show that their Bergman projections do not preserve the Sobolev space for sufficiently large Sobolev indices.
Wireless sensor networks (WSNs) are composed of spatially distributed sensors and are considered vulnerable to attacks by worms and their variants. Due to the distinct strategies of worms propagation, the dynamic behavior varies depending on the different features of the sensors. Modeling the spread of worms can help us understand the worm attack behaviors and analyze the propagation procedure. In this paper, we design a communication model under various worms. We aim to learn our proposed model to analytically derive the dynamics of competitive worms propagation. We develop a new searching space combined with complex neural network models. Furthermore, the experiment results verified our analysis and demonstrated the performance of our proposed learning algorithms.
Internet worm attacks pose a significant threat to network security and management. In this work, we coin the term Internet worm tomography as inferring the characteristics of Internet worms from the observations of Darknet or network telescopes that monitor a routable but unused IP address space. Under the framework of Internet worm tomography, we attempt to infer Internet worm temporal behaviors, i.e., the host infection time and the worm infection sequence, and thus pinpoint patient zero or initially infected hosts. Specifically, we introduce statistical estimation techniques and propose method of moments, maximum likelihood, and linear regression estimators. We show analytically and empirically that our proposed estimators can better infer worm temporal characteristics than a naive estimator that has been used in the previous work. We also demonstrate that our estimators can be applied to worms using different scanning strategies such as random scanning and localized scanning.
An encounter-based network is a frequently disconnected wireless ad-hoc network requiring nearby neighbors to store and forward data utilizing mobility and encounters over time. Using traditional approaches such as gateways or firewalls for deterring worm propagation in encounter-based networks is inappropriate. Because this type of network is highly dynamic and has no specific boundary, a distributed counter-worm mechanism is needed. We propose models for the worm interaction approach that relies upon automated beneficial worm generation to alleviate problems of worm propagation in such networks. We study and analyze the impact of key mobile node characteristics including node cooperation, immunization, on-off behavior on the worm propagations and interactions. We validate our proposed model using extensive simulations. We also find that, in addition to immunization, cooperation can reduce the level of worm infection. Furthermore, on-off behavior linearly impacts only timing aspect but not the overall infection. Using realistic mobile network measurements, we find that encounters are non-uniform, the trends are consistent with the model but the magnitudes are drastically different
In this paper, we relate Viterbo's conjecture from symplectic geometry to Minkowski versions of worm problems which are inspired by the well-known Moser worm problem from geometry. For the special case of Lagrangian products this relation provides a connection to systolic Minkowski billiard inequalities and Mahler's conjecture from convex geometry. Moreover, we use the above relation in order to transfer Viterbo's conjecture to a conjecture for the longstanding open Wetzel problem which also can be expressed as a systolic Euclidean billiard inequality and for which we discuss an algorithmic approach in order to find a new lower bound. Finally, we point out that the above mentioned relation between Viterbo's conjecture and Minkowski worm problems has a structural similarity to the known relationship between Bellmann's lost-in-a-forest problem and the original Moser worm problem.
The traditional worms such as Blaster, Code Red, Slammer and Sasser, are still infecting vulnerable machines on the internet. They will remain as significant threats due to their fast spreading nature on the internet. Various traditional worms attack pattern has been analyzed from various logs at different OSI layers such as victim logs, attacker logs and IDS alert log. These worms attack pattern can be abstracted to form worms' attack model which describes the process of worms' infection. For the purpose of this paper, only Blaster variants were used during the experiment. This paper proposes a multi-step worm attack model which can be extended into research areas in alert correlation and computer forensic investigation.
