The Effect of Infection Time on Internet Worm Propagation

Save this PDF as:
 WORD  PNG  TXT  JPG

Size: px
Start display at page:

Download "The Effect of Infection Time on Internet Worm Propagation"

Transcription

1 The Effect of Infection Time on Internet Worm Propagation Erika Rice The Effect of Infection Time oninternet Worm Propagation p 1

2 Background Worms are self propagating programs that spread over a network, usually the Internet Unlike viruses, worms are not dependent on other programs, like clients Worms spread by scanning the network for vulnerable machines and then infecting them The Effect of Infection Time oninternet Worm Propagation p 2

3 Worm Spread Internet worms can spread devastatingly quickly July 2001: Code Red infects 359,000 computers in less than 14 hours January 2003: SQL Slammer infects 75,000 computers in 10 minutes August 2003: MSBlaster infects 120,000 computers in 24 hours The Effect of Infection Time oninternet Worm Propagation p 3

4 Existing Models Propagation Models Staniford, Paxson & Weavers s Random Constant Spread Model (RCS) Kephart & White s Epidemiological Model Kermack-Mckendrick Epidemic Model Chen, Gao & Kwiat s Analytical Active Worm Propagation Model (AAWP) Specialized Models Williamson & Léveillé s Virus Scanner Model Zou, Gong & Towsley s Dynamic Quarantine Model The Effect of Infection Time oninternet Worm Propagation p 4

5 Infection Time These models ignore the fact that computers are not infected instantaneously It takes time for the worm to transer its code to the infected machine Does transfer time significantly effect the time it takes a worm to spread? The Effect of Infection Time oninternet Worm Propagation p 5

6 Approach Extend the Kermack-Mckendrick Epidemic Model to have a state for scanned computers The Effect of Infection Time oninternet Worm Propagation p 6

7 Assumptions Computers are not entering the network Removed computers never re-enter the network Computers are only removed after they have been fully infected Any computer can reach any other computer in one hop, and scanning is random The network is large The worm in running on an IPv4 network Infected machines rarely scan the same machine at the same time The network speed is not affected by the worm The Effect of Infection Time oninternet Worm Propagation p 7

8 Assumptions Computers are not entering the network Removed computers never re-enter the network Computers are only removed after they have been fully infected Any computer can reach any other computer in one hop, and scanning is random The network is large The worm in running on an IPv4 network Infected machines rarely scan the same machine at the same time The network speed is not affected by the worm The Effect of Infection Time oninternet Worm Propagation p 7

9 My Model: Populations Define the following populations: V : Vulnerable machines S: Scanned machines I: Infected machines R: Removed machines The Effect of Infection Time oninternet Worm Propagation p 8

10 My Model: Constants Define the following constants: η: Scans per second from an infected machine β: η 2 32, the chance a scan hits a real IP address γ: Removal rate of infected machines γ 1 is the average number of seconds an infected machine will spread the worm τ: The average network transfer rate in KB/s σ: The size of the worm in KB The Effect of Infection Time oninternet Worm Propagation p 9

11 My Model: Equations dv dt = βiv di dt = τ σ S γi ds dt = βiv τ σ S dr dt = γi The Effect of Infection Time oninternet Worm Propagation p 10

12 Results: Code Red These results show the effect of scanning for the Code Red worm For this simulation V 0 = 500,000, I 0 = 1, t max = 100 hours, η = 2 scans/s, and γ = For the scanning model (right) σ = 4 KB, τ = 001 KB/s 5 x 105 Worm Spread Under the Kermack Mckendrick Epidemic Model 5 x 105 Worm Spread Under the Scanning Model Population size % of total population Infected Removed Vulnerable Population size % of total population Infected Removed Vulnerable Scanned time (hours) time (hours) The Effect of Infection Time oninternet Worm Propagation p 11

13 Results: SQL Slammer These results show the effect of scanning for the Code Red worm For this simulation V 0 = 75,000, I 0 = 10, t max = 600 seconds, η = 4000 scans/s, and γ = For the scanning model (right) σ = 04 KB, τ = 001 KB/s 8 x 104 Worm Spread Under the Kermack Mckendrick Epidemic Model 8 x 104 Worm Spread Under the Scanning Model Population size % of total population Infected Removed Vulnerable Population size % of total population Infected Removed Vulnerable Scanned time (seconds) time (seconds) The Effect of Infection Time oninternet Worm Propagation p 12

14 Analysis Choice of network speed: 001 KB/s reflects the network slowing due to the worm Code Red: The download time for the worm is not significant when the scan rate is low SQL Slammer: The download time for the worm is significant when the scan rate is high Extensions: Model the network speed as a function of the number of infected computers The Effect of Infection Time oninternet Worm Propagation p 13

15 References [1] David Becker & Matt Hines FBI arrests MSBlast worm suspect [2] CAIDA Analysis of Code Red [3] Zesheng Chen, Lixin Gao, & Kevin Kwiat Modeling the Spread of Active Worms wwwlabreatechnologiescom/aawppdf [4] Cliff Changchun Zou, Weibo Gong, & Don Towsley Worm Propagation Modeling and Analysis under Dynamic Quarantine Defense tennisecsumassedu/~czou/research/dynamicquarantinepdf [5] Kimberly Claffy Internet traffic characterization citeseeristpsuedu/claffy94internethtml [6] David Moore, Vern Paxson, Stefan Savage, Colleen Shannon, Stuart Staniford, & Nicholas Weaver The Spread of the Sapphire/Slammer Worm The Effect of Infection Time oninternet Worm Propagation p 14

