ANALYSIS OF MALWARE PROPAGATION MODELING METHODS

Size: px
Start display at page:

Download "ANALYSIS OF MALWARE PROPAGATION MODELING METHODS"

Transcription

1 INFORMATIKA 11-osios Lietuvos jaunųjų mokslininkų konferencijos Mokslas Lietuvos ateitis, įvykusios Vilniuje 2008 m. balandžio 9 11 d., straipsnių rinkinys ANALYSIS OF MALWARE PROPAGATION MODELING METHODS Nikolaj Goranin, Antanas Čenys Vilnius Gediminas Technical University, Abstract. The article reveals the modeling necessity in malware analysis; the major malware propagation modeling methods are described and discussed, the perspective scientific research directions are proposed. The possibility of using genetic algorithm instrumental base for malware propagation modeling is shown. Introduction The rate of malware usage by e-criminals has the tendency to increase and protection against it is a crucial task. Malware volumes are growing exponentially was a record year for data loss. Criminals targeted retailers, banks, and other major institutions to steal customers' and employees' personally identifiable information and corporate secrets. In 2007 there was a major shift to malware that is designed to capture private information without the individual s knowledge. In % of the total malware were malicious spyware, 32 % were Trojans, 9 % were worms, and 2 % were viruses. In 2006, Trojans dominated, at 62 % of the total malware, followed by worms at 24 %, malicious spyware at 10 %, and viruses at 3 %. Bots will be the dominant issue for 2008 (Global Security Advisor Team 2008). The number of software vulnerabilities is also increasing saw the rise of Apple vulnerabilities. The Mac platform hasn t been a traditional target of attackers, leaving Mac users with a false sense of security (Global Security Advisor Team 2008). 428

2 The importance of modeling Modeling allows malware researchers to predict damage for a new threat (Zou et al. 2002), understand the behavior of malware, including spreading characteristics (Garetto et al. 2003), understand the factors affecting the malware spread, determine the required effectiveness of countermeasures in order to control the spread and facilitate network designs that are resilient to malware attacks (Ramachandran, Sikdar 2004), predict the failures of the global network infrastructure (Serazi, Zanero 2004). Malware propagation modeling methods Existing malware propagation models mainly concentrate to forecasting the number of infected computers in the initial phase (1 fig.). 1 fig. Malware propagation graph The first epidemiological model to computer virus propagation was proposed in (Kephart, White 1991). Epidemiological models abstract from the individuals, and consider them units of a population. Each unit can only belong to a limited number of states. A SIR 429

3 model assumes the Susceptible-Infected-Recovered state chain and SIS model the Susceptible-Infected-Susceptible chain. Malware propagation in Gnutella type Peer-to-Peer networks was described in (Ramachandran, Sikdar 2004). The study revealed that the existing bound on the spectral radius governing the possibility of an epidemic outbreak needs to be revised in the context of a P2P network. An analytical model that emulates the mechanics of a decentralized Gnutella type of peer network was formulated and the study of malware spread on such networks was performed. Botnet propagation modeling using time zones was proposed by (Dagon et al. 2006). The model uses diurnal shaping functions to capture regional variations in online vulnerable populations. The Random Constant Spread (RCS) model (Staniford et al. 2002) was developed using empirical data derived from the outbreak of the CodeRed worm. It assumes that the worm has a good random number generator that is properly seeded. The model assumes that a machine cannot be compromised multiple times and operates several variables: K is the constant average compromise rate, which is dependant on worm processor speed, network bandwidth and location of the infected host; a(t) is the proportion of vulnerable machines which have been compromised at the instant t, N a(t) is the number of infected hosts, each of which scans other vulnerable machines at a rate K per unit of time. But since a portion a(t) of the vulnerable machines is already infected, only K (1-a(t)) new infections will be generated by each infected host, per unit of time. The number n of machines that will be compromised in the interval of time dt (in which a is assumed to be constant) is thus given by: n = ( Na) K(1 a) dt (1) N is assumed to be a large constant address space so the chance that the worm would hit the already infected host is negligible. From this hypothesis, n=d(na)=nda. It is also possible to write Nda = ( Na) K(1 a) dt (2) 430

4 From this where da dt = Ka( 1 a) (3) K ( t T ) e a= (4) K ( t T ) 1+ e So the model can predict the number of infected hosts at time t if K is known. The higher is K, the quicker the satiation phase will be achieved by worm. As (Nazario 2004) states, that although more complicated models can be derived, most network worms will follow this trend. Other authors (Chen et al. 2003) propose the AAWP discrete time model, in the hope to better capture the discrete time behavior of a worm. However, according to (Serazi, Zanero 2004) continuous model is appropriate for large scale models, and the epidemiological literature is clear in this direction. The assumptions on which the AAWP model is based are not completely correct, but it is enough to note that the benefits of using a discrete time model seem to be very limited. On the other hand authors in (Serazi, Zanero 2004) propose a sophisticated compartment based model, which treats Internet as the interconnection of autonomous systems, i.e. subnetworks. Interconnections are a so-called bottlenecks. The model assumes that inside a single autonomous system (or inside a densely connected region of an AS) the worm propagates unhindered, following the RCS model. The authors motivate the necessity of their model via the fact that the network limited worm Slammer which was using UDP protocol for propagation was following the RCS model till the bottlenecks were flooded by its scans. (Zou et al. 2002) propose a two-factor propagation model, which is more precise in modeling the satiation phase taking into 431