Internet worms have become a widespread threat to system and network operations. In order to fight them more efficiently, it is necessary to analyze newly discovered worms and attack patterns. This paper shows how techniques based on Kolmogorov Complexity can help in the analysis of internet worms and network traffic. Using compression, different species of worms can be clustered by type. This allows us to determine whether an unknown worm binary could in fact be a later version of an existing worm in an extremely simple, automated, manner. This may become a useful tool in the initial analysis of malicious binaries. Furthermore, compression can also be useful to distinguish different types of network traffic and can thus help to detect traffic anomalies: Certain anomalies may be detected by looking at the compressibility of a network session alone. We furthermore show how to use compression to detect malicious network sessions that are very similar to known intrusion attempts. This technique could become a useful tool to detect new variations of an attack and thus help to prevent IDS evasion. We provide two new plugins for Snort which demonstrate both approaches.
Internet worm infection continues to be one of top security threats and has been widely used by botnets to recruit new bots. In this work, we attempt to quantify the infection ability of individual hosts and reveal the key characteristics of the underlying topology formed by worm infection, i.e., the number of children and the generation of the worm infection family tree. Specifically, we first apply probabilistic modeling methods and a sequential growth model to analyze the infection tree of a wide class of worms. We analytically and empirically find that the number of children has asymptotically a geometric distribution with parameter 0.5. As a result, on average half of infected hosts never compromise any vulnerable host, over 98% of infected hosts have no more than five children, and a small portion of infected hosts have a large number of children. We also discover that the generation follows closely a Poisson distribution and the average path length of the worm infection family tree increases approximately logarithmically with the total number of infected hosts. Next, we empirically study the infection structure of localized-scanning worms and surprisingly find that most of t
Internet worms, which spread in computer networks without human mediation, pose a severe threat to computer systems today. The rate of propagation of worms has been measured to be extremely high and they can infect a large fraction of their potential hosts in a short time. We study two different methods of patch dissemination to combat the spread of worms. We first show that using a fixed number of patch servers performs woefully inadequately against Internet worms. We then show that by exploiting the exponential data dissemination capability of P2P systems, the spread of worms can be halted very effectively. We compare the two methods by using fluid models to compute two quantities of interest: the time taken to effectively combat the progress of the worm and the maximum number of infected hosts. We validate our models using Internet measurements and simulations.
Active Peer-to-Peer (P2P) worms present serious threats to the global Internet by exploiting popular P2P applications to perform rapid topological self-propagation. Active P2P worms pose more deadly threats than normal scanning worms because they do not exhibit easily detectable anomalies, thus many existing defenses are no longer effective. We propose an immunity system with Phagocytes --- a small subset of elected P2P hosts that are immune with high probability and specialized in finding and "eating" worms in the P2P overlay. The Phagocytes will monitor their managed P2P hosts' connection patterns and traffic volume in an attempt to detect active P2P worm attacks. Once detected, local isolation, alert propagation and software patching will take place for containment. The Phagocytes further provide the access control and filtering mechanisms for communication establishment between the internal P2P overlay and the external hosts. We design a novel adaptive and interaction-based computational puzzle scheme at the Phagocytes to restrain external worms attacking the P2P overlay, without influencing legitimate hosts' experiences significantly. We implement a prototype system, and evalu
The worm algorithm is a versatile technique in the Markov chain Monte Carlo method for both classical and quantum systems. The algorithm substantially alleviates critical slowing down and reduces the dynamic critical exponents of various classical systems. It is crucial to improve the algorithm and push the boundary of the Monte Carlo method for physical systems. We here propose a directed worm algorithm that significantly improves computational efficiency. We use the geometric allocation approach to optimize the worm scattering process: worm backscattering is averted, and forward scattering is favored. Our approach successfully enhances the diffusivity of the worm head (kink), which is evident in the probability distribution of the relative position of the two kinks. Performance improvement is demonstrated for the Ising model at the critical temperature by measurement of exponential autocorrelation times and asymptotic variances. The present worm update is approximately 25 times as efficient as the conventional worm update for the simple cubic lattice model. Surprisingly, our algorithm is even more efficient than the Wolff cluster algorithm, which is one of the best update algorit