Presentation is loading. Please wait.

Presentation is loading. Please wait.

Advisor: Frank,Yeong-Sung Lin Presented by Jia-Ling Pan

Published byNorma Paoli Modified over 5 years ago

Similar presentations

Presentation on theme: "Advisor: Frank,Yeong-Sung Lin Presented by Jia-Ling Pan"— Presentation transcript:

1 Advisor: Frank,Yeong-Sung Lin Presented by Jia-Ling Pan
Effective Network Planning and Defending Strategies to Minimize Attackers’ Success Probabilities under Malicious and Epidemic Attacks 考量惡意攻擊及傳染病攻擊下攻擊者成功機率最小化之有效網路規劃與防禦策略 Advisor: Frank,Yeong-Sung Lin Presented by Jia-Ling Pan 2019/5/3 NTUIM OPLAB

2 Agenda Problem Description Attack-defense Strategies
Enhancement Process 2019/5/3 NTUIM OPLAB

3 Problem Description 2019/5/3 NTUIM OPLAB

4 Problem Description Attacker perspectives Defender perspectives
Attack-defense scenarios 2019/5/3 NTUIM OPLAB

5 Attacker perspectives
Objective Using worms to get a clearer map of network topology information or vulnerability, and eventually compromise core nodes. 2019/5/3 NTUIM OPLAB

6 Attacker perspectives
Worm Propagation Model Two-Factor model Human countermeasures Cleaning compromised computers. Patching or upgrading susceptible computers. Setting up filters to block the worm traffic on firewalls or edge routers. Disconnecting their computers from Internet. Decreased infection rate β(t) The large-scale worm propagation have caused congestion and troubles to some Internet routers, thus slowed down the worm scanning process. 2019/5/3 NTUIM OPLAB

7 Attacker perspectives
Worm Propagation Model Two-Factor Model dR(t)/dt=γI(t) (1) dQ(t)/dt=μS(t)J(t) (2) J(t)=I(t)+R(t) (3) β(t)= β0[1-I(t)/N]η (4) N=S(t)+I(t)+R(t)+Q(t) (5) dS(t)/dt= -β(t)S(t)I(t)-dQ(t)/dt (6) dI(t)/dt= β(t)S(t)I(t)-dR(t)/dt (7) 2019/5/3 NTUIM OPLAB

8 Attacker perspectives
Worm Propagation Model Two-Factor Model I(t)=I(t-1)+dI(t-1)/dt*Δt (8) R(t)=R(t-1)+dR(t-1)/dt*Δt (9) Q(t)=Q(t-1)+dQ(t-1)/dt*Δt (10) S(t)=N-I(t)-R(t)-Q(t) (11) 2019/5/3 NTUIM OPLAB

9 Attacker perspectives
Worm Propagation Model Two-Factor model If I(t)/NA>=0.5, then we think the status of AS node is infectious (I) G D F C A B E NF:10,000 NB:100,000 NG:100,000 I(0)=5, I(0)/NB=5/100,000 ND:1,000,000 I(0)=5, I(0)/NA=5/1,000,000 NE:100,000 I(0)=5, I(0)/NC=5/10,000 NA:1,000,000 NC:10,000 2019/5/3 NTUIM OPLAB

10 Attacker perspectives
Budget Preparing phase Worm purchase / refinement / development Social engineering Attacking phase Node compromising 2019/5/3 NTUIM OPLAB

11 Attacker perspectives
Preparing phase Worm attributes Scanning method: blind vs. hitlist Propagation rate: static vs. dynamic Capability: basic vs. advanced Social engineering Number of edge nodes Number of hops from each core node to edge nodes 2019/5/3 NTUIM OPLAB

12 Attacker perspectives
Attacking phase Node compromising Next hop selection criteria: Link degree Link traffic Node defense resource Worm injection Candidate selection criteria: Hosts of AS node 2019/5/3 NTUIM OPLAB

13 Defender perspectives
Objective Protect core nodes Budget Planning phase Defending phase 2019/5/3 NTUIM OPLAB

14 Defender perspectives
Planning phase Node protection General defense resources allocation(ex: Firewall, IDS) Decentralized information sharing system deployment Defending phase Decentralized information sharing system Unknown worm detection & signature distribution Rate limiting Worm origin identification Firewall reconfiguration Dynamic topology reconfiguration 2019/5/3 NTUIM OPLAB