Intelligent Worms: Searching for Preys

Intelligent Worms: Searching for Preys Intelligent Worms: Searching for Preys By Zesheng Chen and Chuanyi Ji ABOUT THE AUTHORS. Zesheng Chen is currently a Ph.D. Candidate in the Communication Networks and Machine Learning Group at the School

More information

Routing Worm: A Fast, Selective Attack Worm based on IP Address Information

Routing Worm: A Fast, Selective Attack Worm based on IP Address Information 1 Routing Worm: A Fast, Selective Attack Worm based on IP Address Information Cliff C. Zou, Don Towsley, Weibo Gong, Songlin Cai Department of Electrical & Computer Engineering Department of Computer Science

More information

Routing Worm: A Fast, Selective Attack Worm based on IP Address Information

Routing Worm: A Fast, Selective Attack Worm based on IP Address Information Routing Worm: A Fast, Selective Attack Worm based on IP Address Information Cliff C. Zou, Don Towsley, Weibo Gong, Songlin Cai Department of Electrical & Computer Engineering Department of Computer Science

More information

Optimal worm-scanning method using vulnerable-host distributions

Optimal worm-scanning method using vulnerable-host distributions Optimal worm-scanning method using vulnerable-host distributions Zesheng Chen and Chuanyi Ji School of Electrical & Computer Engineering Georgia Institute of Technology, Atlanta, Georgia 3332 Email: {zchen,

More information

The Spread of the Sapphire/Slammer Worm

The Spread of the Sapphire/Slammer Worm The Spread of the Sapphire/Slammer Worm By (in alphabetical order) David Moore Vern Paxson Stefan Savage Colleen Shannon Stuart Staniford Nicholas Weaver CAIDA & UCSD CSE ICIR & LBNL UCSD CSE CAIDA Silicon

More information

Effective Worm Detection for Various Scan Techniques

Effective Worm Detection for Various Scan Techniques Effective Worm Detection for Various Scan Techniques Jianhong Xia, Sarma Vangala, Jiang Wu and Lixin Gao Department of Electrical and Computer Engineering University of Massachusetts at Amherst Amherst,

More information

Understanding the Behavior of Internet Worm through PArallel Worm Simulator (PAWS)

Understanding the Behavior of Internet Worm through PArallel Worm Simulator (PAWS) Understanding the Behavior of Internet Worm through PArallel Worm Simulator (PAWS) Tiffany Tachibana Computer Science and lnformation Technology California State University, Monteray Bay ttachibana@csumb.edu

More information

Source Code Analysis of Worms

Source Code Analysis of Worms Source Code Analysis of Worms Puja Bajaj, Arjun Guha Roy Department of Computer Science St. Cloud State University, St. Cloud MN 56301 bapu0201@stcloudstate.edu, roar0301@stcloudstate.edu Abstract New

More information

REQUIREMENTS ON WORM MITIGATION TECHNOLOGIES IN MANETS

REQUIREMENTS ON WORM MITIGATION TECHNOLOGIES IN MANETS REQUIREMENTS ON WORM MITIGATION TECHNOLOGIES IN MANETS Robert G. Cole and Nam Phamdo JHU Applied Physics Laboratory {robert.cole,nam.phamdo}@jhuapl.edu Moheeb A. Rajab and Andreas Terzis Johns Hopkins

More information

Review Study on Techniques for Network worm Signatures Automation

Review Study on Techniques for Network worm Signatures Automation Review Study on Techniques for Network worm Signatures Automation 1 Mohammed Anbar, 2 Sureswaran Ramadass, 3 Selvakumar Manickam, 4 Syazwina Binti Alias, 5 Alhamza Alalousi, and 6 Mohammed Elhalabi 1,

More information

Dynamic Quarantine of Internet Worms

Dynamic Quarantine of Internet Worms The International Conference on Dependable Systems and Networks (DSN-24). Palazzo dei Congressi, Florence, Italy. June 28th - July, 24. Dynamic Quarantine of Internet Worms Cynthia Wong, Chenxi Wang, Dawn

More information

A Study of Mass-mailing Worms

A Study of Mass-mailing Worms A Study of Mass-mailing Worms Cynthia Wong, Stan Bielski, Jonathan M. McCune, Chenxi Wang Carnegie Mellon University 5 Forbes Avenue, Pittsburgh, PA, 15213 {cindywon, bielski, jonmccune, chenxi}@cmu.edu

More information

CSE331: Introduction to Networks and Security. Lecture 15 Fall 2006

CSE331: Introduction to Networks and Security. Lecture 15 Fall 2006 CSE331: Introduction to Networks and Security Lecture 15 Fall 2006 Worm Research Sources "Inside the Slammer Worm" Moore, Paxson, Savage, Shannon, Staniford, and Weaver "How to 0wn the Internet in Your

More information

Code Red Worm Propagation Modeling and Analysis

Code Red Worm Propagation Modeling and Analysis Code Red Worm Propagation Modeling and Analysis Cliff Changchun Zou Dept. Electrical & Computer Engineering Univ. Massachusetts Amherst, MA czou@ecs.umass.edu Weibo Gong Dept. Electrical & Computer Engineering

More information

The Spread of the Witty Worm

The Spread of the Witty Worm The Spread of the Witty Worm Colleen Shannon David Moore cshannon @ caida.org dmoore @ caida.org www.caida.org SDRIW, June 15, 2004 UCSD CSE What is CAIDA? Cooperative Association for Internet Data Analysis

More information

! Slammer Worm. ! Shaft DoS attack. ! Mstream DoS attack. ! Trin00 DoS attack. ! First gained notice with the Morris worm of 88. !

