Stopping computer viruses through dynamic immunization E. Shir, J.Goldenberg, Y. Shavitt, S. Solomon.

Slides:



Advertisements
Similar presentations
Complex Networks Advanced Computer Networks: Part1.
Advertisements

Scale Free Networks.
Jennifer Tour Chayes Joint work with N. Berger, C. Borgs, A. Ganesh, A. Saberi, D. B. Wilson Controlling the Spread of Viruses on Power-Law Networks.
SECURITY AND INFORMATION SYSTEMS THE EVOLUTION OF SECURITY SYSTEMS Created By: Jamere Hill Instructor: Kyhia Bostic Section University of Houston.
Data Security and legal issues Starter :- 5 Minutes Make a list of all the companies and organisations that you believe holds data on you. Write down what.
Modeling Malware Spreading Dynamics Michele Garetto (Politecnico di Torino – Italy) Weibo Gong (University of Massachusetts – Amherst – MA) Don Towsley.
The development of Internet A cow was lost in Jan 14th If you know where it is, please contact with me. My QQ number is QQ is one of the.
CHAPTER 2 KNOW YOUR VILLAINS. Who writes it: Malware writers vary in age, income level, location, social/peer interaction, education level, likes, dislikes.
AVG- Protecting those who are vulnerable.  Free Anti-Virus Software ◦ J.R. Smith President of AVG oversees a lineup of antivirus products used by 110.
4. PREFERENTIAL ATTACHMENT The rich gets richer. Empirical evidences Many large networks are scale free The degree distribution has a power-law behavior.
What are Trojan horses?  A Trojan horse is full of as much trickery as the mythological Trojan horse it was named after. The Trojan horse, at first glance.
University of Buffalo The State University of New York Spatiotemporal Data Mining on Networks Taehyong Kim Computer Science and Engineering State University.
Small-world Overlay P2P Network
1 Epidemic Spreading in Real Networks: an Eigenvalue Viewpoint Yang Wang Deepayan Chakrabarti Chenxi Wang Christos Faloutsos.
Introducing Computer and Network Security
Peer-to-Peer and Grid Computing Exercise Session 3 (TUD Student Use Only) ‏
Security in Wireless Sensor Networks Perrig, Stankovic, Wagner Jason Buckingham CSCI 7143: Secure Sensor Networks August 31, 2004.
Graphs and Topology Yao Zhao. Background of Graph A graph is a pair G =(V,E) –Undirected graph and directed graph –Weighted graph and unweighted graph.
Protecting Yourself Online. VIRUSES, TROJANS, & WORMS Computer viruses are the "common cold" of modern technology. One in every 200 containing.
Copyright © 2010 Pearson Education, Inc. Publishing as Prentice Hall Statistics for Business and Economics 7 th Edition Chapter 9 Hypothesis Testing: Single.
Internet Quarantine: Requirements for Containing Self-Propagating Code David Moore et. al. University of California, San Diego.
Economics of Malware: Epidemic Risk Model, Network Externalities and Incentives. Marc Lelarge (INRIA-ENS) WEIS, University College London, June 2009.
WAN Technologies.
Trend Micro Deployment Kelvin Hwang IT Services University of Windsor.
Models of Influence in Online Social Networks
Epidemic spreading in complex networks: from populations to the Internet Maziar Nekovee, BT Research Y. Moreno, A. Paceco (U. Zaragoza) A. Vespignani (LPT-
(Social) Networks Analysis III Prof. Dr. Daning Hu Department of Informatics University of Zurich Oct 16th, 2012.
1 Worm Modeling and Defense Cliff C. Zou, Don Towsley, Weibo Gong Univ. Massachusetts, Amherst.
1 Internet Security Threat Report X Internet Security Threat Report VI Figure 1.Distribution Of Attacks Targeting Web Browsers.
Unit 2 - Hardware Computer Security.
Malware  Viruses  Virus  Worms  Trojan Horses  Spyware –Keystroke Loggers  Adware.
Architecting secure software systems
Study Results Advanced Persistent Threat Awareness.
Information Security Rabie A. Ramadan GUC, Cairo Room C Lecture 2.
Introducing Computer and Network Security. Computer Security Basics What is computer security? –Answer depends on the perspective of the person you’re.
Prepared by: Dinesh Bajracharya Nepal Security and Control.
Introduction to Computer Ethics
 a crime committed on a computer network, esp. the Internet.
How CERN reacted to the Blaster and Sobig virus attack Christian Boissat, Alberto Pace, Andreas Wagner.
1 How to 0wn the Internet in Your Spare Time Authors: Stuart Staniford, Vern Paxson, Nicholas Weaver Publication: Usenix Security Symposium, 2002 Presenter:
Resisting Denial-of-Service Attacks Using Overlay Networks Ju Wang Advisor: Andrew A. Chien Department of Computer Science and Engineering, University.
CHAPTER 14 Viruses, Trojan Horses and Worms. INTRODUCTION Viruses, Trojan Horses and worm are malicious programs that can cause damage to information.
JEnterprise Suite For Network Monitoring and Security Dr. Sureswaran Ramadass, Dr. Rahmat Budiarto, Mr. Ahmad Manasrah, Mr. M. F. Pasha.
Directed-Graph Epidemiological Models of Computer Viruses Presented by: (Kelvin) Weiguo Jin “… (we) adapt the techniques of mathematical epidemiology to.
ACT: Attachment Chain Tracing Scheme for Virus Detection and Control Jintao Xiong Proceedings of the 2004 ACM workshop on Rapid malcode Presented.
Course code: ABI 204 Introduction to E-Commerce Chapter 5: Security Threats to Electronic Commerce AMA University 1.
Viruses : Notorious Pests James Barnes II Worms and Viruses Worms and Viruses | Solutions | Worms and Viruses | Myth | Prevention | Final WordSolutions.
Emily Ansell 8K viruseshackingbackups next. Viruses A virus is harmful software that can be passed to different computers. A virus can delete and damage.
Systems II San Pham CS /20/03. Topics Operating Systems Resource Management – Process Management – CPU Scheduling – Deadlock Protection/Security.
Understanding Computer Viruses: What They Can Do, Why People Write Them and How to Defend Against Them Computer Hardware and Software Maintenance.
Efficient Labeling Scheme for Scale-Free Networks The scheme in detailsPerformance of the scheme First we fix the number of hubs (to O(log(N))) and show.
June 10, 1999 Discrete Event Simulation - 3 What other subsystems do we need to simulate? Although Packets are responsible for the largest amount of events,
Network theory 101 Temporal effects What we are interested in What kind of relevant temporal /topological structures are there? Why? How does.
Dynamics of Malicious Software in the Internet
Topic 5: Basic Security.
Malicious Attacks By: Albert, Alex, Andon, Ben, Robert.
Worm Defense Alexander Chang CS239 – Network Security 05/01/2006.
Lecture 10: Network models CS 765: Complex Networks Slides are modified from Networks: Theory and Application by Lada Adamic.
An Improved Acquaintance Immunization Strategy for Complex Network.
Page 1 Viruses. Page 2 What Is a Virus A virus is basically a computer program that has been written to perform a specific set of tasks. Unfortunately,
Microsoft NDA Material Adwait Joshi Sr. Technical Product Manager Microsoft Corporation.
Response network emerging from simple perturbation Seung-Woo Son Complex System and Statistical Physics Lab., Dept. Physics, KAIST, Daejeon , Korea.
Zero Day Attacks Jason Kephart. Purpose The purpose of this presentation is to describe Zero-Day attacks, stress the danger they pose for computer security.
networks and the spread of computer viruses Authors:M. E. J. Newman, S. Forrest, and J. Balthrop. Published:September 10, Physical Review.
Scale-free and Hierarchical Structures in Complex Networks L. Barabasi, Z. Dezso, E. Ravasz, S.H. Yook and Z. Oltvai Presented by Arzucan Özgür.
Epidemic Profiles and Defense of Scale-Free Networks L. Briesemeister, P. Lincoln, P. Porras Presented by Meltem Yıldırım CmpE
Empirical analysis of Chinese airport network as a complex weighted network Methodology Section Presented by Di Li.
Brian Lafferty Virus on a Network.
Peer-to-Peer and Social Networks
Introduction to Internet Worm
Presentation transcript:

Stopping computer viruses through dynamic immunization E. Shir, J.Goldenberg, Y. Shavitt, S. Solomon

The War on Viruses Is Being Lost A recent British survey conducted by PwC:  93% of British business have installed an anti virus solution  Nonetheless, 50% (68% of the large ones) have reported suffering from virus infection in the last year.  And the situation gets worse and worse…  Why would I buy a software which guarantees merely 32% success rate?

From the Horse’s mouth – What Symantec has to say: “..One of the most significant events of 2003 occurred in August when the Internet experienced three new Category 4 worms in only 12 days.1 Blaster, Welchia, and Sobig.F infected millions of computers worldwide. These threats alone may have resulted in as much as $2 billion in damages…” “…In the first half of 2003, only one-sixth of the companies analyzed reported a serious breach. In the second half of the year, half of the companies reported a serious breach…” “…Financial services, healthcare, and power and energy were among the industries hardest hit by severe events…” “…Finally,... As exploits are developed and released more quickly, companies are increasingly vulnerable... Symantec believes that “zero-day” threats are imminent... If such an outbreak occurs, widespread damage could occur before users are able to effectively patch their systems…” From “ Symantec Internet Security Threat Report” March 2004

Virus Spread in a Networked World Several spread mechanisms for malicious code:  infection  Worms  Web vulnerabilities Note: diskette/CD infection are not included Similar behavior – different overlay networks:  Address book network (social network)  LAN/WAN (Internet Routing Network)  Web links network All broad-scale networks, can be modeled by a scale-free network model Most of the economic damage is caused due to denial of network services and not due to information loss!!