15 Attack-defense scenarios
2019/5/3 NTUIM OPLAB

16 Decentralized information sharing system
Scenarios O G D J I F C E A B H M AS node N Core AS node Firewall Decentralized information sharing system K Type1 worm Type2 worm L 2019/5/3 NTUIM OPLAB

17 Decentralized information sharing system
Scenarios O G D J I F C E A B H M AS node N Core AS node Firewall Decentralized information sharing system K Type1 worm Type2 worm Attacker A Node compromise L 2019/5/3 NTUIM OPLAB

18 Decentralized information sharing system
Scenarios O G D J I F C E A B H M AS node N Core AS node Firewall Worm injection & propagation Decentralized information sharing system K Type1 worm Type2 worm Attacker A L 2019/5/3 NTUIM OPLAB

19 Decentralized information sharing system
Scenarios O G D J I F C E A B H M AS node N Core AS node Firewall Worm injection & propagation Decentralized information sharing system K Type1 worm Type2 worm Attacker A L 2019/5/3 NTUIM OPLAB

20 Decentralized information sharing system
Scenarios O G D J I F C E A B H M AS node N Core AS node Firewall Worm injection & propagation Decentralized information sharing system Node compromise K Type1 worm Type2 worm Attacker A L 2019/5/3 NTUIM OPLAB

21 Decentralized information sharing system
Scenarios O G D J I F C E A B H M AS node Node compromise N Core AS node Firewall Worm injection & propagation Decentralized information sharing system K Type1 worm Type2 worm Attacker A L 2019/5/3 NTUIM OPLAB

22 Decentralized information sharing system
Scenarios O G D J I F C E A B H M AS node N Core AS node Worm injection & propagation Firewall Worm injection & propagation Decentralized information sharing system K Type1 worm Type2 worm Attacker A L 2019/5/3 NTUIM OPLAB

23 Signature generation& distribution
Scenarios O Signature generation& distribution G D J I F C E A B H M AS node N Core AS node Worm injection & propagation Firewall Worm injection & propagation Decentralized information sharing system K Type1 worm Type2 worm Attacker A Detection alarm L Rate limiting 2019/5/3 NTUIM OPLAB

24 Firewall reconfiguration
Scenarios O G D J I F C E A B H M Worm injection & propagation Firewall reconfiguration AS node N Core AS node Firewall Decentralized information sharing system K Type1 worm Type2 worm Attacker A L 2019/5/3 NTUIM OPLAB

25 Decentralized information sharing system
Scenarios O G D J I F C E A B H M Worm injection & propagation AS node N Core AS node Firewall Decentralized information sharing system K Type1 worm Type2 worm Attacker A L 2019/5/3 NTUIM OPLAB

26 Decentralized information sharing system
Scenarios O G D J I F C E A B H M Worm injection & propagation AS node N Core AS node Firewall Decentralized information sharing system K Type1 worm Type2 worm Attacker A Backdoor L 2019/5/3 NTUIM OPLAB

27 Signature generation& distribution
Scenarios O Signature generation& distribution G D J I F C E A B H M Worm injection & propagation AS node N Core AS node Firewall Decentralized information sharing system K Type1 worm Type2 worm Attacker A Backdoor L Detection alarm 2019/5/3 NTUIM OPLAB

28 Scenarios Worm origin identification Worm origin identification
J I F C E A B H M Worm injection & propagation AS node N Core AS node Firewall Decentralized information sharing system Worm origin identification K Type1 worm Type2 worm Attacker A Worm origin identification Backdoor L Firewall reconfiguration 2019/5/3 NTUIM OPLAB

29 Decentralized information sharing system
Scenarios O G D J I F C E A B H M Worm injection & propagation Node compromise AS node N Core AS node Firewall Decentralized information sharing system K Type1 worm Type2 worm Attacker A Backdoor L 2019/5/3 NTUIM OPLAB

30 dynamic topology reconfiguration
Scenarios O G D J I F C E A B H M Worm injection & propagation AS node N Core AS node Firewall Decentralized information sharing system K Type1 worm Type2 worm Attacker A Backdoor L 2019/5/3 NTUIM OPLAB