5 attention the human countermeasures and the decreased scan and infection rate due to the large amount of scan-traffic. The same authors have also published an article on modeling worm propagation under dynamic quarantine defense (Zou et al. 2003) and evaluated the effectiveness of several existing and perspective worm propagation strategies (Zou et al. 2005). Discussion and future work Currently the following malware modeling tasks remain relevant and unsolved: a) malware evolution modeling in order to establish trends the separate malware types will evolve to; b) countermeasures modeling in conjunction with co-evolving malware populations; c) malware population survivability modeling in order to evaluate the stability of population of hosts infected by specific malware; d) epidemiological consequences modeling of currently most dangerous malware types such as botnets, Trojans, etc. Genetic algorithms can be used as a modeling tool since it simulates natural evolution by means of repeatedly evolving population of solutions and therefore may be used for predicting and modeling possible malware future evolution. Genetic algorithm modeling has been proved to be effective in many scientific areas with large solution space, where the final result can not be predicted or calculated precisely. Conclusions 1. Existing malware propagation models mainly concentrate to epidemiological consequences prediction in the satiation phase; they are based on previous malware propagation strategies and malware types that are currently leaving the scene. They are outdated or irrelevant. Models for currently dangerous malware types are incomplete. 432

6 2. The following malware modeling tasks should be solved: a) malware evolution modeling; b) countermeasures modeling in conjunction with co-evolving malware populations; c) malware population survivability modeling; d) epidemiological consequences modeling of currently most dangerous malware types. 3. Genetic algorithms can be used as a modeling tool for the specified tasks. Literature Chen, Z.; Gao, L.; Kwiat, K Modeling the Spread of Active Worms, Proceedings of IEEE INFOCOM 2003, 3: Dagon, D.; Zou, C.; Lee, W Modeling Botnet Propagation Using Time Zones, Proceedings of the 13th Network and Distributed System Security Symposium NDSS: 15 pp. Garetto, M.; Gong, W.; Towsley, D Modeling Malware Spreading Dynamics, Proceedings of INFOCOM: 11 pp. Global Security Advisor Team Internet Security Outlook. [žiūrėta 2008 kovo 8 d.]. Prieiga per internetą: <ca.com/files/whitepapers/ca_security_2008_white_paper_de.pdf>. Kephart, J. O.; White, S. R Directed-Graph Epidemiological Models of Computer Viruses, Proceedings of the 1991 IEEE Computer Society Symposium on Research in Security and Privacy: Nazario, J Defense and Detection Strategies Against Internet Worms. Artech House, Inc. Ramachandran, K.; Sikdar, B Modeling malware propagation in Gnutella type peer-to-peer networks, Proceedings of Parallel and Distributed Processing Symposium (25-29): 8 pp. Serazzi, G.; Zanero, S Computer Virus Propagation Models, Lecture Notes in Computer Science 2965: Staniford, S.; Paxson, V.; Weaver, N How to 0wn the Internet in Your Spare Time, Proceedings of the 11th USENIX Security Symposium: Zou, C. C.; Gong, W.; Towsley, D Code Red Worm Propagation Modeling and Analysis, Proceedings of the 9th ACM conference on Computer and communications security:

7 Zou, C. C.; Gong, W.; Towsley, D Worm Propagation Modeling and Analysis under Dynamic Quarantine Defense, Proceedings of WORM 03: 10 pp. Zou, C. C.; Gong, W.; Towsley, D On the performance of Internet worm scanning strategies, Performance Evaluation, 63: KENKSMINGO PROGRAMINIO KODO PLITIMO MODELIAVIMO METODŲ ANALIZĖ N. Goranin, A. Čenys Santrauka Įrodoma modeliavimo svarba nagrinėjant kenksmingo programinio kodo plitimą, aprašomi ir analizuojami pagrindiniai kenksmingo programinio kodo plitimo modeliavimo metodai; nurodomos perspektyvios srities mokslinių tyrimų kryptys. Parodoma galimybė naudoti modeliavimui genetinių algoritmų instrumentinę bazę. 434

Intelligent Worms: Searching for Preys

Intelligent Worms: Searching for Preys Intelligent Worms: Searching for Preys By Zesheng Chen and Chuanyi Ji ABOUT THE AUTHORS. Zesheng Chen is currently a Ph.D. Candidate in the Communication Networks and Machine Learning Group at the School

