Presentation is loading. Please wait.

Presentation is loading. Please wait.

Exact Modeling of Propagation for Permutation-Scanning Worms Parbati Kumar Manna, Shigang Chen, Sanjay Ranka INFOCOM’08.

Published byKimberly Stevens Modified over 9 years ago

Similar presentations

Presentation on theme: "Exact Modeling of Propagation for Permutation-Scanning Worms Parbati Kumar Manna, Shigang Chen, Sanjay Ranka INFOCOM’08."— Presentation transcript:

1 Exact Modeling of Propagation for Permutation-Scanning Worms Parbati Kumar Manna, Shigang Chen, Sanjay Ranka INFOCOM’08

2 2008/11/19 Speaker: Li-Ming Chen 2 Virus/Worm: A Brief History 1969 APARNET (forerunner of the Internet) 1979Engineers at Xerox Research Center discover the computer worm 1983 Fred Cohen – Computer Virus 1988 Robert Morris: unleashes a worm that invades ARPANET computers 1995 Microsoft release Windows 95 (and macro virus appears) 1992Toolkits, mutation engine 1999 Melissa virus 2000“I Love You” virus, DoS, DDoS 2001CodeRed I, II, Nimda 2003Slammer (fastest-spreading), Blaster 2004Sasser

3 2008/11/19 Speaker: Li-Ming Chen 3 History of Worm Propagation Modeling 1999 2002 2001 2003 2004 “Directed-graph epidemiological models of computer virus” CodeRed I, II, Nimda Simple epidemic model (considering scanning rate)  Modeling CodeRed propagation (how about network congestion/human countermeasures?) Modeling propagation w/ the idea of “hitlist”, “death rate”, “patching rate”… Study the top speed of flash worm 2005 Self-stopping worm 2006Worus (Worm + Virus) 2008 Permutation-scanning worms

4 2008/11/19 Speaker: Li-Ming Chen 4 Why Modeling Worm Propagation? Simulation  Pros  Cons  Limitation? Modeling  Pros  Cons  Limitation?

5 2008/11/19 Speaker: Li-Ming Chen 5 Outline Permutation-scanning (basis) A 0-jump Worm Model (extension) The k-jump Worm Model Usage of the Analytical Model Conclusion and comments

6 2008/11/19 Speaker: Li-Ming Chen 6 Permutation-scanning Worms Traditional: Random-scanning worms Permutation-scanning:  Divide-and-Conquer  Jumping: Avoid being detected:  Virtual permutation address space Fast vs. Stealthy   the big name vs. nearly no network footprints?

7 2008/11/19 Speaker: Li-Ming Chen 7 Scanzone (Def:) A scanzone is the contiguous range of the addresses that are currently being scanned by an active infected host since the last time it jumped.  Jump:  Old/new infection:  k-jump worm: A special case: 0-jump worm

8 2008/11/19 Speaker: Li-Ming Chen 8 Example: 0-jump Worm

9 2008/11/19 Speaker: Li-Ming Chen 9 Example: 0-jump Worm (cont ’ d)

10 2008/11/19 Speaker: Li-Ming Chen 10 Classification of Scanning Hosts By judging the effectiveness of scanning of the active host (ability to generate new infection) Effective (x): Ineffective (y): Nascent (α):

11 2008/11/19 Speaker: Li-Ming Chen 11 Classification of Scanning Hosts (cont ’ d)

12 2008/11/19 Speaker: Li-Ming Chen 12 Modeling a 0-jump Worm Questions:  Q1:  Q2:  Q3:

13 2008/11/19 Speaker: Li-Ming Chen 13 Modeling a 0-jump Worm (cont ’ d)

14 2008/11/19 Speaker: Li-Ming Chen 14 Ans1: hit ratio

15 2008/11/19 Speaker: Li-Ming Chen 15 Ans2: old/new infection

16 2008/11/19 Speaker: Li-Ming Chen 16 Ans3: the effectiveness

17 2008/11/19 Speaker: Li-Ming Chen 17 Verification of 0-jump Worm Model

18 2008/11/19 Speaker: Li-Ming Chen 18 Extend to k-jump Worm (see results first :p)

19 2008/11/19 Speaker: Li-Ming Chen 19 Extend to k-jump Worm Difference from 0-jump worm:  a

20 2008/11/19 Speaker: Li-Ming Chen 20 Example: State Diagram of a 2-jump Worm

21 2008/11/19 Speaker: Li-Ming Chen 21 k-jump Worm Model

22 2008/11/19 Speaker: Li-Ming Chen 22 (Recall) Usage of the Analytical Model Simulation vs. Analytical Model Finding the Truly Independent variables in the model Effects of parameters on propagation  N  V  φ  r  k

23 2008/11/19 Speaker: Li-Ming Chen 23

24 2008/11/19 Speaker: Li-Ming Chen 24

25 2008/11/19 Speaker: Li-Ming Chen 25

26 2008/11/19 Speaker: Li-Ming Chen 26

Download ppt "Exact Modeling of Propagation for Permutation-Scanning Worms Parbati Kumar Manna, Shigang Chen, Sanjay Ranka INFOCOM’08."

Similar presentations

(Distributed) Denial of Service Nick Feamster CS 4251 Spring 2008.

(Distributed) Denial of Service Nick Feamster CS 4251 Spring 2008.
Code-Red : a case study on the spread and victims of an Internet worm David Moore, Colleen Shannon, Jeffery Brown Jonghyun Kim.

