A Taxonomy of Computer Worms Ashish Gupta Network Security April 2004.

Slides:

Advertisements

Similar presentations

Defense and Detection Strategies Against Internet Worms Usman Sarwar Network Research Group, University Science Malaysia.

Advertisements

(Distributed) Denial of Service Nick Feamster CS 4251 Spring 2008.

Code-Red : a case study on the spread and victims of an Internet worm David Moore, Colleen Shannon, Jeffery Brown Jonghyun Kim.

By Hiranmayi Pai Neeraj Jain

1 Routing Worm: A Fast, Selective Attack Worm based on IP Address Information Cliff C. Zou, Don Towsley, Weibo Gong, Songlin Cai Univ. Massachusetts, Amherst.

Computer Security Fundamentals by Chuck Easttom Chapter 4 Denial of Service Attacks.

Cyber Threat Analysis  Intrusions are actions that attempt to bypass security mechanisms of computer systems  Intrusions are caused by:  Attackers accessing.

Software Security Threats Threats have been an issue since computers began to be used widely by the general public.

Defense-in-Depth Against Malicious Software Jeff Alexander IT Pro Evangelist Microsoft Australia

 Population: N=100,000  Scan rate  = 4000/sec, Initially infected: I 0 =10  Monitored IP space 2 20, Monitoring interval:  = 1 second Infected hosts.

Trusted Internet Connections. Background Pervasive and sustained cyber attacks against the United States continue to pose a potentially devastating impact.

The University of Hull Centre For Internet Computing Spam ‘n’ chips A discussion of internet crime Angus M. Marshall BSc CEng MBCS FRSA.

Distributed Intrusion Detection Systems (dIDS) 2/10 CIS 610.

Outlines Mobile malcode Overview Viruses Worms.

Beyond the perimeter: the need for early detection of Denial of Service Attacks John Haggerty,Qi Shi,Madjid Merabti Presented by Abhijit Pandey.

Worms: Taxonomy and Detection Mark Shaneck 2/6/2004.

The MS Blaster worm Presented by: Zhi-Wen Ouyang.

Copyright © Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE USC CSci530 Computer Security Systems Lecture.

Web server security Dr Jim Briggs WEBP security1.

Outlines r Mobile malcode Overview r Viruses r Worms.

How to Own the Internet in your spare time Ashish Gupta Network Security April 2004.

Internet Quarantine: Requirements for Containing Self-Propagating Code David Moore et. al. University of California, San Diego.

Lesson 10 – SECURING YOUR NETWORK Security devices Internal security External security Viruses and other malicious software OVERVIEW.

CYBER CRIME AND SECURITY TRENDS

A Study of Mass- mailing Worms By Cynthia Wong, Stan Bielski, Jonathan M. McCune, and Chenxi Wang, Carnegie Mellon University, 2004 Presented by Allen.

DDoS Attack and Its Defense1 CSE 5473: Network Security Prof. Dong Xuan.

Sam Cook April 18, Overview What is penetration testing? Performing a penetration test Styles of penetration testing Tools of the trade.

How do worms work? Vivek Ramachandran Nagraj – An Indian comic book hero, who commands all the snakes of the world.

1Cisco Security NOW © 2003, Cisco Systems, Inc. All rights reserved. THIS IS THE POWER OF CISCO SECURITY. now.

Asco. Prof. Dr. Sureswaran Ramadass Enterprise Network Monitoring and Security “iNet Enterprise”

Denial of Service A Brief Overview. Denial of Service Significance of DoS in Internet Security Low-Rate DoS Attacks – Timing and detection – Defense High-Rate,

1 Guide to Network Defense and Countermeasures Chapter 2.

Malware  Viruses  Virus  Worms  Trojan Horses  Spyware –Keystroke Loggers  Adware.

 a crime committed on a computer network, esp. the Internet.

Copyright 2004 Sheng Bai The Classification and Detection of Computer Worms ( survey report) Instructor: Dr. A. K. Aggarwal Session: Winter 2004.

1 How to 0wn the Internet in Your Spare Time Authors: Stuart Staniford, Vern Paxson, Nicholas Weaver Publication: Usenix Security Symposium, 2002 Presenter:

A Taxonomy of Computer Worms Nicholas Weaver, Vern Paxson, Stuart Staniford, and Robert Cunningham ACM WORM 2003 Speaker: Chang Huan Wu 2008/8/8.

CSCE 522 Lecture 12 Program Security Malicious Code.

The Internet Motion Sensor: A Distributed Blackhole Monitoring System Presented By: Arun Krishnamurthy Authors: Michael Bailey, Evan Cooke, Farnam Jahanian,

JEnterprise Suite For Network Monitoring and Security Dr. Sureswaran Ramadass, Dr. Rahmat Budiarto, Mr. Ahmad Manasrah, Mr. M. F. Pasha.

CIS 442- Chapter 3 Worms. Biological and computer worms Definition, main characteristics Differences from Viruses Bandwidth consumption and speed of propagation.