More information

The Effect of Infection Time on Internet Worm Propagation

The Effect of Infection Time on Internet Worm Propagation The Effect of Infection Time on Internet Worm Propagation Erika Rice The Effect of Infection Time oninternet Worm Propagation p 1 Background Worms are self propagating programs that spread over a network,

More information

Review Study on Techniques for Network worm Signatures Automation

Review Study on Techniques for Network worm Signatures Automation Review Study on Techniques for Network worm Signatures Automation 1 Mohammed Anbar, 2 Sureswaran Ramadass, 3 Selvakumar Manickam, 4 Syazwina Binti Alias, 5 Alhamza Alalousi, and 6 Mohammed Elhalabi 1,

More information

The Coremelt Attack. Ahren Studer and Adrian Perrig. We ve Come to Rely on the Internet

The Coremelt Attack. Ahren Studer and Adrian Perrig. We ve Come to Rely on the Internet The Coremelt Attack Ahren Studer and Adrian Perrig 1 We ve Come to Rely on the Internet Critical for businesses Up to date market information for trading Access to online stores One minute down time =

More information

Routing Worm: A Fast, Selective Attack Worm based on IP Address Information

Routing Worm: A Fast, Selective Attack Worm based on IP Address Information 1 Routing Worm: A Fast, Selective Attack Worm based on IP Address Information Cliff C. Zou, Don Towsley, Weibo Gong, Songlin Cai Department of Electrical & Computer Engineering Department of Computer Science

More information

Computer Security DD2395

Computer Security DD2395 Computer Security DD2395 http://www.csc.kth.se/utbildning/kth/kurser/dd2395/dasakh11/ Fall 2011 Sonja Buchegger buc@kth.se Lecture 7 Malicious Software DD2395 Sonja Buchegger 1 Course Admin Lab 2: - prepare

More information

Extending Black Domain Name List by Using Co-occurrence Relation between DNS queries

Extending Black Domain Name List by Using Co-occurrence Relation between DNS queries Extending Black Domain Name List by Using Co-occurrence Relation between DNS queries Kazumichi Sato 1 keisuke Ishibashi 1 Tsuyoshi Toyono 2 Nobuhisa Miyake 1 1 NTT Information Sharing Platform Laboratories,

More information

Effective Worm Detection for Various Scan Techniques

Effective Worm Detection for Various Scan Techniques Effective Worm Detection for Various Scan Techniques Jianhong Xia, Sarma Vangala, Jiang Wu and Lixin Gao Department of Electrical and Computer Engineering University of Massachusetts at Amherst Amherst,

More information

Volume 2, Issue 9, September 2014 International Journal of Advance Research in Computer Science and Management Studies

Volume 2, Issue 9, September 2014 International Journal of Advance Research in Computer Science and Management Studies Volume 2, Issue 9, September 2014 International Journal of Advance Research in Computer Science and Management Studies Research Article / Survey Paper / Case Study Available online at: www.ijarcsms.com

More information

MODELLING OF CENTRAL PROCESSING UNIT WORK DENIAL OF SERVICE ATTACKS

MODELLING OF CENTRAL PROCESSING UNIT WORK DENIAL OF SERVICE ATTACKS MODELLING OF CENTRAL PROCESSING UNIT WORK DENIAL OF SERVICE ATTACKS Simona Ramanauskaite 1, Antanas Cenys 2 1 Siauliai University, Department of Information Technology, Vilniaus st. 141, Siauliai, Lithuania,

More information

Malicious Software. Malicious Software. Overview. Backdoor or Trapdoor. Raj Jain. Washington University in St. Louis

Malicious Software. Malicious Software. Overview. Backdoor or Trapdoor. Raj Jain. Washington University in St. Louis Malicious Software Overview Raj Jain Washington University in Saint Louis Saint Louis, MO 63130 Jain@cse.wustl.edu Audio/Video recordings of this lecture are available at: http://www.cse.wustl.edu/~jain/cse571-14/

More information

Towards End-to-End Security

Towards End-to-End Security Towards End-to-End Security Thomas M. Chen Dept. of Electrical Engineering Southern Methodist University PO Box 750338 Dallas, TX 75275-0338 USA Tel: 214-768-8541 Fax: 214-768-3573 Email: tchen@engr.smu.edu

More information

Optimal worm-scanning method using vulnerable-host distributions

Optimal worm-scanning method using vulnerable-host distributions Optimal worm-scanning method using vulnerable-host distributions Zesheng Chen and Chuanyi Ji School of Electrical & Computer Engineering Georgia Institute of Technology, Atlanta, Georgia 3332 Email: {zchen,

