Optimization of Blaster worms Performance Evaluation Laboratory s1080060 Tatehiro Kaiwa Supervised by Prof. Hiroshi Toyoizumi by Stochastic Modeling.

Slides:

Advertisements

Similar presentations

IS 376 NOVEMBER 5, DATA BREACH INVESTIGATIONS REPORT By The Verizon RISK Team Research Investigations Solutions Knowledge.

Advertisements

A Survey of Botnet Size Measurement PRESENTED: KAI-HSIANG YANG ( 楊凱翔 ) DATE: 2013/11/04 1/24.

Modeling Malware Spreading Dynamics Michele Garetto (Politecnico di Torino – Italy) Weibo Gong (University of Massachusetts – Amherst – MA) Don Towsley.

Network Measurements: Unused IP address space traffic analysis at SSSUP Campus Network Francesco Paolucci, Piero Castoldi Research Unit at Scuola Superiore.

Worm Origin Identification Using Random Moonwalks Yinglian Xie, V. Sekar, D. A. Maltz, M. K. Reiter, Hui Zhang 2005 IEEE Symposium on Security and Privacy.

MOSQUITO BREEDING ATTACK: Spread of bots using Peer To Peer INSTRUCTOR: Dr.Cliff Zou PRESENTED BY : BHARAT SOUNDARARAJAN & AMIT SHRIVATSAVA.

Novel Information Attacks From “Carpet Bombings” to “Smart Bombs”

Network Security Testing Techniques Presented By:- Sachin Vador.

1 Pertemuan 6 Points of Exposure Matakuliah:A0334/Pengendalian Lingkungan Online Tahun: 2005 Versi: 1/1.

Aleksandar Kuzmanovic & Edward W. Knightly A Performance vs. Trust Perspective in the Design of End-Point Congestion Control Protocols.

The MS Blaster worm Presented by: Zhi-Wen Ouyang.

1 Protecting your On-Line Privacy and PC. 2 Viruses, Worms, Trojan Horses, Spam, and Hoaxes Of the billions of messages per year, an increasing.

Intrusion Detection using Honeypots Patrick Brannan Honeyd with virtual machines.

Protecting Yourself Online. VIRUSES, TROJANS, & WORMS Computer viruses are the "common cold" of modern technology. One in every 200 containing.

Information Networking Security and Assurance Lab National Chung Cheng University 1 A Real World Attack: wu-ftp.

Lecture 11 Reliability and Security in IT infrastructure.

A Virtual Environment for Investigating Counter Measures for MITM Attacks on Home Area Networks Lionel Morgan 1, Sindhuri Juturu 2, Justin Talavera 3,

Automated Web Patrol with Strider HoneyMonkeys Present by Zhichun Li.

Internet Quarantine: Requirements for Containing Self-Propagating Code David Moore et. al. University of California, San Diego.

Virus & Anti-Virus Itthiwat Phiphopsukhawadee M.2/7 No.5 Saranpat Prasertthum M.2/7 No.17 Korakrit Laotrakul M.2/7 No.23 Pesan Kasemkitjanuwat M.2/7 No.25.

PATCH MANAGEMENT: Issues and Practical Solutions Presented by: ISSA Vancouver Chapter March 4, 2004.

Honeypot and Intrusion Detection System

How CERN reacted to the Blaster and Sobig virus attack Christian Boissat, Alberto Pace, Andreas Wagner.

BY OLIVIA WILSON AND BRITTANY MCDONALD Up Your Shields with Shields Up!

SCIENTIFIC METHOD THE STEPS.

Critical National Infrastructure What is attacking your network, and how do you know? By Frode Rein ICT Manager, The Norwegian Parliament – Stortinget.

A Taxonomy of Computer Worms Nicholas Weaver, Vern Paxson, Stuart Staniford, and Robert Cunningham ACM WORM 2003 Speaker: Chang Huan Wu 2008/8/8.

A virus is software that spreads from program to program, or from disk to disk, and uses each infected program or disk to make copies of itself. Basically.

The Internet Motion Sensor: A Distributed Blackhole Monitoring System Presented By: Arun Krishnamurthy Authors: Michael Bailey, Evan Cooke, Farnam Jahanian,

Detection Unknown Worms Using Randomness Check Computer and Communication Security Lab. Dept. of Computer Science and Engineering KOREA University Hyundo.

Modeling Worms: Two papers at Infocom 2003 Worms Programs that self propagate across the internet by exploiting the security flaws in widely used services.

1 Figure 4-1: Targeted System Penetration (Break-In Attacks) Host Scanning  Ping often is blocked by firewalls  Send TCP SYN/ACK to generate RST segments.

Understanding Computer Viruses: What They Can Do, Why People Write Them and How to Defend Against Them Computer Hardware and Software Maintenance.

1 Security Penetration Testing Angela Davis Mrinmoy Ghosh ECE4112 – Internetwork Security Georgia Institute of Technology.

1 HoneyNets. 2 Introduction Definition of a Honeynet Concept of Data Capture and Data Control Generation I vs. Generation II Honeynets Description of.

Modeling Penetration of Viruses at the Gateway S Keiichi Kato Supervised by Prof.Hiroshi Toyoizumi.

Dynamics of Malicious Software in the Internet

Topic 5: Basic Security.

1 On the Performance of Internet Worm Scanning Strategies Authors: Cliff C. Zou, Don Towsley, Weibo Gong Publication: Journal of Performance Evaluation,

What Do Scientists Do? Quiz 1C.