Code-Red : a case study on the spread and victims of an Internet worm David Moore, Colleen Shannon, Jeffery Brown Jonghyun Kim.
Computer Viruses and Worms* *Referred to slides by Dragan Lojpur, Zhu Fang at Florida State University.

Computer Viruses and Worms* *Referred to slides by Dragan Lojpur, Zhu Fang at Florida State University.
Investigating the Impact of Real-World Factors on Internet Worm Propagation Daniel Ray, Charles Ward, Bogdan Munteanu, Jonathan Blackwell, Xiaoyan Hong,

Investigating the Impact of Real-World Factors on Internet Worm Propagation Daniel Ray, Charles Ward, Bogdan Munteanu, Jonathan Blackwell, Xiaoyan Hong,
 Population: N=100,000  Scan rate  = 4000/sec, Initially infected: I 0 =10  Monitored IP space 2 20, Monitoring interval:  = 1 second Infected hosts.

 Population: N=100,000  Scan rate  = 4000/sec, Initially infected: I 0 =10  Monitored IP space 2 20, Monitoring interval:  = 1 second Infected hosts.
 Well-publicized worms  Worm propagation curve  Scanning strategies (uniform, permutation, hitlist, subnet) 1.

 Well-publicized worms  Worm propagation curve  Scanning strategies (uniform, permutation, hitlist, subnet) 1.
Worm Defense. Outline Worm “How to Own the Internet in Your Spare Time” Worm defense Discussions.

Worm Defense. Outline Worm “How to Own the Internet in Your Spare Time” Worm defense Discussions.
Modeling the spread of active worms Zesheng Chen, Lixin Gao, and Kevin Kwiat bearhsu - INFOCOM 2003.

Modeling the spread of active worms Zesheng Chen, Lixin Gao, and Kevin Kwiat bearhsu - INFOCOM 2003.
Self-Stopping Worms Justin Ma, Geoffrey M. Voelker, Stefan Savage Collaborative Center for Internet Epidemiology and Defenses (CCIED) Department of Computer.

Self-Stopping Worms Justin Ma, Geoffrey M. Voelker, Stefan Savage Collaborative Center for Internet Epidemiology and Defenses (CCIED) Department of Computer.
Code Red Worm Propagation Modeling and Analysis Zou, Gong, & Towsley Michael E. Locasto March 4, 2003 Paper # 46.

Code Red Worm Propagation Modeling and Analysis Zou, Gong, & Towsley Michael E. Locasto March 4, 2003 Paper # 46.
Virus Propagation Modeling Chenxi Wang, Christos Faloutsos Yang Wang, Deepayan Chakrabarti Carnegie Mellon University Center for Computer.

Virus Propagation Modeling Chenxi Wang, Christos Faloutsos Yang Wang, Deepayan Chakrabarti Carnegie Mellon University Center for Computer.
Worms: Taxonomy and Detection Mark Shaneck 2/6/2004.

Worms: Taxonomy and Detection Mark Shaneck 2/6/2004.
Vigilante and Potemkin Presenter: Ýmir Vigfússon Based in part on slide sets from Mahesh Balakrishnan and Raghavan Srinivasan.

Vigilante and Potemkin Presenter: Ýmir Vigfússon Based in part on slide sets from Mahesh Balakrishnan and Raghavan Srinivasan.
Analyzing Cooperative Containment Of Fast Scanning Worms Jayanthkumar Kannan Joint work with Lakshminarayanan Subramanian, Ion Stoica, Randy Katz.

Analyzing Cooperative Containment Of Fast Scanning Worms Jayanthkumar Kannan Joint work with Lakshminarayanan Subramanian, Ion Stoica, Randy Katz.
Welcome to CS 450 Internet Security: A Measurement-based Approach.

Welcome to CS 450 Internet Security: A Measurement-based Approach.
Vigilante: End-to-End Containment of Internet Worms Manuel Costa, Jon Crowcroft, Miguel Castro, Antony Rowstron, Lidong Zhou, Lintao Zhang, Paul Barham.

Vigilante: End-to-End Containment of Internet Worms Manuel Costa, Jon Crowcroft, Miguel Castro, Antony Rowstron, Lidong Zhou, Lintao Zhang, Paul Barham.
On the Effectiveness of Automatic Patching Milan Vojnović & Ayalvadi Ganesh Microsoft Research Cambridge, United Kingdom WORM’05, Fairfax, VA, USA, Nov.

On the Effectiveness of Automatic Patching Milan Vojnović & Ayalvadi Ganesh Microsoft Research Cambridge, United Kingdom WORM’05, Fairfax, VA, USA, Nov.
Vigilante: End-to-End Containment of Internet Worms M. Costa et al. (MSR) SOSP 2005 Shimin Chen LBA Reading Group.

Vigilante: End-to-End Containment of Internet Worms M. Costa et al. (MSR) SOSP 2005 Shimin Chen LBA Reading Group.
Modeling/Detecting the Spread of Active Worms Lixin Gao Dept. Of Electrical & Computer Engineering Univ. of Massachusetts

Modeling/Detecting the Spread of Active Worms Lixin Gao Dept. Of Electrical & Computer Engineering Univ. of Massachusetts
Fast and Robust Worm Detection Algorithm Tian Bu Aiyou Chen Scott Vander Wiel Thomas Woo bearhsu.

Fast and Robust Worm Detection Algorithm Tian Bu Aiyou Chen Scott Vander Wiel Thomas Woo bearhsu.

Similar presentations

Ads by Google