More information

WHITE PAPER. Understanding How File Size Affects Malware Detection

WHITE PAPER. Understanding How File Size Affects Malware Detection WHITE PAPER Understanding How File Size Affects Malware Detection FORTINET Understanding How File Size Affects Malware Detection PAGE 2 Summary Malware normally propagates to users and computers through

More information

Cryptography and Network Security Chapter 21. Malicious Software. Backdoor or Trapdoor. Logic Bomb 4/19/2010. Chapter 21 Malicious Software

Cryptography and Network Security Chapter 21. Malicious Software. Backdoor or Trapdoor. Logic Bomb 4/19/2010. Chapter 21 Malicious Software Cryptography and Network Security Chapter 21 Fifth Edition by William Stallings Chapter 21 Malicious Software What is the concept of defense: The parrying of a blow. What is its characteristic feature:

More information

Workshop on Infrastructure Security and Operational Challenges of Service Provider Networks

Workshop on Infrastructure Security and Operational Challenges of Service Provider Networks Workshop on Infrastructure Security and Operational Challenges of Service Provider Networks Farnam Jahanian University of Michigan and Arbor Networks IFIP Working Group 10.4 June 29-30, 2006 What s the

More information

A Firewall Network System for Worm Defense in Enterprise Networks

A Firewall Network System for Worm Defense in Enterprise Networks 1 A Firewall Network System for Worm Defense in Enterprise Networks Cliff C. Zou, Don Towsley, Weibo Gong {czou,gong}@ecs.umass.edu, towsley@cs.umass.edu Univ. Massachusetts, Amherst Technical Report:

More information

Types of cyber-attacks. And how to prevent them

Types of cyber-attacks. And how to prevent them Types of cyber-attacks And how to prevent them Introduction Today s cybercriminals employ several complex techniques to avoid detection as they sneak quietly into corporate networks to steal intellectual

More information

REQUIREMENTS ON WORM MITIGATION TECHNOLOGIES IN MANETS

REQUIREMENTS ON WORM MITIGATION TECHNOLOGIES IN MANETS REQUIREMENTS ON WORM MITIGATION TECHNOLOGIES IN MANETS Robert G. Cole and Nam Phamdo JHU Applied Physics Laboratory {robert.cole,nam.phamdo}@jhuapl.edu Moheeb A. Rajab and Andreas Terzis Johns Hopkins

More information

Detecting peer-to-peer botnets

Detecting peer-to-peer botnets Detecting peer-to-peer botnets Reinier Schoof & Ralph Koning System and Network Engineering University of Amsterdam mail: reinier.schoof@os3.nl, ralph.koning@os3.nl February 4, 2007 1 Introduction Spam,

More information

www.pandasecurity.com 100% Malware-Free E-mail: A Guaranteed Approach

www.pandasecurity.com 100% Malware-Free E-mail: A Guaranteed Approach 100% Malware-Free E-mail: A Guaranteed Approach 2 100% Malware-Free E-mail: A Guaranteed Approach Panda Security's Mail Filtering Managed Service Guarantees Clean E-mail Table of Contents Table of Contents...

More information

A Real-Time Network Traffic Based Worm Detection System for Enterprise Networks

A Real-Time Network Traffic Based Worm Detection System for Enterprise Networks A Real-Time Network Traffic Based Worm Detection System for Enterprise Networks Long-Quan Zhao 1, Seong-Chul Hong 1, Hong-Taek Ju 2 and James Won-Ki Hong 1 1 Dept. of Computer Science and Engineering,

More information

Dynamic Quarantine of Internet Worms

Dynamic Quarantine of Internet Worms The International Conference on Dependable Systems and Networks (DSN-24). Palazzo dei Congressi, Florence, Italy. June 28th - July, 24. Dynamic Quarantine of Internet Worms Cynthia Wong, Chenxi Wang, Dawn

More information

TIME TO LIVE ON THE NETWORK

TIME TO LIVE ON THE NETWORK TIME TO LIVE ON THE NETWORK Executive Summary This experiment tests to see how well commonly used computer platforms withstand Internet attacks in the wild. The experiment quantifies the amount of time

More information

Feedback Email Worm Defense System for Enterprise Networks

Feedback Email Worm Defense System for Enterprise Networks Feedback Email Worm Defense System for Enterprise Networks Cliff C. Zou*, Weibo Gong*, Don Towsley *Dept. Electrical & Computer Engineering Dept. Computer Science University of Massachusetts, Amherst Technical

More information

Protection for Mac and Linux computers: genuine need or nice to have?

