Exact Modeling of Propagation for Permutation-Scanning Worms Parbati Kumar Manna, Shigang Chen, Sanjay Ranka INFOCOM’08.

Slides:



Advertisements
Similar presentations
(Distributed) Denial of Service Nick Feamster CS 4251 Spring 2008.
Advertisements

Code-Red : a case study on the spread and victims of an Internet worm David Moore, Colleen Shannon, Jeffery Brown Jonghyun Kim.
Computer Viruses and Worms* *Referred to slides by Dragan Lojpur, Zhu Fang at Florida State University.
Investigating the Impact of Real-World Factors on Internet Worm Propagation Daniel Ray, Charles Ward, Bogdan Munteanu, Jonathan Blackwell, Xiaoyan Hong,
 Population: N=100,000  Scan rate  = 4000/sec, Initially infected: I 0 =10  Monitored IP space 2 20, Monitoring interval:  = 1 second Infected hosts.
 Well-publicized worms  Worm propagation curve  Scanning strategies (uniform, permutation, hitlist, subnet) 1.
Worm Defense. Outline Worm “How to Own the Internet in Your Spare Time” Worm defense Discussions.
Modeling the spread of active worms Zesheng Chen, Lixin Gao, and Kevin Kwiat bearhsu - INFOCOM 2003.
Self-Stopping Worms Justin Ma, Geoffrey M. Voelker, Stefan Savage Collaborative Center for Internet Epidemiology and Defenses (CCIED) Department of Computer.
Code Red Worm Propagation Modeling and Analysis Zou, Gong, & Towsley Michael E. Locasto March 4, 2003 Paper # 46.
Virus Propagation Modeling Chenxi Wang, Christos Faloutsos Yang Wang, Deepayan Chakrabarti Carnegie Mellon University Center for Computer.
Worms: Taxonomy and Detection Mark Shaneck 2/6/2004.
Vigilante and Potemkin Presenter: Ýmir Vigfússon Based in part on slide sets from Mahesh Balakrishnan and Raghavan Srinivasan.
Analyzing Cooperative Containment Of Fast Scanning Worms Jayanthkumar Kannan Joint work with Lakshminarayanan Subramanian, Ion Stoica, Randy Katz.
Welcome to CS 450 Internet Security: A Measurement-based Approach.
Vigilante: End-to-End Containment of Internet Worms Manuel Costa, Jon Crowcroft, Miguel Castro, Antony Rowstron, Lidong Zhou, Lintao Zhang, Paul Barham.
On the Effectiveness of Automatic Patching Milan Vojnović & Ayalvadi Ganesh Microsoft Research Cambridge, United Kingdom WORM’05, Fairfax, VA, USA, Nov.
Vigilante: End-to-End Containment of Internet Worms M. Costa et al. (MSR) SOSP 2005 Shimin Chen LBA Reading Group.
Modeling/Detecting the Spread of Active Worms Lixin Gao Dept. Of Electrical & Computer Engineering Univ. of Massachusetts
Fast and Robust Worm Detection Algorithm Tian Bu Aiyou Chen Scott Vander Wiel Thomas Woo bearhsu.
How to Own the Internet in your spare time Ashish Gupta Network Security April 2004.
Internet Quarantine: Requirements for Containing Self-Propagating Code David Moore et. al. University of California, San Diego.
1 Worm Modeling and Defense Cliff C. Zou, Don Towsley, Weibo Gong Univ. Massachusetts, Amherst.
1 Chap 10 Malicious Software. 2 Viruses and ”Malicious Programs ” Computer “Viruses” and related programs have the ability to replicate themselves on.
By: Sharad Sharma, Somya Verma, and Taranjit Pabla.
1 ISA 662 Information System Security 20 Years Of PC Viruses.
Active Worms CSE 4471: Information Security 1. Active Worm vs. Virus Active Worm –A program that propagates itself over a network, reproducing itself.
Carleton University School of Computer Science Detecting Intra-enterprise Scanning Worms based on Address Resolution David Whyte, Paul van Oorschot, Evangelos.
1 How to 0wn the Internet in Your Spare Time Authors: Stuart Staniford, Vern Paxson, Nicholas Weaver Publication: Usenix Security Symposium, 2002 Presenter:
Detection of ASCII Malware Parbati Kumar Manna Dr. Sanjay Ranka Dr. Shigang Chen.
1 Modeling, Analysis, and Mitigation of Internet Worm Attacks Presenter: Cliff C. Zou Dept. of Electrical & Computer Engineering University of Massachusetts,
A Taxonomy of Computer Worms Nicholas Weaver, Vern Paxson, Stuart Staniford, and Robert Cunningham ACM WORM 2003 Speaker: Chang Huan Wu 2008/8/8.
CHAPTER 14 Viruses, Trojan Horses and Worms. INTRODUCTION Viruses, Trojan Horses and worm are malicious programs that can cause damage to information.