31 Attack-defense Strategies
2019/5/3 NTUIM OPLAB

32 Attack Strategies 2019/5/3 NTUIM OPLAB

33 Attack Budget Worm budget Social Engineering budget
30%~70% of total budget (Normal distribution) Social Engineering budget 0%~10% of total budget (Normal distribution) Node compromising budget Total budget - worm budget - social engineering budget ex: If worm budget is 50% of total budget, social engineering budget is 5% of total budget, then node compromising budget is 45% of total budget. 2019/5/3 NTUIM OPLAB

34 Attack Budget Worm Set Decision
If attacker has 115,000, he’ll choose worm set B. If attacker has 130,000, he’ll choose worm set C. Worm Set Purchase Refinement Development Price A 2 1 100,000 B 110,000 C 120,000 2019/5/3 NTUIM OPLAB

35 Attack Budget Worm attributes Purchase Refinement Development
Scanning method Blind scan [1] I(0)=5 Hitlist scan [2] I(0)=(1/150)N I(0)=(1/120)N I(0)=(1/100)N Propagation speed (S):max scan times per unit time [1] S=100 S=200 S=300 Static 0<p<=1 S*p=100*p S*p=200*p S*p=300*p Dynamic 0<p(t)<=1 S*p(t)=100*p(t) S*p(t)=200*p(t) S*p(t)=300*p(t) Capability Basic [3] β0 = 0.8/N β0 = 1/N β0 = 1.2/N Advanced β0 = 0.8/N & Backdoor & Backdoor 2019/5/3 NTUIM OPLAB

36 Attack Budget Social engineering Node compromising
Spend social engineering budget on information gathering. We used a convex function to present the relationship between gathered information and social engineering budget. Node compromising Compromise cost per node are estimated by several convex functions of special parameters and cost. For example: AS node defense resource, total host number of AS node (N). Also estimated by a concave function of gathered information about this AS node and cost. 2019/5/3 NTUIM OPLAB

37 Attack Strategies Node compromising Worm injection
Condition:When attack path is clear, or attempt to inject worm on specific node, or attempt to compromise core node under enough attack budget. Worm injection The same worm Condition:When old worm had not been detected yet, and the infection rate has not decreased to an certain level yet. New worm Condition:When old worm had been detected, or the infection rate has decreased to an certain level 2019/5/3 NTUIM OPLAB

38 Attack Strategies Backdoor/Trojan horse injection
Condition:attacker use worms with advanced capabilities. Worm propagation speed adjustment Condition: attacker use worms with dynamic propagation speed. Stealthy strategy:propagation speed p(t):0.03~0.3 Aggressive strategy:propagation speed p(t):0.8~1 2019/5/3 NTUIM OPLAB

39 Next hop selection criteria
Attack Strategies Node compromising Next hop selection criteria 1.Link degree 1.1 High 1.2 Low 1.3 Random 2.Link traffic 3.Node defense resource …………….. 2019/5/3 NTUIM OPLAB

40 Attack Strategies Node compromising D=(4-2)/4=0.5 G=(50-20)/50=0.6
→Choose node defense resource D=2 G=20 T=100 D: link degree G: node defense resource T: link traffic G D F C A B E D=3 G=50 T=120 D=4 G=30 T=150 2019/5/3 NTUIM OPLAB

41 Next hop selection criteria- Link Degree
2019/5/3 NTUIM OPLAB

42 Next hop selection criteria- Link Traffic
2019/5/3 NTUIM OPLAB

43 Next hop selection criteria- Node Defense Resource
2019/5/3 NTUIM OPLAB

44 Attack Strategies Node compromising
For example, attacker choose link degree as next hop selection criteria, and the score of V1.1, V1.2 and V1.3 represents the score of each corresponding strategy respectively, including: 1.1:prefer higher link degree 1.2:prefer lower link degree 1.3:random If , the probability for choosing prefer higher link degree strategy is , and the probability for choosing prefer lower link degree strategy is 2019/5/3 NTUIM OPLAB

45 Defense Strategies 2019/5/3 NTUIM OPLAB

46 Defense Budget Node deployment Link deployment
General defense resource Decentralized information sharing system deployment Signature generation and distribution 2019/5/3 NTUIM OPLAB

47 Defense Strategies Detection Mitigation Avoidance
Decentralized information sharing Signature generation & distribution Mitigation Rate limiting Worm origin & propagation path identification Avoidance Dynamic topology reconfiguration 2019/5/3 NTUIM OPLAB