! Slammer Worm. ! Shaft DoS attack. ! Mstream DoS attack. ! Trin00 DoS attack. ! First gained notice with the Morris worm of 88. ! Outline Early DoS and Worms Ben Wilde 7 February, 2005 Comp 290 Network Intrusion Detection Introduction to worms Potential damage that *could* be caused (theoretical) Examples of recent worms and DoS

More information

How do DoS attacks work? CSE 123b Communications Software. Step 1: Attacker infiltrates machines. Step 2: Attacker sends commands to handler

How do DoS attacks work? CSE 123b Communications Software. Step 1: Attacker infiltrates machines. Step 2: Attacker sends commands to handler CSE 123b Communications Software Spring 2003 Lecture 16: Network Security II Stefan Savage How do DoS attacks work? Denial-of-service attacks Logic: exploit bugs to cause crash» e.g. Ping-of-Death, Land

More information

Peer to Peer Networks for Defense Against Internet Worms

Peer to Peer Networks for Defense Against Internet Worms Peer to Peer etworks for Defense Against Internet Worms Srinivas Shakkottai Dept. of Electrical and Computer Engineering and Coordinated Science Laboratory University of Illinois at Urbana-Champaign sshakkot@uiuc.edu

More information

Spectral Flatness Measurements for Detection of C-Worms

Spectral Flatness Measurements for Detection of C-Worms Spectral Flatness Measurements for Detection of C-Worms Rajesh Jaladi #1, Mr. Rakesh Nayak #`2 #1M.tech Student,Dept of CSE, 1 Sri Vasavi Engineering College, Tadepalligudem, Andhra Pradesh, #2Assoc.Professor,Dept

More information

MODELING AND DEFENDING AGAINST INTERNET WORM ATTACKS

MODELING AND DEFENDING AGAINST INTERNET WORM ATTACKS MODELING AND DEFENDING AGAINST INTERNET WORM ATTACKS A Thesis Presented to The Academic Faculty by Zesheng Chen In Partial Fulfillment of the Requirements for the Degree Doctor of Philosophy in the School

More information

Distributed Worm Simulation with a Realistic Internet Model

Distributed Worm Simulation with a Realistic Internet Model Distributed Worm Simulation with a Realistic Internet Model Songjie Wei, Jelena Mirkovic, Martin Swany Computer & Information Sciences University of Delaware Newark, DE 19716 (weis, sunshine, swany@cis.udel.edu)

More information

A Firewall Network System for Worm Defense in Enterprise Networks

A Firewall Network System for Worm Defense in Enterprise Networks 1 A Firewall Network System for Worm Defense in Enterprise Networks Cliff C. Zou, Don Towsley, Weibo Gong {czou,gong}@ecs.umass.edu, towsley@cs.umass.edu Univ. Massachusetts, Amherst Technical Report:

More information

A Real-Time Network Traffic Based Worm Detection System for Enterprise Networks

A Real-Time Network Traffic Based Worm Detection System for Enterprise Networks A Real-Time Network Traffic Based Worm Detection System for Enterprise Networks Long-Quan Zhao 1, Seong-Chul Hong 1, Hong-Taek Ju 2 and James Won-Ki Hong 1 1 Dept. of Computer Science and Engineering,

More information

Feedback Email Worm Defense System for Enterprise Networks

Feedback Email Worm Defense System for Enterprise Networks Feedback Email Worm Defense System for Enterprise Networks Cliff C. Zou*, Weibo Gong*, Don Towsley *Dept. Electrical & Computer Engineering Dept. Computer Science University of Massachusetts, Amherst Technical

More information

Modeling Computer Worm Propagation. Renata Aryanti Ilya Perepelitsky Justin Pettit

Modeling Computer Worm Propagation. Renata Aryanti Ilya Perepelitsky Justin Pettit Modeling Computer Worm Propagation Renata Aryanti Ilya Perepelitsky Justin Pettit Background Computer worms are self-replicating programs that spread between systems on a network. They often randomly generate

More information

Sapphire/Slammer Worm. Code Red v2. Sapphire/Slammer Worm. Sapphire/Slammer Worm. Sapphire/Slammer Worm. Why Was Slammer So Fast?