Protection for Mac and Linux computers: genuine need or nice to have? Protection for Mac and Linux computers: genuine need or nice to have? The current risk to computers running non-windows platforms is small but growing. As Mac and Linux computers become more prevalent

More information

Detecting P2P-Controlled Bots on the Host

Detecting P2P-Controlled Bots on the Host Detecting P2P-Controlled Bots on the Host Antti Nummipuro Helsinki University of Technology anummipu # cc.hut.fi Abstract Storm Worm is a trojan that uses a Peer-to-Peer (P2P) protocol as a command and

More information

Security Engineering Part III Network Security. Intruders, Malware, Firewalls, and IDSs

Security Engineering Part III Network Security. Intruders, Malware, Firewalls, and IDSs Security Engineering Part III Network Security Intruders, Malware, Firewalls, and IDSs Juan E. Tapiador jestevez@inf.uc3m.es Department of Computer Science, UC3M Security Engineering 4th year BSc in Computer

More information

SECURITY TERMS: Advisory Backdoor - Blended Threat Blind Worm Bootstrapped Worm Bot Coordinated Scanning

SECURITY TERMS: Advisory Backdoor - Blended Threat Blind Worm Bootstrapped Worm Bot Coordinated Scanning SECURITY TERMS: Advisory - A formal notice to the public on the nature of security vulnerability. When security researchers discover vulnerabilities in software, they usually notify the affected vendor

More information

Distributed Worm Simulation with a Realistic Internet Model

Distributed Worm Simulation with a Realistic Internet Model Distributed Worm Simulation with a Realistic Internet Model Songjie Wei, Jelena Mirkovic, Martin Swany Computer & Information Sciences University of Delaware Newark, DE 19716 (weis, sunshine, swany@cis.udel.edu)

More information

Peer-to-Peer Botnets. Chapter 1. 1.1 Introduction

Peer-to-Peer Botnets. Chapter 1. 1.1 Introduction Chapter 1 Peer-to-Peer Botnets Ping Wang, Baber Aslam, Cliff C. Zou School of Electrical Engineering and Computer Science, University of Central Florida, Orlando, Florida 32816 Botnet is a network of computers

More information

NetDefend Firewall UTM Services

NetDefend Firewall UTM Services NetDefend Firewall UTM Services Unified Threat Management D-Link NetDefend UTM firewalls (DFL-260/860) integrate an Intrusion Prevention System (IPS), gateway AntiVirus (AV), and Web Content Filtering

More information

Malware Trend Report, Q2 2014 April May June

Malware Trend Report, Q2 2014 April May June Malware Trend Report, Q2 2014 April May June 5 August 2014 Copyright RedSocks B.V. 2014. All Rights Reserved. Table of Contents 1. Introduction... 3 2. Overview... 4 2.1. Collecting Malware... 5 2.2. Processing...

More information

Data Centers Protection from DoS attacks. Trends and solutions. Michael Soukonnik, Radware Ltd michaels@radware.com Riga. Baltic IT&T. 21.04.

Data Centers Protection from DoS attacks. Trends and solutions. Michael Soukonnik, Radware Ltd michaels@radware.com Riga. Baltic IT&T. 21.04. Data Centers Protection from DoS attacks. Trends and solutions Michael Soukonnik, Radware Ltd michaels@radware.com Riga. Baltic IT&T. 21.04.2010 Cybercrime Trends Page 2 Types of DoS attacks and classical

More information

Lecture 19 - Network Security

Lecture 19 - Network Security Lecture 19 - Network Security CMPSC 443 - Spring 2012 Introduction Computer and Network Security Professor Jaeger www.cse.psu.edu/~tjaeger/cse443-s12/ Exploiting the network... The Internet is extremely

More information

Towards Better Definitions and Measures of Internet Security (Position Paper)

Towards Better Definitions and Measures of Internet Security (Position Paper) Towards Better Definitions and Measures of Internet Security (Position Paper) J. Aspnes and J. Feigenbaum Yale University {aspnes,feigenbaum}@cs.yale.edu M. Mitzenmacher and D. Parkes Harvard University

More information

On the Development of an Internetwork-centric Defense for Scanning Worms

On the Development of an Internetwork-centric Defense for Scanning Worms On the Development of an Internetwork-centric Defense for Scanning Worms Scott E. Coull Department of Computer Science University of North Carolina 01 South Columbia Street Chapel Hill, NC 7599, USA scoull@cs.unc.edu

More information

1 Introduction. Agenda Item: 7.23. Work Item:

1 Introduction. Agenda Item: 7.23. Work Item: 3GPP TSG SA WG3 Security S3#34 S3-040583 6-9 Jul 2004 updated S3-040566 Acapulco, Mexico Title: Selective Disabling of UE Capabilities; updated S3-040566 based on the comments on SA3 mailing list Source:

More information

Tartarus: A honeypot based malware tracking and mitigation framework

Tartarus: A honeypot based malware tracking and mitigation framework Tartarus: A honeypot based malware tracking and mitigation framework Samuel Oswald Hunter Dept. Computer Science Rhodes University Grahamstown, South Africa Email: shunter.dot@gmail.com Barry Irwin Dept.