48 Defense Strategies Detection Decentralized information sharing
Step 1: Let (contentt−1,k, countt−1,k) be all pairs sent to node i in round t − 1. Step 2: Let dt,i = Σcountt−1,k represent the sum of the prevalence values of the signature contentk received by node i at round t for one particular content block k. Step 3: Compare dt,i with Thresholdi. If dt,i > Thresholdi , then contentk is identified as a worm signature. Step 4: Randomly and uniformly choose target targett (i) from the neighbors of i. Step 5: Send the pair (contentk, 1/2 dt,i ) to targett (i) and i (itself). Signature generation and distribution Condition: when the count of contentk exceeded Thresholdi , the detection node start generating and distributing signatures. 2019/5/3 NTUIM OPLAB

49 Defense Strategies Mitigation Rate limiting
Condition:Only the nodes have deployed the decentralized information sharing system can enable rate limiting mechanism. When the count have not exceed the threshold of generating signature, but exceed the threshold*(70% up). Traffic(in)=Traffic(out)* confidence confidence:0.3~0.7(normal distribution) ex: confidence=0.5, then the ratio of worm traffic sent to the detection node been block is 50% 2019/5/3 NTUIM OPLAB

50 Defense Strategies Mitigation
Worm origin & propagation path identification Condition: when the ratio of infectious nodes over total nodes exceed a certain level. The summary AS traffic information will be aggregate to several detection nodes for analysis. The identification accuracy and communication overhead will be affected by hop number of traverse path (H). [4] 2019/5/3 NTUIM OPLAB

51 Defense Strategies Avoidance Dynamic topology reconfiguration
Disconnect link: Condition:when risk level of core node j has reached the threshold, ex: if the distance between compromised node and core node is one hop, then disconnect the link between them. Reconnect link: Condition:when risk level of core node j has recovered to previous level or the QoS performance reduction has almost reached the threshold, then reconnect the link. Start reconnect the link which connect to the node with highest defense resource. 2019/5/3 NTUIM OPLAB

52 Defense Strategies Avoidance Dynamic topology reconfiguration
Risk Level 𝑉𝑖𝑗 is computed every time attacker selects a target i. 𝑉𝑖𝑗 is the risk level of every core node j from attacker’s target node i. The lowest 𝑉𝑖𝑗 is saved as 𝑉𝐿𝑜𝑤𝑒𝑠𝑡. 2019/5/3 NTUIM OPLAB

53 Defense Strategies Dynamic topology reconfiguration
When node B has been compromised and node D has been infected by worm, defender can disconnect the linkBF or linkDF temporarily. G D F C A B E 2019/5/3 NTUIM OPLAB

54 Enhancement Process 2019/5/3 NTUIM OPLAB

55 2019/5/3 NTUIM OPLAB

56 Enhancement Process Primal Problem IP 1
第一次primal跑M次simulation算出的Zp*為0.7 IP 1 2019/5/3 NTUIM OPLAB

57 Enhancement Process LR Problem 2019/5/3 NTUIM OPLAB

58 Enhancement Process 若初始multiplier μ1皆為0,則First LR problem為 2019/5/3
NTUIM OPLAB

59 Enhancement Process 由此First LR problem就可以知道下列m值 以及ZLR1=0.5
可以算出multipliers μ2 2019/5/3 NTUIM OPLAB

60 Enhancement Process 若得到multiplier μ2,則Second LR problem為
由此Second LR problem就可知道coefficient m以及 ZLR2就可以算出下一輪的multipliers μ3 。 2019/5/3 NTUIM OPLAB

61 Enhancement Process μ_nodelink>μ_special> μ_general>μ_special
Primal Problem Configuration LR Problem Configuration μ_nodelink>μ_special> μ_general>μ_special G:200 D C A B E G:200 F D C A B E G G:120 G G:120 G:100 G:100 G:80 F G:80 G:100 G:100 G:100 G:100 G:150 G:150 2019/5/3 NTUIM OPLAB

62 Enhancement Process Node and link adjustment
First we find the bottleneck of the network topology through simulation analysis. Second we find all the paths pass through the bottleneck and analyze the traffic on these paths belong which services. By service type, find the shortest path form bottleneck to core node and construct a link between new node and the node whose loading is the lowest on shortest path. Construct a link between new node and bottleneck. 2019/5/3 NTUIM OPLAB

