Exact Propagation Modeling of Permutation-Scanning Worms Parbati Kumar Manna Dr. Shigang Chen Dr. Sanjay Ranka University of Florida.

Slides:



Advertisements
Similar presentations
Fast Worm Propagation In IPv6 Networks Malware Project Presentation Jing Yang
Advertisements

Modeling Malware Spreading Dynamics Michele Garetto (Politecnico di Torino – Italy) Weibo Gong (University of Massachusetts – Amherst – MA) Don Towsley.
1 Routing Worm: A Fast, Selective Attack Worm based on IP Address Information Cliff C. Zou, Don Towsley, Weibo Gong, Songlin Cai Univ. Massachusetts, Amherst.
Parallel Programming Laboratory1 Fault Tolerance in Charm++ Sayantan Chakravorty.
Analysis of frequency counts with Chi square
Technical Advisor : Mr. Roni Stern Academic Advisor : Dr. Meir Kalech Team members :  Amit Ofer  Liron Katav Project Homepage :
 Population: N=100,000  Scan rate  = 4000/sec, Initially infected: I 0 =10  Monitored IP space 2 20, Monitoring interval:  = 1 second Infected hosts.
CSC1016 Coursework Clarification Derek Mortimer March 2010.
Modeling the spread of active worms Zesheng Chen, Lixin Gao, and Kevin Kwiat bearhsu - INFOCOM 2003.
Mobility Improves Coverage of Sensor Networks Benyuan Liu*, Peter Brass, Olivier Dousse, Philippe Nain, Don Towsley * Department of Computer Science University.
The Phoenix Recovery System: Rebuilding from the ashes of an Internet catastrophe Flavio Junqueira, Ranjita Bhagwan, Keith Marzullo, Stefan Savage, and.
Sérgio Pequito Phd Student
SAVE: Source Address Validity Enforcement Protocol Jun Li, Jelena Mirković, Mengqiu Wang, Peter Reiher and Lixia Zhang UCLA Computer Science Dept 10/04/2001.
Fault-tolerant Adaptive Divisible Load Scheduling Xuan Lin, Sumanth J. V. Acknowledge: a few slides of DLT are from Thomas Robertazzi ’ s presentation.
Analyzing Cooperative Containment Of Fast Scanning Worms Jayanthkumar Kannan Joint work with Lakshminarayanan Subramanian, Ion Stoica, Randy Katz.
Jan 6-10th, 2007VLSI Design A Reduced Complexity Algorithm for Minimizing N-Detect Tests Kalyana R. Kantipudi Vishwani D. Agrawal Department of Electrical.
Vigilante: End-to-End Containment of Internet Worms M. Costa et al. (MSR) SOSP 2005 Shimin Chen LBA Reading Group.
Modeling/Detecting the Spread of Active Worms Lixin Gao Dept. Of Electrical & Computer Engineering Univ. of Massachusetts
How to Own the Internet in your spare time Ashish Gupta Network Security April 2004.
Internet Quarantine: Requirements for Containing Self-Propagating Code David Moore et. al. University of California, San Diego.
FLANN Fast Library for Approximate Nearest Neighbors
Airline Schedule Optimization (Fleet Assignment II) Saba Neyshabouri.
MITACS-PINTS Prediction In Interacting Systems Project Leader : Michael Kouriztin.
1 Worm Modeling and Defense Cliff C. Zou, Don Towsley, Weibo Gong Univ. Massachusetts, Amherst.
MobSched: An Optimizable Scheduler for Mobile Cloud Computing S. SindiaS. GaoB. Black A.LimV. D. AgrawalP. Agrawal Auburn University, Auburn, AL 45 th.
Honeypots. Introduction A honeypot is a trap set to detect, deflect, or in some manner counteract attempts at unauthorized use of information systems.
Carleton University School of Computer Science Detecting Intra-enterprise Scanning Worms based on Address Resolution David Whyte, Paul van Oorschot, Evangelos.
Detection of ASCII Malware Parbati Kumar Manna Dr. Sanjay Ranka Dr. Shigang Chen.
A Taxonomy of Computer Worms Nicholas Weaver, Vern Paxson, Stuart Staniford, and Robert Cunningham ACM WORM 2003 Speaker: Chang Huan Wu 2008/8/8.
Structure Classifications &
Young Suk Moon Chair: Dr. Hans-Peter Bischof Reader: Dr. Gregor von Laszewski Observer: Dr. Minseok Kwon 1.
CIS 442- Chapter 3 Worms. Biological and computer worms Definition, main characteristics Differences from Viruses Bandwidth consumption and speed of propagation.
How to Own the Internet in Your Spare Time (Stuart Staniford Vern Paxson Nicholas Weaver ) Giannis Kapantaidakis University of Crete CS558.
Code Red Worm Propagation Modeling and Analysis Cliff Changchun Zou, Weibo Gong, Don Towsley Univ. Massachusetts, Amherst.
