On the Effectiveness of Automatic Patching Milan Vojnović & Ayalvadi Ganesh Microsoft Research Cambridge, United Kingdom WORM’05, Fairfax, VA, USA, Nov.

Slides:



Advertisements
Similar presentations
Milan Vojnović Microsoft Research Cambridge Collaborators: E. Perron and D. Vasudevan 1 Consensus – with Limited Processing and Signalling.
Advertisements

Defense and Detection Strategies Against Internet Worms Usman Sarwar Network Research Group, University Science Malaysia.
(Distributed) Denial of Service Nick Feamster CS 4251 Spring 2008.
Code-Red : a case study on the spread and victims of an Internet worm David Moore, Colleen Shannon, Jeffery Brown Jonghyun Kim.
By Hiranmayi Pai Neeraj Jain
David Brumley, Pongsin Poosankam, Dawn Song and Jiang Zheng Presented by Nimrod Partush.
Investigating the Impact of Real-World Factors on Internet Worm Propagation Daniel Ray, Charles Ward, Bogdan Munteanu, Jonathan Blackwell, Xiaoyan Hong,
 Population: N=100,000  Scan rate  = 4000/sec, Initially infected: I 0 =10  Monitored IP space 2 20, Monitoring interval:  = 1 second Infected hosts.
 Well-publicized worms  Worm propagation curve  Scanning strategies (uniform, permutation, hitlist, subnet) 1.
Modeling the spread of active worms Zesheng Chen, Lixin Gao, and Kevin Kwiat bearhsu - INFOCOM 2003.
Internet Quarantine: Requirements for Containing Self- Propagating Code David Moore, Colleen Shannon, Geoffrey M. Voelker, Stefan Savage.
Self-Stopping Worms Justin Ma, Geoffrey M. Voelker, Stefan Savage Collaborative Center for Internet Epidemiology and Defenses (CCIED) Department of Computer.
Efficient, Proximity-Aware Load Balancing for DHT-Based P2P Systems Yingwu Zhu, Yiming Hu Appeared on IEEE Trans. on Parallel and Distributed Systems,
Copyright Silicon Defense Worm Overview Stuart Staniford Silicon Defense
Code Red Worm Propagation Modeling and Analysis Zou, Gong, & Towsley Michael E. Locasto March 4, 2003 Paper # 46.
Building Low-Diameter P2P Networks Eli Upfal Department of Computer Science Brown University Joint work with Gopal Pandurangan and Prabhakar Raghavan.
Dynamic Network Security Deployment under Partial Information George Theodorakopoulos (EPFL) John S. Baras (UMD) Jean-Yves Le Boudec (EPFL) September 24,
Worms: Taxonomy and Detection Mark Shaneck 2/6/2004.
UNCLASSIFIED Secure Indirect Routing and An Autonomous Enterprise Intrusion Defense System Applied to Mobile ad hoc Networks J. Leland Langston, Raytheon.
Analyzing Cooperative Containment Of Fast Scanning Worms Jayanthkumar Kannan Joint work with Lakshminarayanan Subramanian, Ion Stoica, Randy Katz.
Vigilante: End-to-End Containment of Internet Worms Manuel Costa, Jon Crowcroft, Miguel Castro, Antony Rowstron, Lidong Zhou, Lintao Zhang, Paul Barham.
Worm Defense. Outline  Internet Quarantine: Requirements for Containing Self-Propagating Code  Netbait: a Distributed Worm Detection Service  Midgard.
How to Own the Internet in your spare time Ashish Gupta Network Security April 2004.
On Self Adaptive Routing in Dynamic Environments -- A probabilistic routing scheme Haiyong Xie, Lili Qiu, Yang Richard Yang and Yin Yale, MR and.
1 The Spread of the Sapphire/Slammer Worm D. Moore, V. Paxson, S. Savage, C. Shannon, S. Staniford, N. Weaver Presented by Stefan Birrer.
Internet Quarantine: Requirements for Containing Self-Propagating Code David Moore et. al. University of California, San Diego.
©2003–2008 Check Point Software Technologies Ltd. All rights reserved. CheckPoint new security architecture and R70 highlights.
Epidemic spreading in complex networks: from populations to the Internet Maziar Nekovee, BT Research Y. Moreno, A. Paceco (U. Zaragoza) A. Vespignani (LPT-
1 Worm Modeling and Defense Cliff C. Zou, Don Towsley, Weibo Gong Univ. Massachusetts, Amherst.
Internet Worms Brad Karp UCL Computer Science CS GZ03 / th December, 2007.
Stamping out worms and other Internet pests Miguel Castro Microsoft Research.
Carleton University School of Computer Science Detecting Intra-enterprise Scanning Worms based on Address Resolution David Whyte, Paul van Oorschot, Evangelos.
1 Modeling, Analysis, and Mitigation of Internet Worm Attacks Presenter: Cliff C. Zou Dept. of Electrical & Computer Engineering University of Massachusetts,