The Anti Virus Industry Current Anti-virus approach has not been updated since its incubation and is the same as in the “diskette virus” age:  The anti-virus software defends only its owner  A new threat defense must be updated centrally  No real immunization against new viruses  The distribution of the anti virus updates is a slow, stochastic process, compared to the rapid spread of the viruses, the virus always has the upper end.

Current Immunization schemes Focus on changing the topology of the network through nodes immunization, so to introduce an epidemic threshold (random nodes, targeted hubs, neighbors of random nodes) before the epidemic has approached Static in nature (do not interact with the infection process)

New Virus Fighting Paradigms Distributed immunization revisited partially un-correlated networks Honey Traps and shrinking a small world

an Anti-virus Paradigm for a Networked World: Distributed Immunization “Spread the word” – “Infecting” my neighborhood with new threat information in real-time Enough to shout “danger”. Speed is more important than thorough analysis We want to immune un-infected nodes, rather than curing infected ones We want to suppress the infected cluster

an Anti-virus Paradigm for a Networked World: Partially Uncorrelated Overlay Networks Spread the anti virus on a similar but not identical network e.g. – the virus moves on the network – the anti virus moves on plus the SMS networks We change the topology for the anti-virus, while leaving the virus topology intact. Thus allowing the anti-virus to win Conjecture: For large enough networks, the virus cluster can be contained to any desirable portion of the network, if there are enough links that are unique to the anti-virus network

Honey Traps – Shrinking a Small World How do we engineer an effective system that can immune distributively using a partially uncorrelated network? Use a set of fully connected honey traps Effectively, a small amount shrinks the network considerably for the anti virus by creating a virtual super-hub

Initial Math Analysis We statistically analyze the model as an interacting random branching process on a graph  Without anti virus the virus cluster layers are given by: =>  With the anti virus, the ratio of the infected to immuned clusters size takes the form:  This ratio is thus inversely proportional to the relative edge addition

Model Description Node possible states: 1. Neutral 2. Infected 3. Immuned 4. Infected and Immuning(conform to SIR) Edge Types: 1. Common 2. Virus only 3. Anti-virus only

Model Description (cont.)

Model Description (Cont.) Rules of the dynamics: 1. Stochastic: Each process has an occurrence probability centered around a typical time scale (delay) Deterministic: Constant Delay 2. The processes which occur are: a. Infection – an infected node infects a neighbor which was neutral b. Birth of an anti-virus – an infected node creates an anti-virus and sends it to a neutral neighbor c. Immunization – an immuned node sends an anti-virus to a neutral neighbor d. In the Honey Traps model, only the Honey Traps can create an anti virus 3. Once immuned or infected, a node cannot change its status

Model Description (Cont.) Both the virus and anti virus can move on edges of type “common”. Each of them also can move on its specific typed edges By definition, there is always only one cluster of infected nodes. Not true for the anti-virus In the scale free case, the typed degrees of a node are correlated (a “common” hub will also be a “virus” and an “anti-virus” hub, though possibly in a different scale)

Movies

Empirical Survey of /SMS networks We surveyed hundreds of people, gaining eventually a sample set containing 513 answers People were asked for the size of their address book, the size of their phone book and the corresponding overlap

The average overlap was only 32.6% The phone book data exhibited power law tale with exponent=-1.88 Empirical Survey of /SMS networks - Results The address book data exhibited a close to power law distribution with exponent=-0.75

Results We studied both random and scale free networks in both deterministic and stochastic settings We checked the dependence on the following parameters:  Characteristic delay gap between infection and virus birth  Dependence on common, virus and anti virus edge density  Dependence on honey traps

Average degree dependence (Random- ER)

Dependence on Delay Gap ( Random, common density=0.01 )

Dependence on delay gap ( Scale Free - common, virus, anti=1 )

Dependence on anti-virus edges degree (Random – delay gap=20, common degree=10) The virus cluster can be suppressed to any desirable size by adding more anti-virus links

Dependence on virus and anti virus edge addition Some interesting results: The most important point is to have anti virus edges

Dependence on link addition (SF – delay gap=0)

Dependency on Immunizing links density – random link addition ( nodes networks)

Dependency on Honey Traps Density ( nodes network)

Dependence on the exponent (delay gap=20, common=1,anti=1)

Future Directions Further in the future:  Test and Implement in the real world w/ DIMES and PlanetLab

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.