1 Chap 10 Virus. 2 Viruses and ”Malicious Programs ” Computer “Viruses” and related programs have the ability to replicate themselves on an ever increasing.
Viruses Juan Arriola CS-100. HISTORY Computers viruses first appeared with the credit of John von Neumann due to his studies on the self replication of.
CIS 442- Chapter 3 Worms. Biological and computer worms Definition, main characteristics Differences from Viruses Bandwidth consumption and speed of propagation.
How to Own the Internet in Your Spare Time (Stuart Staniford Vern Paxson Nicholas Weaver ) Giannis Kapantaidakis University of Crete CS558.
Code Red Worm Propagation Modeling and Analysis Cliff Changchun Zou, Weibo Gong, Don Towsley Univ. Massachusetts, Amherst.
Detection Unknown Worms Using Randomness Check Computer and Communication Security Lab. Dept. of Computer Science and Engineering KOREA University Hyundo.
CODE RED WORM PROPAGATION MODELING AND ANALYSIS Cliff Changchun Zou, Weibo Gong, Don Towsley.
Code Red Worm Propagation Modeling and Analysis Cliff Changchun Zou, Weibo Gong, Don Towsley.
Made by : Mohamed kullab DR. Sanaa el sayegh.  Most personal computers are now connected to the Internet and to local area networks, facilitating the.
Modeling Worms: Two papers at Infocom 2003 Worms Programs that self propagate across the internet by exploiting the security flaws in widely used services.
IEEE Communications Surveys & Tutorials 1st Quarter 2008.
Recent Internet Viruses & Worms By Doppalapudi Raghu.
1 Worm Propagation Modeling and Analysis under Dynamic Quarantine Defense Cliff C. Zou, Weibo Gong, Don Towsley Univ. Massachusetts, Amherst.
Computer Viruses and Worms By: Monika Gupta Monika Gupta.
1 Modeling, Early Detection, and Mitigation of Internet Worm Attacks Cliff C. Zou Assistant professor School of Computer Science University of Central.
What do you know about your network Or maybe you don’t know who’s really there.
1 On the Performance of Internet Worm Scanning Strategies Authors: Cliff C. Zou, Don Towsley, Weibo Gong Publication: Journal of Performance Evaluation,
Worm Defense Alexander Chang CS239 – Network Security 05/01/2006.
Detection and Propagation Modeling of Internet Worms Ph.D. research proposal by: Parbati Kumar Manna Co-advised by: Dr. Sanjay Ranka and Dr. Shigang Chen.
Viruses a piece of self-replicating code attached to some other code – cf biological virus both propagates itself & carries a payload – carries code to.
METAMORPHIC VIRUS NGUYEN LE VAN.
1 On the Performance of Internet Worm Scanning Strategies Cliff C. Zou, Don Towsley, Weibo Gong Univ. Massachusetts, Amherst.
1 Modeling, Early Detection, and Mitigation of Internet Worm Attacks Cliff C. Zou Assistant professor School of Computer Science University of Central.
Slammer Worm By : Varsha Gupta.P 08QR1A1216.
1 Monitoring and Early Warning for Internet Worms Cliff C. Zou, Lixin Gao, Weibo Gong, Don Towsley Univ. Massachusetts, Amherst.
1 Modeling and Measuring Botnets David Dagon, Wenke Lee Georgia Institute of Technology Cliff C. Zou Univ. of Central Florida Funded by NSF CyberTrust.
How to 0wn the Internet In Your Spare Time Authors Stuart Staniford, Vern Paxson, Nicholas Weaver Published Proceedings of the 11th USENIX Security Symposium.
2016/3/13 1 Peer-to-peer system-based active worm attacks: Modeling, analysis and defense Wei Yu, Sriram Chellappan, Xun Wang, Dong Xuan Computer Communications.
Exact Propagation Modeling of Permutation-Scanning Worms Parbati Kumar Manna Dr. Shigang Chen Dr. Sanjay Ranka University of Florida.
Virus Infections By: Lindsay Bowser. Introduction b What is a “virus”? b Brief history of viruses b Different types of infections b How they spread b.
@Yuan Xue Worm Attack Yuan Xue Fall 2012.
Vigilante: End-to-End Containment of Internet Worms Manuel Costa, Jon Crowcroft, Miguel Castro, Antony Rowstron, Lidong Zhou, Lintao Zhang and Paul Barham.
Internet Worm propagation
Jonathan Griffin Andy Norman Jamie Twycross Matthew Williamson
CSE551: Introduction to Information Security
Introduction to Internet Worm
Presentation transcript:

Exact Modeling of Propagation for Permutation-Scanning Worms Parbati Kumar Manna, Shigang Chen, Sanjay Ranka INFOCOM’08

2008/11/19 Speaker: Li-Ming Chen 2 Virus/Worm: A Brief History 1969 APARNET (forerunner of the Internet) 1979Engineers at Xerox Research Center discover the computer worm 1983 Fred Cohen – Computer Virus 1988 Robert Morris: unleashes a worm that invades ARPANET computers 1995 Microsoft release Windows 95 (and macro virus appears) 1992Toolkits, mutation engine 1999 Melissa virus 2000“I Love You” virus, DoS, DDoS 2001CodeRed I, II, Nimda 2003Slammer (fastest-spreading), Blaster 2004Sasser

2008/11/19 Speaker: Li-Ming Chen 3 History of Worm Propagation Modeling “Directed-graph epidemiological models of computer virus” CodeRed I, II, Nimda Simple epidemic model (considering scanning rate)  Modeling CodeRed propagation (how about network congestion/human countermeasures?) Modeling propagation w/ the idea of “hitlist”, “death rate”, “patching rate”… Study the top speed of flash worm 2005 Self-stopping worm 2006Worus (Worm + Virus) 2008 Permutation-scanning worms

2008/11/19 Speaker: Li-Ming Chen 4 Why Modeling Worm Propagation? Simulation  Pros  Cons  Limitation? Modeling  Pros  Cons  Limitation?

2008/11/19 Speaker: Li-Ming Chen 5 Outline Permutation-scanning (basis) A 0-jump Worm Model (extension) The k-jump Worm Model Usage of the Analytical Model Conclusion and comments

2008/11/19 Speaker: Li-Ming Chen 6 Permutation-scanning Worms Traditional: Random-scanning worms Permutation-scanning:  Divide-and-Conquer  Jumping: Avoid being detected:  Virtual permutation address space Fast vs. Stealthy   the big name vs. nearly no network footprints?

2008/11/19 Speaker: Li-Ming Chen 7 Scanzone (Def:) A scanzone is the contiguous range of the addresses that are currently being scanned by an active infected host since the last time it jumped.  Jump:  Old/new infection:  k-jump worm: A special case: 0-jump worm

2008/11/19 Speaker: Li-Ming Chen 8 Example: 0-jump Worm

2008/11/19 Speaker: Li-Ming Chen 9 Example: 0-jump Worm (cont ’ d)

2008/11/19 Speaker: Li-Ming Chen 10 Classification of Scanning Hosts By judging the effectiveness of scanning of the active host (ability to generate new infection) Effective (x): Ineffective (y): Nascent (α):

2008/11/19 Speaker: Li-Ming Chen 11 Classification of Scanning Hosts (cont ’ d)

2008/11/19 Speaker: Li-Ming Chen 12 Modeling a 0-jump Worm Questions:  Q1:  Q2:  Q3:

2008/11/19 Speaker: Li-Ming Chen 13 Modeling a 0-jump Worm (cont ’ d)

2008/11/19 Speaker: Li-Ming Chen 14 Ans1: hit ratio

2008/11/19 Speaker: Li-Ming Chen 15 Ans2: old/new infection

2008/11/19 Speaker: Li-Ming Chen 16 Ans3: the effectiveness

2008/11/19 Speaker: Li-Ming Chen 17 Verification of 0-jump Worm Model

2008/11/19 Speaker: Li-Ming Chen 18 Extend to k-jump Worm (see results first :p)

2008/11/19 Speaker: Li-Ming Chen 19 Extend to k-jump Worm Difference from 0-jump worm:  a

2008/11/19 Speaker: Li-Ming Chen 20 Example: State Diagram of a 2-jump Worm

2008/11/19 Speaker: Li-Ming Chen 21 k-jump Worm Model

2008/11/19 Speaker: Li-Ming Chen 22 (Recall) Usage of the Analytical Model Simulation vs. Analytical Model Finding the Truly Independent variables in the model Effects of parameters on propagation  N  V  φ  r  k

2008/11/19 Speaker: Li-Ming Chen 23

2008/11/19 Speaker: Li-Ming Chen 24

2008/11/19 Speaker: Li-Ming Chen 25

2008/11/19 Speaker: Li-Ming Chen 26

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.