63 Enhancement Process Node and link adjustment
Loading of node D is the lowest on the shortest path Loading of node C is too heavy. It’s a bottleneck!! D F C A B E Service 1 G D F C A B E Shortest path form node C to F 2019/5/3 NTUIM OPLAB

64 Enhancement Process Node and link adjustment
Delete node E and the link connect to node E D F C A B E D F C A B E Loading of node E is the lowest. 2019/5/3 NTUIM OPLAB

65 Enhancement Process General defense resource
According to simulation results, we can find those nodes often or seldom been attacked or those nodes attacker willing to spend more or less attack resources to attack. Since the budget constraints has been relaxed, we can adjust the defense rate and figure out how much tm should be put on the node. 2019/5/3 NTUIM OPLAB

66 Enhancement Process General defense resource
Attacker is often willing to spend a lot of attack resources to attack Node D. D F C A B E 2019/5/3 NTUIM OPLAB

67 Node D is seldom been attacked.
Enhancement Process General defense resource Node D is seldom been attacked. D F C A B E 2019/5/3 NTUIM OPLAB

68 Enhancement Process Special defense resource
Decentralized information sharing system According the M simulation results, we can observe the ratio of worm infection on the AS network. If after the signature generation and distribution the ratio of worm infection on the AS network is still high, then we can add the deployment of decentralized information sharing system. If after the signature generation and distribution the ratio of worm infection on the AS network is very low, then we can reduce the deployment of decentralized information sharing system. 2019/5/3 NTUIM OPLAB

69 The ratio of worm infection on the AS network is 4/6
Enhancement Process Special defense resource The ratio of worm infection on the AS network is 4/6 D F C A B E D F C A B E 2019/5/3 NTUIM OPLAB

70 Enhancement Process Defending resource
Signature generation and distribution According the M simulation results, we can observe the ratio of worm infection on the AS network. If after the signature generation and distribution the ratio of worm infection on the AS network is still high, then we can adjust the threshold of generating signatures or distribution frequency of signature. The threshold of generating signatures will influence the false positive of the signatures. 2019/5/3 NTUIM OPLAB

71 Reference [1] T. Vogt, ”Simulating and optimising worm propagation algorithms”, 2003 [2] C.C. Zou, L. Gao, W. Gong, D. Towsley, ”Monitoring and Early Warning for Internet Worms”, In Proceedings of 10th ACM Conference on Computer and Communications Security, 2003. [3] C.C. Zou, W. Gong and D. Towsley, ” Code Red Worm Propagation Modeling and Analysis”, 9th ACM Symposium on Computer and Communication Security, Pages , 2002. [4] Y. Xie, V. Sekar, M.K. Reiter and H. Zhang, ” Forensic Analysis for Epidemic Attacks in Federated Networks”, Proceedings of the th IEEE International Conference on Network Protocols, November 2006. 2019/5/3 NTUIM OPLAB

72 Thanks for your listening
2019/5/3 NTUIM OPLAB

Download ppt "Advisor: Frank,Yeong-Sung Lin Presented by Jia-Ling Pan"

Similar presentations

Border Gateway Protocol Ankit Agarwal Dashang Trivedi Kirti Tiwari.

Border Gateway Protocol Ankit Agarwal Dashang Trivedi Kirti Tiwari.
Research Direction Introduction Advisor : Frank, Y.S. Lin Presented by Yu Pu Wu.

Research Direction Introduction Advisor : Frank, Y.S. Lin Presented by Yu Pu Wu.
Worm Origin Identification Using Random Moonwalks Yinglian Xie, V. Sekar, D. A. Maltz, M. K. Reiter, Hui Zhang 2005 IEEE Symposium on Security and Privacy.

Worm Origin Identification Using Random Moonwalks Yinglian Xie, V. Sekar, D. A. Maltz, M. K. Reiter, Hui Zhang 2005 IEEE Symposium on Security and Privacy.
Edith C. H. Ngai1, Jiangchuan Liu2, and Michael R. Lyu1

Edith C. H. Ngai1, Jiangchuan Liu2, and Michael R. Lyu1
 Well-publicized worms  Worm propagation curve  Scanning strategies (uniform, permutation, hitlist, subnet) 1.

 Well-publicized worms  Worm propagation curve  Scanning strategies (uniform, permutation, hitlist, subnet) 1.
Modeling the spread of active worms Zesheng Chen, Lixin Gao, and Kevin Kwiat bearhsu - INFOCOM 2003.