Epidemic Dissemination & Efficient Broadcasting in Peer-to-Peer Systems Laurent Massoulié Thomson, Paris Research Lab Based on joint work with: Bruce Hajek,
How to Own the Internet in Your Spare Time (Stuart Staniford Vern Paxson Nicholas Weaver ) Giannis Kapantaidakis University of Crete CS558.
Code Red Worm Propagation Modeling and Analysis Zou, Gong, & Towsley Michael E. Locasto March 21, 2003.
Code Red Worm Propagation Modeling and Analysis Cliff Changchun Zou, Weibo Gong, Don Towsley Univ. Massachusetts, Amherst.
Worms, Viruses, and Cascading Failures in networks D. Towsley U. Massachusetts Collaborators: W. Gong, C. Zou (UMass) A. Ganesh, L. Massoulie (Microsoft)
Detection Unknown Worms Using Randomness Check Computer and Communication Security Lab. Dept. of Computer Science and Engineering KOREA University Hyundo.
Code Red Worm Propagation Modeling and Analysis Cliff Changchun Zou, Weibo Gong, Don Towsley.
Vigilante: End-to-End Containment of Internet Worms Authors : M. Costa, J. Crowcroft, M. Castro, A. Rowstron, L. Zhou, L. Zhang, and P. Barham In Proceedings.
Modeling Worms: Two papers at Infocom 2003 Worms Programs that self propagate across the internet by exploiting the security flaws in widely used services.
1 Worm Propagation Modeling and Analysis under Dynamic Quarantine Defense Cliff C. Zou, Weibo Gong, Don Towsley Univ. Massachusetts, Amherst.
Stamping out worms and other Internet pests Miguel Castro Microsoft Research.
1 Modeling, Early Detection, and Mitigation of Internet Worm Attacks Cliff C. Zou Assistant professor School of Computer Science University of Central.
Defending Against Internet Worms: A Signature-Based Approach Aurthors: Yong Tang, and Shigang Chen Publication: IEEE INFOCOM'05 Presenter : Richard Bares.
Internet Quarantine: Requirements for Containing Self-Propagating Code David Moore, Colleen Shannon, Geoffrey M.Voelker, Stefan Savage University of California,
1 On the Performance of Internet Worm Scanning Strategies Authors: Cliff C. Zou, Don Towsley, Weibo Gong Publication: Journal of Performance Evaluation,
Worm Defense Alexander Chang CS239 – Network Security 05/01/2006.
Exact Modeling of Propagation for Permutation-Scanning Worms Parbati Kumar Manna, Shigang Chen, Sanjay Ranka INFOCOM’08.
1 On the Performance of Internet Worm Scanning Strategies Cliff C. Zou, Don Towsley, Weibo Gong Univ. Massachusetts, Amherst.
1 Modeling, Early Detection, and Mitigation of Internet Worm Attacks Cliff C. Zou Assistant professor School of Computer Science University of Central.
Slammer Worm By : Varsha Gupta.P 08QR1A1216.
1 Monitoring and Early Warning for Internet Worms Cliff C. Zou, Lixin Gao, Weibo Gong, Don Towsley Univ. Massachusetts, Amherst.
Defending against Hitlist Worms using NASR Khanh Nguyen.
1 Monitoring and Early Warning for Internet Worms Authors: Cliff C. Zou, Lixin Gao, Weibo Gong, Don Towsley Univ. Massachusetts, Amherst Publish: 10th.
1 Modeling and Measuring Botnets David Dagon, Wenke Lee Georgia Institute of Technology Cliff C. Zou Univ. of Central Florida Funded by NSF CyberTrust.
How to 0wn the Internet In Your Spare Time Authors Stuart Staniford, Vern Paxson, Nicholas Weaver Published Proceedings of the 11th USENIX Security Symposium.
On the Placement of Web Server Replicas Yu Cai. Paper On the Placement of Web Server Replicas Lili Qiu, Venkata N. Padmanabhan, Geoffrey M. Voelker Infocom.
@Yuan Xue Worm Attack Yuan Xue Fall 2012.
Mean Field Methods for Computer and Communication Systems Jean-Yves Le Boudec EPFL Network Science Workshop Hong Kong July
If we don’t subnet and use as our subnet mask then we use all of our IP addresses on one network. This is not an efficient use of our Class.
Vigilante: End-to-End Containment of Internet Worms Manuel Costa, Jon Crowcroft, Miguel Castro, Antony Rowstron, Lidong Zhou, Lintao Zhang and Paul Barham.
Internet Quarantine: Requirements for Containing Self-Propagating Code
Information Security Session October 24, 2005
Internet Worm propagation
Brad Karp UCL Computer Science
Modeling, Early Detection, and Mitigation of Internet Worm Attacks
CSE551: Introduction to Information Security
Introduction to Internet Worm
Presentation transcript:

On the Effectiveness of Automatic Patching Milan Vojnović & Ayalvadi Ganesh Microsoft Research Cambridge, United Kingdom WORM’05, Fairfax, VA, USA, Nov 11, 2005

2 Problem Worms tend to appear soon after vulnerability public disclosure Witty (1 day) Nightmare: zero-day worm Worm appears before patch released Patching must be automatic (detection, patch generation, delivery, installation)

3 Problem (cont’d) Problem: how fast patch delivery must be to contain a worm? Our results: Random scanning worms Goal: analytical bounds Other worms: future work

4 Hierarchical patch delivery patching server subnet client Special: single subnet = centralized solution overlay

5 Rest of the talk Models and required patching rates to contain worms by: Patching Patching & filtering P2P patching Conclusion

6 Susceptible-Infective: model of worm spread Infected host scans IP address space  at instants of Poisson (  ) Independent at distinct hosts Rate of successful scans:  =  N /  I(t) = number of infected hosts at time t a Markov process High-level: model ignores network latency, congestion

7 Susceptible-Infective (2) Large population limit: N→∞, η/Ω fixed i(t) = I(t)/N : fraction of infected hosts i(t) : density-dependent Markov process Uniform converges to the limit deterministic ODE: (d/dt)i(t) = β i(t) [1-i(t)] Used to model worms (Staniford+02) 1/  = 40 min (Code Red) = 10 sec (Slammer)

8 Patching: one subnet  = polling frequency fraction of susceptible hosts Result Implicit function for final infectives i(+  )

9 Patching: one subnet (2) Implication: Exponential with the ratio worm to patch rate ! Bound is tight whenever  /  is small = effective containment vulnerable hosts

10 Patching: multiple subnets patching server subnet client overlay

11 Patching: multiple subnets Overlay abstracted by broadcast curve: g(t) = fraction of alerted patch servers at time t Examples: 1 0 t 1 0 t T Known broadcast time Logistic function Flooding on Pastry

12 Patching: multiple subnets (2) (S,I) dynamics same as for one subnet … but patching rate is a function of time

13 Minimum broadcast curve A curve that lower bounds any broadcast curve for an overlay Result: using a minimum broadcast curve produces upper bound on the fraction of infected hosts Minimum broadcast curve Flooding over Pastry

14 Patching: multiple subnets (…) Result: g() = logistic function  /  fixed, bot  and  tend to be small “overlay diameter”

15 Patching & filtering i 0 (t) = fraction of infectives in non alerted subnets s 0 (t) = same for suceptible hosts alerted patch server block

16 Patching & filtering (2) Result: u(t) = g(t)/g(0)  ’ =  (i 0 (0)+s 0 (0))/(1-g(0)) t i 0 (t) After subnet becomes alerted, it “decouples” from the rest of the system

17 P2P Two epidemics: Patch epidemics with larger spread rate  Result:

18 Conclusion Random scanning worms can be effectively contained Presuming patch rate is sufficiently larger than worm rate Need to constrain worm rate Future work: subnet preference worms topological worms?

19 More immunology.htm Thanks!

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.