Sapphire/Slammer Worm. Code Red v2. Sapphire/Slammer Worm. Sapphire/Slammer Worm. Sapphire/Slammer Worm. Why Was Slammer So Fast? First Worm Ever Morris Worm Robert Morris, a PhD student at Cornell, was interested in network security He created the first worm with a goal to have a program live on the Internet in November 9 Worm was

More information

SOURCE CODE ANALYSIS AND PERFORMANCE MODELING OF MALWARE

SOURCE CODE ANALYSIS AND PERFORMANCE MODELING OF MALWARE SOURCE CODE NLYSIS ND PERFORMNCE MODELING OF MLWRE nand Mylavarapu, nil Chukkapalli Computer Science Department St. Cloud State University St. Cloud, MN-56301 myan0301@stcloudstate.edu bstract The exponential

More information

CIS 551 / TCOM 401 Computer and Network Security. Spring 2006 Lecture 21

CIS 551 / TCOM 401 Computer and Network Security. Spring 2006 Lecture 21 CIS 551 / TCOM 401 Computer and Network Security Spring 2006 Lecture 21 Outline for Today (and Next Time) Containing worms and viruses Detecting viruses and worms Intrusion detection in general Defenses

More information

Volume 2, Issue 9, September 2014 International Journal of Advance Research in Computer Science and Management Studies

Volume 2, Issue 9, September 2014 International Journal of Advance Research in Computer Science and Management Studies Volume 2, Issue 9, September 2014 International Journal of Advance Research in Computer Science and Management Studies Research Article / Survey Paper / Case Study Available online at: www.ijarcsms.com

More information

Least Effort Strategies for Cybersecurity

Least Effort Strategies for Cybersecurity GORMAN, KULKARNI, SCHINTLER, AND STOUGH: LEAST EFFORT STRATEGIES FOR CYBERSECURITY 1 Least Effort Strategies for Cybersecurity Sean P. Gorman*, Rajendra G. Kulkarni, Laurie A. Schintler, Ph.D., and Roger

More information

Intelligent System for Worm Detection

Intelligent System for Worm Detection Intelligent System for Worm Detection Ibrahim A. Farag Faculty of Computers and Information Cairo University Egypt Mohammed A. Shouman Faculty of Computers and Information, Zagazig University Egypt Tarek

More information

On the Performance of SWORD in Detecting Zero-Day-Worm-Infected Hosts

On the Performance of SWORD in Detecting Zero-Day-Worm-Infected Hosts On the Performance of SWORD in Detecting Zero-Day-Worm-Infected Hosts Shad Stafford University of Oregon staffors@cs.uoregon.edu Jun Li University of Oregon lijun@cs.uoregon.edu Toby Ehrenkranz University

More information

An Approach against a Computer Worm Attack

An Approach against a Computer Worm Attack 48 An Approach against a Computer Worm Attack Ossama Toutonji and Seong-Moo Yoo University of Alabama in untsville, Department of Electrical and Computer Engineering, untsville, Alabama 35899, USA {toutono;

More information

On Friday, 19 March 2004, at approximately 8:45

On Friday, 19 March 2004, at approximately 8:45 Editors: Elias Levy, aleph@securityfocus.com Iván Arce, ivan.arce@coresecurity.com The Spread of the Witty Worm COLLEEN SHANNON AND DAVID MOORE Cooperative Association for Internet Data Analysis (CAIDA)

More information

CMSF: Cooperative Mobile Network Security Information Distribution Framework

CMSF: Cooperative Mobile Network Security Information Distribution Framework CMSF: Cooperative Mobile Network Security Information Distribution Framework Nobutaka Kawaguchi, Yusuke Azuma, Shinya Tahara, Hidekazu Shiozawa, Hiroshi Shigeno and Ken-ichi Okada Faculty of Science and

More information

Defending Against Internet Worms: A Signature-Based Approach

Defending Against Internet Worms: A Signature-Based Approach Defending Against Internet Worms: A Signature-Based Approach Yong Tang Shigang Chen Department of Computer & Information Science & Engineering University of Florida, Gainesville, FL 32611-612, USA {yt1,

More information

Using Plant Epidemiological Methods To Track Computer Network Worms

Using Plant Epidemiological Methods To Track Computer Network Worms Using Plant Epidemiological Methods To Track Computer Network Worms Rishikesh Pande Thesis submitted to the faculty of Virginia Polytechnic Institute and State University in partial fulfillment of the

More information

Tartarus: A honeypot based malware tracking and mitigation framework

Tartarus: A honeypot based malware tracking and mitigation framework Tartarus: A honeypot based malware tracking and mitigation framework Samuel Oswald Hunter Dept. Computer Science Rhodes University Grahamstown, South Africa Email: shunter.dot@gmail.com Barry Irwin Dept.

More information

Designing a Framework for Active Worm Detection on Global Networks

Designing a Framework for Active Worm Detection on Global Networks Designing a Framework for Active Worm Detection on Global Networks Vincent Berk vberk@ists.dartmouth.edu Robert Morris Robert.Morris.Sr@dartmouth.edu George Bakos gbakos@ists.dartmouth.edu Institute for

More information

INTRUSION DETECTION SYSTEMS. Edited by Pawel Skrobanek

INTRUSION DETECTION SYSTEMS. Edited by Pawel Skrobanek INTRUSION DETECTION SYSTEMS Edited by Pawel Skrobanek Intrusion Detection Systems Edited by Pawel Skrobanek Published by InTech Janeza Trdine 9, 51000 Rijeka, Croatia Copyright 2011 InTech All chapters

More information

Towards End-to-End Security

Towards End-to-End Security Towards End-to-End Security Thomas M. Chen Dept. of Electrical Engineering Southern Methodist University PO Box 750338 Dallas, TX 75275-0338 USA Tel: 214-768-8541 Fax: 214-768-3573 Email: tchen@engr.smu.edu