1 Figure 4-16: Malicious Software (Malware) Malware: Malicious software Essentially an automated attack robot capable of doing much damage Usually target-of-opportunity.

Detection Unknown Worms Using Randomness Check Computer and Communication Security Lab. Dept. of Computer Science and Engineering KOREA University Hyundo.

Network and Perimeter Security Paula Kiernan Senior Consultant Ward Solutions.

Modeling Worms: Two papers at Infocom 2003 Worms Programs that self propagate across the internet by exploiting the security flaws in widely used services.

IEEE Communications Surveys & Tutorials 1st Quarter 2008.

Week 10-11c Attacks and Malware III. Remote Control Facility distinguishes a bot from a worm distinguishes a bot from a worm worm propagates itself and.

Draft-chown-v6ops-port-scanning-implications-02 IPv6 Implications for TCP/UDP Port Scanning Tim Chown IETF 65, March 23rd 2006 Dallas,

CHAPTER 9 Sniffing.

What is risk online operation:  massive movement of operation to the internet has attracted hackers who try to interrupt such operation daily.  To unauthorized.

Blackhat 2001 Las Vegas, Nazario, “The Future of Internet Worms” The Future of Internet Worms Jose Nazario Crimelabs Research.

Cybersecurity: Expanding the Front Lines of Defense Dr. George K. Kostopoulos Professor Electrical and Computer Engineering Cybersecurity New York Institute.

4061 Session 26 (4/19). Today Network security Sockets: building a server.

Open Malicious Source Symantec Security Response Kaoru Hayashi.

A Case Study on Computer Worms Balaji Badam. Computer worms A self-propagating program on a network Types of Worms  Target Discovery  Carrier  Activation.

Slammer Worm By : Varsha Gupta.P 08QR1A1216.

Volunteer-based Monitoring System Min Gyung Kang KAIST.

Lect 8 Tahani al jehain. Types of attack Remote code execution: occurs when an attacker exploits a software and runs a program that the user does not.

Puppetnets: Misusing Web Browsers as a Distributed Attack Infrastructure Paper By : V.T.Lam, S.Antonatos, P.Akritidis, K.G.Anagnostakis Conference : ACM.

Page 1 Viruses. Page 2 What Is a Virus A virus is basically a computer program that has been written to perform a specific set of tasks. Unfortunately,

By: Matthew Newsome.  The Internet was created so the US Department of Defense can share information between each other, which took place in the 1960’s.

Information Systems CS-507 Lecture 32. Physical Intrusion The intruder could physically enter an organization to steal information system assets or carry.

NEXT GENERATION ATTACKS & EXPLOIT MITIGATIONS TECHNIQUES ID No: 1071 Name: Karthik GK ID: College: Sathyabama university.

Internet Quarantine: Requirements for Containing Self-Propagating Code

Viruses and Other Malicious Content

How And The Internet Work

Internet Worm propagation

A Distributed DoS in Action

Objectives Explain the role of computers in client-server and peer-to-peer networks Explain the advantages and disadvantages of client- server and peer-to-peer.

Introduction to Internet Worm

Presentation transcript:

A Taxonomy of Computer Worms Ashish Gupta Network Security April 2004

Overview What are worms ? The six factors on taxonomy Target Discovery Propagation Activation Payloads Attackers End

Worm vs a virus 1. Self propagates across the network 2. Exploits security or policy flaws in widely used services 3. Less mature defense today

+ Attacker Target Discovery Carrier Activation Payload OVERVIEW

Target Discovery

Scanning sequential, random Target Lists pre-generated, external (game servers), internal Passive

Target Discovery Internal Target Lists –Discover the local communication topology –Similar to DV algorithm –Very fast ?? Function of shortest paths –Any example ? –Difficult to detect Suggests highly distributed sensors

Toolkit potential  Worm tutorialhttp://lcamtuf.coredump.cx/worm.txt

Carrier

Self-Carried active transmission Second Channel e.g. RPC, TFTP ( blaster worm ) Embedded e.g. web requests

Activation

Human Activation Social Enginnering e.g. MyDoom  SCO Killer ! Human activity-based activation e.g. logging in, rebooting Scheduled process activation e.g. updates, backup etc. Self Activation e.g. Code Red

MyDoom : Fastest Ever

Payload

Internet Remote Control Internet DOS : paper’s dream realized Data Damage: Chernobyl, Klez Physical World Damage Human control  Blackmail !

Attacker

Curiosity Pride and Power Commercial Advantage Extortion and criminal gain Terrorism  Example Cyber Warfare

Theodore Kaczynski Born in ChicagoChicago extremely gifted as a child American terrorist who attempted to fight against what he perceived as the evils of technological progressAmericanterrorist eighteen-year-long campaign of sending mail bombs to various people, killing three and wounding 29.mail bombs The first mail bomb was sent in late 1978 to Prof. Buckley Crist at Northwestern University1978Northwestern University

+ Attacker Target Discovery Carrier Activation Payload CONCLUSION

??? given the target discovery/propagation methods of worms, –how to detect it? –with only network traffic header data? –at ISP? at edge routers? at end hosts?