More information

Top tips for improved network security

Top tips for improved network security Top tips for improved network security Network security is beleaguered by malware, spam and security breaches. Some criminal, some malicious, some just annoying but all impeding the smooth running of a

More information

Detection of Botnets Using Honeypots and P2P Botnets

Detection of Botnets Using Honeypots and P2P Botnets Detection of Botnets Using Honeypots and P2P Botnets Rajab Challoo Dept. of Electrical Engineering & Computer Science Texas A&M University Kingsville Kingsville, 78363-8202, USA Raghavendra Kotapalli Dept.

More information

Vulnerability Analysis of Hash Tables to Sophisticated DDoS Attacks

Vulnerability Analysis of Hash Tables to Sophisticated DDoS Attacks International Journal of Information & Computation Technology. ISSN 0974-2239 Volume 4, Number 12 (2014), pp. 1167-1173 International Research Publications House http://www. irphouse.com Vulnerability

More information

WORMS : attacks, defense and models. Presented by: Abhishek Sharma Vijay Erramilli

WORMS : attacks, defense and models. Presented by: Abhishek Sharma Vijay Erramilli WORMS : attacks, defense and models Presented by: Abhishek Sharma Vijay Erramilli What is a computer worm? Is it not the same as a computer virus? A computer worm is a program that selfpropagates across

More information

False Sense of Security:

False Sense of Security: False Sense of Security: New Anti-Virus Testing Methodologies are Critical to Educate Customers Charlotte Dunlap Independent Security Analyst Charlotte Dunlap is an independent security analyst and regular

More information

Cybersecurity Awareness. Part 1

Cybersecurity Awareness. Part 1 Part 1 Objectives Discuss the Evolution of Data Security Define and Discuss Cybersecurity Review Threat Environment Part 1 Discuss Information Security Programs s Enhancements for Cybersecurity Risks Threat

More information

Seminar Computer Security

Seminar Computer Security Seminar Computer Security DoS/DDoS attacks and botnets Hannes Korte Overview Introduction What is a Denial of Service attack? The distributed version The attacker's motivation Basics Bots and botnets Example

More information

Introducing IBM s Advanced Threat Protection Platform

Introducing IBM s Advanced Threat Protection Platform Introducing IBM s Advanced Threat Protection Platform Introducing IBM s Extensible Approach to Threat Prevention Paul Kaspian Senior Product Marketing Manager IBM Security Systems 1 IBM NDA 2012 Only IBM

More information

VIRUS TRACKER CHALLENGES OF RUNNING A LARGE SCALE SINKHOLE OPERATION

VIRUS TRACKER CHALLENGES OF RUNNING A LARGE SCALE SINKHOLE OPERATION VIRUS TRACKER CHALLENGES OF RUNNING A LARGE SCALE SINKHOLE OPERATION Kleissner & Associates Botconf 14, 3-5 Dec 2014, Nancy/France Worlds largest botnet monitoring system Since September 2012 Originally

More information

Spyware. Michael Glenn Technology Management Michael.Glenn@Qwest.com. 2004 Qwest Communications International Inc.

Spyware. Michael Glenn Technology Management Michael.Glenn@Qwest.com. 2004 Qwest Communications International Inc. Spyware Michael Glenn Technology Management Michael.Glenn@Qwest.com Agenda Security Fundamentals Current Issues Spyware Definitions Overlaps of Threats Best Practices What Service Providers are Doing References

More information

A Study of Mass-mailing Worms

A Study of Mass-mailing Worms A Study of Mass-mailing Worms Cynthia Wong, Stan Bielski, Jonathan M. McCune, Chenxi Wang Carnegie Mellon University 5 Forbes Avenue, Pittsburgh, PA, 15213 {cindywon, bielski, jonmccune, chenxi}@cmu.edu

More information

The Impact of Cybercrime on Business

The Impact of Cybercrime on Business The Impact of Cybercrime on Business Studies of IT practitioners in the United States, United Kingdom, Germany, Hong Kong and Brazil Sponsored by Check Point Software Technologies Independently conducted

More information

Are You at Risk? Profiling Organizations and Individuals Subject to Targeted Attacks

Are You at Risk? Profiling Organizations and Individuals Subject to Targeted Attacks Are You at Risk? Profiling Organizations and Individuals Subject to Targeted Attacks Olivier Thonnard, Leyla Bilge, Anand Kashyap, and Martin Lee Symantec Research Lab, {Olivier Thonnard,Leylya Yumer,Anand

More information

MALWARE THREATS AND TRENDS. Chris Blow, Director Dustin Hutchison, Director

MALWARE THREATS AND TRENDS. Chris Blow, Director Dustin Hutchison, Director MALWARE THREATS AND TRENDS Chris Blow, Director Dustin Hutchison, Director WHAT IS MALWARE? Malicious Software Viruses Worms Trojans Rootkits Spyware Ransomware 2 MALWARE ORIGINS Users bring it from home