More information

Lecture 19 - Network Security

Lecture 19 - Network Security Lecture 19 - Network Security CMPSC 443 - Spring 2012 Introduction Computer and Network Security Professor Jaeger www.cse.psu.edu/~tjaeger/cse443-s12/ Exploiting the network... The Internet is extremely

More information

Defending Computer Networks Lecture 9: Worms/Firewalls. Stuart Staniford Adjunct Professor of Computer Science

Defending Computer Networks Lecture 9: Worms/Firewalls. Stuart Staniford Adjunct Professor of Computer Science Defending Computer Networks Lecture 9: Worms/Firewalls Stuart Staniford Adjunct Professor of Computer Science Quiz Twenty Minutes (10:10-10:30am) No notes/laptops/tablets/phones/etc Write name/net- id

More information

Evaluation of collaborative worm containment on the DETER testbed

Evaluation of collaborative worm containment on the DETER testbed Evaluation of collaborative worm containment on the DETER testbed L. Li, P. Liu, Y.C. Jhi, G. Kesidis College of Information Sciences & Technology Computer Science and Engineering and Electrical Engineering

More information

Analysis of Attacks towards Turkish National Academic Network

Analysis of Attacks towards Turkish National Academic Network Analysis of Attacks towards Turkish National Academic Network Murat SOYSAL, Onur BEKTAŞ Abstract Monitoring unused IP address is an emerging method for capturing Internet security threads. Either an attack

More information

A Worst-Case Worm. Abstract. 1 Introduction. June 8, 2004

A Worst-Case Worm. Abstract. 1 Introduction. June 8, 2004 A Worst-Case Worm Nicholas Weaver International Computer Science Institute nweaver@icsi.berkeley.edu Vern Paxson International Computer Science Institute vern@icir.org June 8, 2004 Abstract Worms represent

More information

Inferring Internet Denial-of

Inferring Internet Denial-of Inferring Internet Denial-of of-service Activity Geoffrey M. Voelker University of California, San Diego Joint work with David Moore (CAIDA/UCSD) and Stefan Savage (UCSD) Simple Question We were interested

More information

2-5 DAEDALUS: Practical Alert System Based on Large-scale Darknet Monitoring for Protecting Live Networks

2-5 DAEDALUS: Practical Alert System Based on Large-scale Darknet Monitoring for Protecting Live Networks 2-5 DAEDALUS: Practical Alert System Based on Large-scale Darknet Monitoring for Protecting Live Networks A darknet is a set of globally announced unused IP addresses and using it is a good way to monitor

More information

Slammer (sometimes called Sapphire) was the

Slammer (sometimes called Sapphire) was the Inside the Slammer Worm Slammer Worm Dissection DAVID MOORE Cooperative Association for Internet Data Analysis and University of California, San Diego VERN PAXSON International Computer Science Institute

More information

Current Network Security Threats: DoS, Viruses, Worms, Botnets

Current Network Security Threats: DoS, Viruses, Worms, Botnets Current Network Security Threats: DoS, Viruses, Worms, Botnets TERENA May 23, 2007 Colleen Shannon cshannon@caida.org Outline UCSD Network Telescope Denial-of-Service Attacks Viruses and Worms Botnets

More information

Software & Hardware Security

Software & Hardware Security Software & Hardware Security Erik Poll Digital Security group Radboud University Nijmegen The Netherlands Nijmegen 2 Digital Security group Rigorous & formal methods to design & analyse secure ICT systems

More information

Paradigmatic and Exploration of Blind Worm

Paradigmatic and Exploration of Blind Worm Paradigmatic and Exploration of Blind Worm Yellamandaiah Gogula 1, E.Jhansi Rani 2 1Pursuing M.Tech(CSE), 2Asst. Professor, Department of Computer Science Engineering, Nalanda Institute of Engineering

More information

Worm Traffic Analysis and Characterization

Worm Traffic Analysis and Characterization This full text paper was peer reviewed at the direction of IEEE Communications Society subject matter experts for publication in the ICC 7 proceedings. Worm Traffic Analysis and Characterization Alberto

More information

CSE331: Introduction to Networks and Security. Lecture 14 Fall 2006

CSE331: Introduction to Networks and Security. Lecture 14 Fall 2006 CSE331: Introduction to Networks and Security Lecture 14 Fall 2006 Announcements Homework 1 has been graded: Class average: 82 Std. Dev.: 13 CSE331 Fall 2004 2 Malicious Code Trapdoors (e.g. debugging

More information

Using Predators to Combat Worms and Viruses: A Simulation-Based Study

Using Predators to Combat Worms and Viruses: A Simulation-Based Study Using Predators to Combat Worms and Viruses: A Simulation-Based Study Ajay Gupta, Daniel C. DuVarney Department of Computer Science Stony Brook University Stony Brook, NY 11794 {ajay,dand}@cs.sunysb.edu

More information

Simulating Realistic Network Worm Traffic for Worm Warning System Design and Testing

Simulating Realistic Network Worm Traffic for Worm Warning System Design and Testing Simulating Realistic Network Worm Traffic for Worm Warning System Design and Testing Michael Lilenstam David M. Nicol Vincent H. Berk Robert S. Gray {mili,nicol,vberk,rgray}@ists.dartmouth.edu Institute