Modeling the spread of active worms Zesheng Chen, Lixin Gao, and Kevin Kwiat bearhsu - INFOCOM 2003.
Traffic Engineering Jennifer Rexford Advanced Computer Networks Tuesdays/Thursdays 1:30pm-2:50pm.

Traffic Engineering Jennifer Rexford Advanced Computer Networks Tuesdays/Thursdays 1:30pm-2:50pm.
Code Red Worm Propagation Modeling and Analysis Zou, Gong, & Towsley Michael E. Locasto March 4, 2003 Paper # 46.

Code Red Worm Propagation Modeling and Analysis Zou, Gong, & Towsley Michael E. Locasto March 4, 2003 Paper # 46.
Analyzing Cooperative Containment Of Fast Scanning Worms Jayanthkumar Kannan Joint work with Lakshminarayanan Subramanian, Ion Stoica, Randy Katz.

Analyzing Cooperative Containment Of Fast Scanning Worms Jayanthkumar Kannan Joint work with Lakshminarayanan Subramanian, Ion Stoica, Randy Katz.
Adaptive Self-Configuring Sensor Network Topologies ns-2 simulation & performance analysis Zhenghua Fu Ben Greenstein Petros Zerfos.

Adaptive Self-Configuring Sensor Network Topologies ns-2 simulation & performance analysis Zhenghua Fu Ben Greenstein Petros Zerfos.
Worm Defense. Outline  Internet Quarantine: Requirements for Containing Self-Propagating Code  Netbait: a Distributed Worm Detection Service  Midgard.

Worm Defense. Outline  Internet Quarantine: Requirements for Containing Self-Propagating Code  Netbait: a Distributed Worm Detection Service  Midgard.
Internet Quarantine: Requirements for Containing Self-Propagating Code David Moore et. al. University of California, San Diego.

Internet Quarantine: Requirements for Containing Self-Propagating Code David Moore et. al. University of California, San Diego.
1 Email Worm Modeling and Defense Cliff C. Zou, Don Towsley, Weibo Gong Univ. Massachusetts, Amherst.

1 Worm Modeling and Defense Cliff C. Zou, Don Towsley, Weibo Gong Univ. Massachusetts, Amherst.
Denial of Service A Brief Overview. Denial of Service Significance of DoS in Internet Security Low-Rate DoS Attacks – Timing and detection – Defense High-Rate,

Denial of Service A Brief Overview. Denial of Service Significance of DoS in Internet Security Low-Rate DoS Attacks – Timing and detection – Defense High-Rate,
1 Pertemuan 20 Teknik Routing Matakuliah: H0174/Jaringan Komputer Tahun: 2006 Versi: 1/0.

1 Pertemuan 20 Teknik Routing Matakuliah: H0174/Jaringan Komputer Tahun: 2006 Versi: 1/0.
M.Menelaou CCNA2 ROUTING. M.Menelaou ROUTING Routing is the process that a router uses to forward packets toward the destination network. A router makes.

M.Menelaou CCNA2 ROUTING. M.Menelaou ROUTING Routing is the process that a router uses to forward packets toward the destination network. A router makes.
Source-End Defense System against DDoS attacks Fu-Yuan Lee, Shiuhpyng Shieh, Jui-Ting Shieh and Sheng Hsuan Wang Distributed System and Network Security.

Source-End Defense System against DDoS attacks Fu-Yuan Lee, Shiuhpyng Shieh, Jui-Ting Shieh and Sheng Hsuan Wang Distributed System and Network Security.
Research Direction Introduction Advisor: Professor Frank, Y.S. Lin Presented by Chi-Hsiang Chan 2011/10/111.

Research Direction Introduction Advisor: Professor Frank, Y.S. Lin Presented by Chi-Hsiang Chan 2011/10/111.
Code Red Worm Propagation Modeling and Analysis Zou, Gong, & Towsley Michael E. Locasto March 21, 2003.

Code Red Worm Propagation Modeling and Analysis Zou, Gong, & Towsley Michael E. Locasto March 21, 2003.
Code Red Worm Propagation Modeling and Analysis Cliff Changchun Zou, Weibo Gong, Don Towsley Univ. Massachusetts, Amherst.

Code Red Worm Propagation Modeling and Analysis Cliff Changchun Zou, Weibo Gong, Don Towsley Univ. Massachusetts, Amherst.

Similar presentations

Ads by Google