Search Worms, ACM Workshop on Recurring Malcode (WORM) 2006 N Provos, J McClain, K Wang Dhruv Sharma

The Scientific Method aka: Scientific Inquiry. What is Science? The goal of science is to investigate and understand the natural world, to explain events.

Optimization of NACHI Spreads s Satoshi Onoda Supervised by Prof. Hiroshi Toyoizumi.

1 On the Performance of Internet Worm Scanning Strategies Cliff C. Zou, Don Towsley, Weibo Gong Univ. Massachusetts, Amherst.

1 Modeling, Early Detection, and Mitigation of Internet Worm Attacks Cliff C. Zou Assistant professor School of Computer Science University of Central.

Automated Worm Fingerprinting Authors: Sumeet Singh, Cristian Estan, George Varghese and Stefan Savage Publish: OSDI'04. Presenter: YanYan Wang.

Understand Malware LESSON Security Fundamentals.

Intro to Network Security. Vocabulary Vulnerability Weakness that can be compromised Threat A method to exploit a vulnerability Attack Use of one or more.

Page 1 Viruses. Page 2 What Is a Virus A virus is basically a computer program that has been written to perform a specific set of tasks. Unfortunately,

Biao Wang 1, Ge Chen 1, Luoyi Fu 1, Li Song 1, Xinbing Wang 1, Xue Liu 2 1 Shanghai Jiao Tong University 2 McGill University

1 Botnets Group 28: Sean Caulfield and Fredrick Young ECE 4112 Internetwork Security Prof. Henry Owen.

1. A question may be investigated through experimentation. 2. A good scientific experiment is designed to provide evidence for cause/effect relationships.

Microsoft OS Vulnerabilities April 1, 2010 MIS 4600 – MBA © Abdou Illia.

Chapter 40 Internet Security.

Internet Quarantine: Requirements for Containing Self-Propagating Code

Re-evaluating the WPA2 Security Protocol

Very Fast containment of Scanning Worms

Lesson Objectives Aims You should be able to:

Cybersecurity Case Study STUXNET worm

Filtering Spoofed Packets

Worm Origin Identification Using Random Moonwalks

Information Security Session October 24, 2005

Internet Worm propagation

Computer Security Firewalls November 19, 2018 ©2004, Bryan J. Higgs.

Scientific Method.

The Scientific Method C1L1CP1 How do scientists work?

Lab 7 – Defeating MALWARE

Nature of Science.

Crisis and Aftermath Morris worm.

Presentation transcript:

Optimization of Blaster worms Performance Evaluation Laboratory s Tatehiro Kaiwa Supervised by Prof. Hiroshi Toyoizumi by Stochastic Modeling

Purpose Modeling a Blaster worm, we investigate influence on a local network. Optimizing a Blaster worm, we observe and investigate the threat. To compare the difference between the existing Blaster worms and the optimized ones in local network.

Target Virus Name: W32.Blaster.Worm (Symantec) WORM_MSBLAST.A (Trend Micro) W32/Lovsan.worm.a (McAfee) Type : Worm Systems Affected : Windows 2000, XP Blaster worm exploits a vulnerability of DCOM RPC Service to penetrate. Causes system instability

Select an IP address Complete Random Local Create malicious Packets For XPFor 2000 Start to send many malicious packets Spread Algorithm (1) These methods selected only once when the Blaster worm is executed.

Spread Algorithm (2) When the worm use own IP address, A.B.C.D, the worm change D into 0. Then the worm make the target address increasing monotonically. Probability a first worm and other worms attack to the same IP address with is very high. Infection rate of all worm except a first worm in the local network become smaller.

The Experimental Network This figure shows a local experimental network to collect Blaster worm packets data. To confirm and obtain some information about the Blaster worm.

Worm Data Collection Blaster HUB Sniffer Target Systems attacked and infected by Blaster worm may be instability, then sometimes shutdown. We cannot capture some packets with a infected PC and all target PCs installed Sniffer. Prepare a PC no infect, and connection as the figure, then capture all packets.

The Infection Model This figure is the worm infection model. ν ν ν ν λ λ λ λ ν ν: Infection rate of a Blaster worm outside of the local network. λ: Infection rate of Blaster worms inside of the local network.

The Model Solution (1) 3 We obtain the new model to mix a Poisson Process and a Yule Process. 2 1 n n ν ν ν ν ν λ 2λ (n-1)λ n ν+(n-1)λ ν+2λ ν+λ ν ν+nλ nλ where The process with infection rate ν is Poisson Process, and the process with infection rate λ is Yule Process. Each infection activities are independent.

The Model Solution (2) Windows XP Windows 2000 XP A ratio of each systems having the vulnerability in a local network.

The Model Solution (3) Rate of successful infection Average of the number of packets Each Infection Rate

Graphs of changing a ratio of each systems in the network The performance of the Blaster worms can be improved if the ratio of the Windows XP machines is high in the local network. All WinXP All Win2000 XP:2000=1:8

The difference between optimized and existing The Optimized Blaster worms prove great threat. Thus, the existing Blaster worm also has a potential threat the same. Existing Blaster Optimized Blaster XP:2000=1:8

Conclusion A performance of the Blaster worm is great influence a ratio of each OS in the target network. Optimized Blaster worms is the worm having a great threat. Thus, we need to be careful individually.

Future Works As the stochastic model may be different from existing Blaster worms 、 we need to close to the accurate model of the existing Blaster worms in the future.