More information

An Analysis on Distribution of Malicious Packets and Threats over the Internet

An Analysis on Distribution of Malicious Packets and Threats over the Internet An Analysis on Distribution of Malicious Packets and Threats over the Internet Masaki Ishiguro Mitsubishi Research Institute 3-6 Otemachi 2-Chome, Chiyoda-ku, Tokyo, Japan masa@mri.co.jp Shigeki Goto Waseda

More information

Introduction to transmission dynamic models of infectious diseases

Introduction to transmission dynamic models of infectious diseases Introduction to transmission dynamic models of infectious diseases Ted Cohen (theodore.cohen@yale.edu) Department of Epidemiology of Infectious Diseases Models what are they? A model is a simplified description

More information

Model-Based Analysis of Two Fighting Worms

Model-Based Analysis of Two Fighting Worms ICCCE '6, Kuala Lumpur, alaysia, ay 26, Vol-I, Page 157-163. odel-based Analysis of Two Fighting Worms Zakiya. Tamimi 1 1 Faculty of Information Technology Arab American University- Jenin Jenin, Palestine,

More information

Fusion and Filtering in Distributed Intrusion Detection Systems

Fusion and Filtering in Distributed Intrusion Detection Systems Fusion and Filtering in Distributed Intrusion Detection Systems Paul Barford Somesh Jha Vinod Yegneswaran pb@cs.wisc.edu jha@cs.wisc.edu vinod@cs.wisc.edu University of Wisconsin, Madison Abstract False

More information

Lecture 13 - Network Security

Lecture 13 - Network Security Lecture 13 - Network Security CSE497b - Spring 2007 Introduction Computer and Network Security Professor Jaeger www.cse.psu.edu/~tjaeger/cse497b-s07/ Exploiting the network... The Internet is extremely

More information

Hotspots: The Root Causes of Non-Uniformity in Self-Propagating Malware

Hotspots: The Root Causes of Non-Uniformity in Self-Propagating Malware Hotspots: The Root Causes of Non-Uniformity in Self-Propagating Malware Evan Cooke, Z. Morley Mao, Farnam Jahanian Department of Electrical Engineering and Computer Science University of Michigan {emcooke,

More information

1 Introduction. Agenda Item: 7.23. Work Item:

1 Introduction. Agenda Item: 7.23. Work Item: 3GPP TSG SA WG3 Security S3#34 S3-040583 6-9 Jul 2004 updated S3-040566 Acapulco, Mexico Title: Selective Disabling of UE Capabilities; updated S3-040566 based on the comments on SA3 mailing list Source:

More information

On the Development of an Internetwork-centric Defense for Scanning Worms

On the Development of an Internetwork-centric Defense for Scanning Worms On the Development of an Internetwork-centric Defense for Scanning Worms Scott E. Coull Department of Computer Science University of North Carolina 01 South Columbia Street Chapel Hill, NC 7599, USA scoull@cs.unc.edu

More information

Computer Security DD2395

Computer Security DD2395 Computer Security DD2395 http://www.csc.kth.se/utbildning/kth/kurser/dd2395/dasakh11/ Fall 2011 Sonja Buchegger buc@kth.se Lecture 7 Malicious Software DD2395 Sonja Buchegger 1 Course Admin Lab 2: - prepare

More information

Malware: Malicious Software

Malware: Malicious Software Malware: Malicious Software 10/21/2010 Malware 1 Viruses, Worms, Trojans, Rootkits Malware can be classified into several categories, depending on propagation and concealment Propagation Virus: human-assisted

More information

WORMS : attacks, defense and models. Presented by: Abhishek Sharma Vijay Erramilli

WORMS : attacks, defense and models. Presented by: Abhishek Sharma Vijay Erramilli WORMS : attacks, defense and models Presented by: Abhishek Sharma Vijay Erramilli What is a computer worm? Is it not the same as a computer virus? A computer worm is a program that selfpropagates across

More information

Nonlinear Analysis: Real World Applications

Nonlinear Analysis: Real World Applications Nonlinear Analysis: Real World Applications 11 (21) 4335 4341 Contents lists available at ScienceDirect Nonlinear Analysis: Real World Applications journal homepage: www.elsevier.com/locate/nonrwa Fuzzy

More information

Study of Virus Propagation Model Under the Cloud

Study of Virus Propagation Model Under the Cloud Tongrang Fan, Yanjing Li, Feng Gao School of Information Science and Technology, Shijiazhuang Tiedao University, Shijiazhuang, 543, China Fantr29@26.com, 532465444 @qq.com, f.gao@live.com bstract. The

More information

Malicious Software. IT 4823 Information Security Administration. Viruses. Malware Terminology. Virus Structure. Virus Structure

Malicious Software. IT 4823 Information Security Administration. Viruses. Malware Terminology. Virus Structure. Virus Structure Malicious Software IT 4823 Information Security Administration Malicious Software February 5 Notice: This session is being recorded. Lecture slides prepared by Dr Lawrie Brown for Computer Security: Principles

More information

Network Worm Containment Using Markov Chain Approach

Network Worm Containment Using Markov Chain Approach Network Worm Containment Using Approach Akinwumi David Information and Communication Application Centre, Adekunle Ajasin University, Akungba-Akoko, Ondo State, Nigeria Alese Boniface Kayode & Oluwadare