More information

Intrusion Forecasting Framework for Early Warning System against Cyber Attack

Intrusion Forecasting Framework for Early Warning System against Cyber Attack Intrusion Forecasting Framework for Early Warning System against Cyber Attack Sehun Kim KAIST, Korea Honorary President of KIISC Contents 1 Recent Cyber Attacks 2 Early Warning System 3 Intrusion Forecasting

More information

Designing a Framework for Active Worm Detection on Global Networks

Designing a Framework for Active Worm Detection on Global Networks Designing a Framework for Active Worm Detection on Global Networks Vincent Berk vberk@ists.dartmouth.edu Robert Morris Robert.Morris.Sr@dartmouth.edu George Bakos gbakos@ists.dartmouth.edu Institute for

More information

2-5 DAEDALUS: Practical Alert System Based on Large-scale Darknet Monitoring for Protecting Live Networks

2-5 DAEDALUS: Practical Alert System Based on Large-scale Darknet Monitoring for Protecting Live Networks 2-5 DAEDALUS: Practical Alert System Based on Large-scale Darknet Monitoring for Protecting Live Networks A darknet is a set of globally announced unused IP addresses and using it is a good way to monitor

More information

Hotspots: The Root Causes of Non-Uniformity in Self-Propagating Malware

Hotspots: The Root Causes of Non-Uniformity in Self-Propagating Malware Hotspots: The Root Causes of Non-Uniformity in Self-Propagating Malware Evan Cooke, Z. Morley Mao, Farnam Jahanian Department of Electrical Engineering and Computer Science University of Michigan {emcooke,

More information

Huawei Network Edge Security Solution

Huawei Network Edge Security Solution Huawei Network Edge Security Huawei Network Edge Security Solution Enterprise Campus Network HUAWEI TECHNOLOGIES CO., LTD. Huawei Network Edge Security Solution Huawei Network Edge Security 1 Overview

More information

NetDefend Firewall UTM Services

NetDefend Firewall UTM Services NetDefend Firewall UTM Services Unified Threat Management D-Link NetDefend UTM firewalls integrate an Intrusion Prevention System (IPS), gateway AntiVirus (AV), and Web Content Filtering (WCF) for superior

More information

Managing Security Risks in Modern IT Networks

Managing Security Risks in Modern IT Networks Managing Security Risks in Modern IT Networks White Paper Table of Contents Executive summary... 3 Introduction: networks under siege... 3 How great is the problem?... 3 Spyware: a growing issue... 3 Feeling

More information

1 Introduction. Agenda Item: 7.23. Work Item:

1 Introduction. Agenda Item: 7.23. Work Item: 3GPP TSG SA WG3 Security S3#34 S3-040682 6-9 Jul 2004 updated S3-040632 Acapulco, Mexico Title: Selective Disabling of UE Capabilities; updated S3-040583 based on the comments in SA3#34 meeting Source:

More information

Keywords: Dynamic Load Balancing, Process Migration, Load Indices, Threshold Level, Response Time, Process Age.

Keywords: Dynamic Load Balancing, Process Migration, Load Indices, Threshold Level, Response Time, Process Age. Volume 3, Issue 10, October 2013 ISSN: 2277 128X International Journal of Advanced Research in Computer Science and Software Engineering Research Paper Available online at: www.ijarcsse.com Load Measurement

More information

Netsweeper Whitepaper

Netsweeper Whitepaper Netsweeper Inc. Corporate Headquarters 104 Dawson Road Suite 100 Guelph, ON, Canada N1H 1A7 CANADA T: +1 (519) 826-5222 F: +1 (519) 826-5228 Netsweeper Whitepaper The Evolution of Web Security June 2010

More information

HoneyBOT User Guide A Windows based honeypot solution

HoneyBOT User Guide A Windows based honeypot solution HoneyBOT User Guide A Windows based honeypot solution Visit our website at http://www.atomicsoftwaresolutions.com/ Table of Contents What is a Honeypot?...2 How HoneyBOT Works...2 Secure the HoneyBOT Computer...3

More information

Computer Security. Principles and Practice. Second Edition. Amp Kumar Bhattacharjee. Lawrie Brown. Mick Bauer. William Stailings

Computer Security. Principles and Practice. Second Edition. Amp Kumar Bhattacharjee. Lawrie Brown. Mick Bauer. William Stailings Computer Security Principles and Practice Second Edition William Stailings Lawrie Brown University ofnew South Wales, Australian Defence Force Academy With Contributions by Mick Bauer Security Editor,

More information

White Paper A SECURITY GUIDE TO PROTECTING IP PHONE SYSTEMS AGAINST ATTACK. A balancing act

