Recent worm epidemics have proven beyond any doubt that the existing centralized worm containment mechanisms are no longer adequate to protect vulnerable systems, resulting in a shift towards distributed cooperative mechanisms that aim to safeguard and immunize the susceptible population. We are presenting PROMIS, a P2P based algorithm that provides its participants with early information regarding the existence of a worm epidemic and allows them to automatically adjust their security level. Our argument is that our approach is based on the principles of hygiene: taking the basic precautions to avoid infection when an epidemic is on the rise and no cure is available.

We discuss the early insertion of formal analyses in distributed malware defense evaluation, and provide an example method for applying an executable rewriting logic specification to drive both simulation and property validation of a collaborative group-based worm defense. An important aspect of the algorithm under consideration is its distributed and probabilistic nature, which makes the defense system harder to attack but unfortunately also complicates the ability of designers to fully understand its behavioral properties. We demonstrate one approach to formally analyze our case study worm defense algorithm, employing tools that facilitate both statistical simulation and property validation. Our approach is posed as complementary to the current practice of informal design specification and evaluation through network simulation. 1