Detection Unknown Worms Using Randomness Check Computer and Communication Security Lab. Dept. of Computer Science and Engineering KOREA University Hyundo.
Modeling Worms: Two papers at Infocom 2003 Worms Programs that self propagate across the internet by exploiting the security flaws in widely used services.
ECO-DNS: Expected Consistency Optimization for DNS Chen Stephanos Matsumoto Adrian Perrig © 2013 Stephanos Matsumoto1.
IEEE Communications Surveys & Tutorials 1st Quarter 2008.
1 A New Method for Composite System Annualized Reliability Indices Based on Genetic Algorithms Nader Samaan, Student,IEEE Dr. C. Singh, Fellow, IEEE Department.
1 Modeling, Early Detection, and Mitigation of Internet Worm Attacks Cliff C. Zou Assistant professor School of Computer Science University of Central.
Defending Against Internet Worms: A Signature-Based Approach Aurthors: Yong Tang, and Shigang Chen Publication: IEEE INFOCOM'05 Presenter : Richard Bares.
A Passive Approach to Sensor Network Localization Rahul Biswas and Sebastian Thrun International Conference on Intelligent Robots and Systems 2004 Presented.
ECE 466/658: Performance Evaluation and Simulation Introduction Instructor: Christos Panayiotou.
1 On the Performance of Internet Worm Scanning Strategies Authors: Cliff C. Zou, Don Towsley, Weibo Gong Publication: Journal of Performance Evaluation,
1 OUTPUT ANALYSIS FOR SIMULATIONS. 2 Introduction Analysis of One System Terminating vs. Steady-State Simulations Analysis of Terminating Simulations.
Exact Modeling of Propagation for Permutation-Scanning Worms Parbati Kumar Manna, Shigang Chen, Sanjay Ranka INFOCOM’08.
Detection and Propagation Modeling of Internet Worms Ph.D. research proposal by: Parbati Kumar Manna Co-advised by: Dr. Sanjay Ranka and Dr. Shigang Chen.
Research Direction Advisor: Frank,Yeong-Sung Lin Presented by Jia-Ling Pan 2010/10/211NTUIM OPLAB.
Optimization of NACHI Spreads s Satoshi Onoda Supervised by Prof. Hiroshi Toyoizumi.
A Case Study on Computer Worms Balaji Badam. Computer worms A self-propagating program on a network Types of Worms  Target Discovery  Carrier  Activation.
1 On the Performance of Internet Worm Scanning Strategies Cliff C. Zou, Don Towsley, Weibo Gong Univ. Massachusetts, Amherst.
1 Modeling, Early Detection, and Mitigation of Internet Worm Attacks Cliff C. Zou Assistant professor School of Computer Science University of Central.
1 Monitoring and Early Warning for Internet Worms Cliff C. Zou, Lixin Gao, Weibo Gong, Don Towsley Univ. Massachusetts, Amherst.
1 Monitoring and Early Warning for Internet Worms Authors: Cliff C. Zou, Lixin Gao, Weibo Gong, Don Towsley Univ. Massachusetts, Amherst Publish: 10th.
1 Modeling and Measuring Botnets David Dagon, Wenke Lee Georgia Institute of Technology Cliff C. Zou Univ. of Central Florida Funded by NSF CyberTrust.
HoneyStat: Local Worm Detection Using Honeypots David Dagon, Xinzhou Qin, Guofei Gu, Wenke Lee, et al from Georgia Institute of Technology Authors: The.
2016/3/13 1 Peer-to-peer system-based active worm attacks: Modeling, analysis and defense Wei Yu, Sriram Chellappan, Xun Wang, Dong Xuan Computer Communications.
COSC513 Final Project Firewall in Internet Security Student Name: Jinqi Zhang Student ID: Instructor Name: Dr.Anvari.
Optimal Relay Placement for Indoor Sensor Networks Cuiyao Xue †, Yanmin Zhu †, Lei Ni †, Minglu Li †, Bo Li ‡ † Shanghai Jiao Tong University ‡ HK University.
Vigilante: End-to-End Containment of Internet Worms Manuel Costa, Jon Crowcroft, Miguel Castro, Antony Rowstron, Lidong Zhou, Lintao Zhang and Paul Barham.
Epidemic Profiles and Defense of Scale-Free Networks L. Briesemeister, P. Lincoln, P. Porras Presented by Meltem Yıldırım CmpE
Virtualization.
CSE 486/586 Distributed Systems Gossiping
Internet Quarantine: Requirements for Containing Self-Propagating Code
Modeling Botnet Propagation Using Time Zones
Yiyu Shi*, Wei Yao*, Jinjun Xiong+ and Lei He*
Modeling, Early Detection, and Mitigation of Internet Worm Attacks
IP Addressing Research
CSE551: Introduction to Information Security
Introduction to Internet Worm
Presentation transcript:

Exact Propagation Modeling of Permutation-Scanning Worms Parbati Kumar Manna Dr. Shigang Chen Dr. Sanjay Ranka University of Florida

2 Internet Worm Huge damage potential Propagation is automatic (mostly) Characterized by its behavior at  Host Level  How it compromises the host  What it does on the compromised host  Network Level  How it covers the whole of the target population

3 Motivation for Hacker Achieve desirable goals of scanning  Infection speed  Stealth  Fault tolerance Bad Good Time  V = size of Vulnerable host population % V # Infected = # active + # retired

4 Random-Scanning (RCS) Worm  Wastes scanning power  No idea about when to stop  Easy to detect Simple Divide scheme  Not fault tolerant  Unequal load Optimal Scanning Strategy 1,100 61,100 21,60 91,100 51,5556,60 98, ,90 86,87

5 Random divide scheme  Fault tolerant  Starting point of scan is random  Sequential scan - easy to detect Permutation-Scanning scheme  Fault tolerant, Stealthy, Fast Optimal Scanning Strategy

6 Permutation-Scanning Randomizes the real address space into a Permutation Ring Each freshly infected host starts scanning from a random location Retires upon hitting an already infected host Real address space Permutation ring new host jumps about to infect active retired Gets infected, jumps

7 Why Model? Simulation takes long time  16 hrs / run for 400M hosts Simulation overhead could be prohibitively high  Impossible to scan full IPv6 Simulation does not always provide mathematical insight

8 Find # (active hosts) scanning – effectively (X) – ineffectively (Y) Among the scans from the effective hosts (X), calculate how many are hitting uninfected hosts. Find how many X and Y hosts hit a pre-infected host (and retire). Solution Outline X1X1 X2X2 Y covered area

9 Vulnerable Host Classification

10 State Diagram

11 Interaction among Infected Hosts while scanning

12 Final Propagation Model for Permutation Worm Y X X  (effective) (ineffective) Fraction (covered area)

13 Final Propagation Model for Permutation Worm infected Retired Active

14 Closed-Form Solution infected Active Retired Same as Random Scanning worm

15 Model Vs. Simulation N = 2 23 V = 2 13 hitlist size = 100

16 Extending Model to k-jump Permutation-Scanning Worm Instead of retiring, jump another time and restart scanning Will retire only after hitting more than k old infections Higher infection speed and network footprint

17 State Diagram for k-jump Permutation-Scanning Worm

18 Propagation Model for k-jump Permutation Worm Similar equations for d  ( t ), dy(t)

19 Propagation Results for k-jump permutation worm N=2 23 V=2 13 v =100

20 Designing Fault-Tolerant, Fast, yet Stealthy Worm Convert the existing RCS worm –Use a full-period PRNG –Impart a termination condition of retiring only after hitting its first old infection Same infection speed, less network footprint

21 Scanning Peak Independent of the Hitlist Size

22 Contributions Obtained propagation model for Permutation-Scanning worms Extended modeling for multiple-jump Obtained the effect of various worm/network parameters:  Bigger hitlist (v)  Larger V (more vulnerable computers)  Bigger N (IPv4  IPv6)  Increased k (more jumps allowed)

23 Questions

24 Thank you

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.