More information

1 Introduction. Agenda Item: 7.23. Work Item:

1 Introduction. Agenda Item: 7.23. Work Item: 3GPP TSG SA WG3 Security S3#34 S3-040682 6-9 Jul 2004 updated S3-040632 Acapulco, Mexico Title: Selective Disabling of UE Capabilities; updated S3-040583 based on the comments in SA3#34 meeting Source:

More information

Workshop on Infrastructure Security and Operational Challenges of Service Provider Networks

Workshop on Infrastructure Security and Operational Challenges of Service Provider Networks Workshop on Infrastructure Security and Operational Challenges of Service Provider Networks Farnam Jahanian University of Michigan and Arbor Networks IFIP Working Group 10.4 June 29-30, 2006 What s the

More information

Study The Propagation Of Computer Virus In Network Environment

Study The Propagation Of Computer Virus In Network Environment Study The Propagation Of Computer Virus In Network Environment K. Gowtham Sricharan B.Tech(3rd Year) Computer Science & Engineering Indian Institute of Technology, Kharagpur email: kurapatigowtham@gmail.com

More information

Computational Sciences and Engineering Division 2. Computer Science & Mathematics Division

Computational Sciences and Engineering Division 2. Computer Science & Mathematics Division Distributed Intrusion Detection and Attack Containment for Organizational Cyber Security Stephen G. Batsell 1, Nageswara S. Rao 2, Mallikarjun Shankar 1 1 Computational Sciences and Engineering Division

More information

The Design and Evaluation of a Defense System for Internet Worms

The Design and Evaluation of a Defense System for Internet Worms The Design and Evaluation of a Defense System for Internet Worms Riccardo Scandariato Dipartimento di Automatica e Informatica Politecnico di Torino Corso Duca degli Abruzzi, 24 10129 Torino, Italy Phone:

More information

Are You at Risk? Profiling Organizations and Individuals Subject to Targeted Attacks

Are You at Risk? Profiling Organizations and Individuals Subject to Targeted Attacks Are You at Risk? Profiling Organizations and Individuals Subject to Targeted Attacks Olivier Thonnard, Leyla Bilge, Anand Kashyap, and Martin Lee Symantec Research Lab, {Olivier Thonnard,Leylya Yumer,Anand

More information

A Survey on Malware Propagation Analysis and Prevention Model

A Survey on Malware Propagation Analysis and Prevention Model A Survey on Malware Propagation Analysis and Prevention Model Sneha S. Student, Department of CSE, Malathi L. Assistant Professor, Department of CSE, Saranya R. Student, Department of CSE, ABSTRACT In

More information

Virus Propagation Modeling and Analysis

Virus Propagation Modeling and Analysis Email Virus Propagation Modeling and Analysis Cliff C. Zou, Don Towsley, Weibo Gong Department of Electrical & Computer Engineering Department of Computer Science Univ. Massachusetts, Amherst Technical

More information

A Survey Paper on Malicious Computer Worms

A Survey Paper on Malicious Computer Worms A Survey Paper on Malicious Computer Worms I B. Rajesh, II Y.R. Janardhan Reddy, III B. Dillip Kumar Reddy I,II,III Asst. Professor, G.Pulla Reddy Engg. College, Kurnool, Andhra Pradesh, India Abstract

More information

Fast Detection of Scanning Worm Infections

Fast Detection of Scanning Worm Infections Fast Detection of Scanning Worm Infections Stuart E. Schechter 1, Jaeyeon Jung 2, and Arthur W. Berger 2 1 Harvard DEAS, 33 Oxford Street, Cambridge MA 02138, USA, stuart@eecs.harvard.edu 2 MIT CSAIL,

More information

Internet Worms, Firewalls, and Intrusion Detection Systems

Internet Worms, Firewalls, and Intrusion Detection Systems Internet Worms, Firewalls, and Intrusion Detection Systems Brad Karp UCL Computer Science CS 3035/GZ01 12 th December 2013 Outline Internet worms Self-propagating, possibly malicious code spread over Internet

More information

The Coremelt Attack. Ahren Studer and Adrian Perrig. We ve Come to Rely on the Internet

The Coremelt Attack. Ahren Studer and Adrian Perrig. We ve Come to Rely on the Internet The Coremelt Attack Ahren Studer and Adrian Perrig 1 We ve Come to Rely on the Internet Critical for businesses Up to date market information for trading Access to online stores One minute down time =

More information

Cryptography and Network Security Chapter 21. Malicious Software. Backdoor or Trapdoor. Logic Bomb 4/19/2010. Chapter 21 Malicious Software

Cryptography and Network Security Chapter 21. Malicious Software. Backdoor or Trapdoor. Logic Bomb 4/19/2010. Chapter 21 Malicious Software Cryptography and Network Security Chapter 21 Fifth Edition by William Stallings Chapter 21 Malicious Software What is the concept of defense: The parrying of a blow. What is its characteristic feature:

More information

Koobface on Facebook: How malicious contents sneak into social networking. Mohammad Reza Faghani

Koobface on Facebook: How malicious contents sneak into social networking. Mohammad Reza Faghani Koobface on Facebook: How malicious contents sneak into social networking Mohammad Reza Faghani Outline Introduction Trend of Web malware Social networks malware What is XSS!? Potentials of XSS Worms Social

More information

The Top Speed of Flash Worms

The Top Speed of Flash Worms The Top Speed of Flash Worms Stuart Staniford Nevis Networks David Moore CAIDA Vern Paxson ICSI Nicholas Weaver ICSI ABSTRACT Flash worms follow a precomputed spread tree using prior knowledge of all systems

More information

Can You Infect Me Now? Malware Propagation in Mobile Phone Networks

Can You Infect Me Now? Malware Propagation in Mobile Phone Networks Can You Infect Me Now? Malware Propagation in Mobile Phone Networks Chris Fleizach, Michael Liljenstam, Per Johansson, Geoffrey M. Voelker, and András Méhes University of California, San Diego 95 Gilman

More information

A Virtual Honeypot Framework

A Virtual Honeypot Framework CITI Technical Report 03-1 A Virtual Honeypot Framework Niels Provos niels@google.com Abstract A honeypot is a closely monitored network decoy serving several purposes: it can distract adversaries from

More information

Malicious Software. Malicious Software. Overview. Backdoor or Trapdoor. Raj Jain. Washington University in St. Louis

Malicious Software. Malicious Software. Overview. Backdoor or Trapdoor. Raj Jain. Washington University in St. Louis Malicious Software Overview Raj Jain Washington University in Saint Louis Saint Louis, MO 63130 Jain@cse.wustl.edu Audio/Video recordings of this lecture are available at: http://www.cse.wustl.edu/~jain/cse571-14/

More information

Honeypot-Aware Advanced Botnet Construction and Maintenance

Honeypot-Aware Advanced Botnet Construction and Maintenance Honeypot-Aware Advanced Botnet Construction and Maintenance Cliff C. Zou Ryan Cunningham School of Electrical Engineering and Computer Science University of Central Florida Orlando, FL 32816-2362 {czou,rcunning}@cs.ucf.edu

More information

Firewalls and intrusion detection systems

Firewalls and intrusion detection systems Firewalls and intrusion detection systems Markus Peuhkuri 2005-03-22 Lecture topics Firewalls Security model with firewalls Intrusion detection systems Intrusion prevention systems How to prevent and detect

More information

Self-Stopping Worms. Justin Ma, Geoffrey M. Voelker, and Stefan Savage

Self-Stopping Worms. Justin Ma, Geoffrey M. Voelker, and Stefan Savage Self-Stopping Worms Justin Ma, Geoffrey M. Voelker, and Stefan Savage Collaborative Center for Internet Epidemiology and Defenses Department of Computer Science and Engineering University of California,

More information

Network Security: Internet Worms and Firewalls

Network Security: Internet Worms and Firewalls Network Security: Internet Worms and Firewalls Mark Handley UCL Computer Science CS 3035/GZ01 Outline Internet worms Self-propagating, possibly malicious code spread over Internet Firewalls: Simple, perimeter-based

More information

HoneyBOT User Guide A Windows based honeypot solution

HoneyBOT User Guide A Windows based honeypot solution HoneyBOT User Guide A Windows based honeypot solution Visit our website at http://www.atomicsoftwaresolutions.com/ Table of Contents What is a Honeypot?...2 How HoneyBOT Works...2 Secure the HoneyBOT Computer...3

More information

Threats. Physical Threats. Digital Threats CIS/CSE 583. By and large, the physical world is a safe place. This is also true for Cyberspace

Threats. Physical Threats. Digital Threats CIS/CSE 583. By and large, the physical world is a safe place. This is also true for Cyberspace Threats CIS/CSE 583 Physical Threats By and large, the physical world is a safe place Very few people are attacked each day Very few businesses are robbed But the nightly news plays up each such event

More information

Malicious Software. Raj Jain. Washington University in St. Louis

Malicious Software. Raj Jain. Washington University in St. Louis Malicious Software Raj Jain Washington University in Saint Louis Saint Louis, MO 63130 Jain@cse.wustl.edu Audio/Video recordings of this lecture are available at: http://www.cse.wustl.edu/~jain/cse571-14/

More information

Honeypot Detection in Advanced Botnet Attacks. Ping Wang, Lei Wu, Ryan Cunningham, Cliff C. Zou

Honeypot Detection in Advanced Botnet Attacks. Ping Wang, Lei Wu, Ryan Cunningham, Cliff C. Zou Int. J. Information and Computer Security, Vol. x, No. x, xxxx 1 Honeypot Detection in Advanced Botnet Attacks Ping Wang, Lei Wu, Ryan Cunningham, Cliff C. Zou School of Electrical Engineering and Computer

More information

Network Security and the Small Business

Network Security and the Small Business Network Security and the Small Business Why network security is important for a small business Many small businesses think that they are less likely targets for security attacks as compared to large enterprises,

More information

Towards Better Definitions and Measures of Internet Security (Position Paper)

Towards Better Definitions and Measures of Internet Security (Position Paper) Towards Better Definitions and Measures of Internet Security (Position Paper) J. Aspnes and J. Feigenbaum Yale University {aspnes,feigenbaum}@cs.yale.edu M. Mitzenmacher and D. Parkes Harvard University

More information

Frequently Asked Questions for New Electric Mail Administrators 1 Domain Setup/Administration

Frequently Asked Questions for New Electric Mail Administrators 1 Domain Setup/Administration Frequently Asked Questions for New Electric Mail Administrators 1 Domain Setup/Administration 1.1 How do I access the records of the domain(s) that I administer? To access the domains you administer, you

More information