White Paper A SECURITY GUIDE TO PROTECTING IP PHONE SYSTEMS AGAINST ATTACK. A balancing act A SECURITY GUIDE TO PROTECTING IP PHONE SYSTEMS AGAINST ATTACK With organizations rushing to adopt Voice over IP (VoIP) technology to cut costs and integrate applications designed to serve customers better,

More information

The Spread of the Sapphire/Slammer Worm

The Spread of the Sapphire/Slammer Worm The Spread of the Sapphire/Slammer Worm By (in alphabetical order) David Moore Vern Paxson Stefan Savage Colleen Shannon Stuart Staniford Nicholas Weaver CAIDA & UCSD CSE ICIR & LBNL UCSD CSE CAIDA Silicon

More information

IJREAT International Journal of Research in Engineering & Advanced Technology, Volume 1, Issue 1, March, 2013 ISSN: 2320-8791 www.ijreat.

IJREAT International Journal of Research in Engineering & Advanced Technology, Volume 1, Issue 1, March, 2013 ISSN: 2320-8791 www.ijreat. Intrusion Detection in Cloud for Smart Phones Namitha Jacob Department of Information Technology, SRM University, Chennai, India Abstract The popularity of smart phone is increasing day to day and the

More information

Virus Protection Across The Enterprise

Virus Protection Across The Enterprise White Paper Virus Protection Across The Enterprise How Firewall, VPN and /Content Security Work Together Juan Pablo Pereira Sr. Technical Marketing Manager Juniper Networks, Inc. 1194 North Mathilda Avenue

More information

Symptoms Based Detection and Removal of Bot Processes

Symptoms Based Detection and Removal of Bot Processes Symptoms Based Detection and Removal of Bot Processes 1 T Ravi Prasad, 2 Adepu Sridhar Asst. Prof. Computer Science and engg. Vignan University, Guntur, India 1 Thati.Raviprasad@gmail.com, 2 sridharuce@gmail.com

More information

PROTECTING YOUR MAILBOXES. Features SECURITY OF INFORMATION TECHNOLOGIES

PROTECTING YOUR MAILBOXES. Features SECURITY OF INFORMATION TECHNOLOGIES PROTECTING YOUR MAILBOXES Features SECURITY OF INFORMATION TECHNOLOGIES In 2013, 50% of businesses would have experienced a virus infection by e-mail. Electronic mail remains one of the preferred vectors

More information

Use of Honeypot and IP Tracing Mechanism for Prevention of DDOS Attack

Use of Honeypot and IP Tracing Mechanism for Prevention of DDOS Attack Use of Honeypot and IP Tracing Mechanism for Prevention of DDOS Attack Shantanu Shukla 1, Sonal Sinha 2 1 Pranveer Singh Institute of Technology, Kanpur, Uttar Pradesh, India 2 Assistant Professor, Pranveer

More information

DISTRIBUTED LOW-INTERACTION HONEYPOT SYSTEM TO DETECT BOTNETS

DISTRIBUTED LOW-INTERACTION HONEYPOT SYSTEM TO DETECT BOTNETS DISTRIBUTED LOW-INTERACTION HONEYPOT SYSTEM TO DETECT BOTNETS GONG JIAN 2 jgong@njnet.edu.cn Jiangsu Key Laboratory of Computer Networking Technology, China, Nanjing, Southeast University AHMAD JAKALAN

More information

On the Performance of SWORD in Detecting Zero-Day-Worm-Infected Hosts

On the Performance of SWORD in Detecting Zero-Day-Worm-Infected Hosts On the Performance of SWORD in Detecting Zero-Day-Worm-Infected Hosts Shad Stafford University of Oregon staffors@cs.uoregon.edu Jun Li University of Oregon lijun@cs.uoregon.edu Toby Ehrenkranz University

More information

Security+ Guide to Network Security Fundamentals, Third Edition. Chapter 2 Systems Threats and Risks

Security+ Guide to Network Security Fundamentals, Third Edition. Chapter 2 Systems Threats and Risks Security+ Guide to Network Security Fundamentals, Third Edition Chapter 2 Systems Threats and Risks Objectives Describe the different types of software-based attacks List types of hardware attacks Define

More information

Peer-to-Peer Systems: "A Shared Social Network"

Peer-to-Peer Systems: A Shared Social Network Peer-to-Peer Systems: "A Shared Social Network" Nguyen Hoang Anh Helsinki University of Technology hanguyen@cc.hut.fi Abstract In the last few years, the success of the Napster online music sharing program

More information

Denial of Service Attack Detection using Extended Analog Computers

Denial of Service Attack Detection using Extended Analog Computers Denial of Service Attack Detection using Extended Analog Computers Craig Shue, Brian Kopecky, Chris Weilemann Computer Science Department, Indiana University Bloomington, IN, U.S.A. {cshue, bkopecky, cweilema}@cs.indiana.edu

More information

1. Thwart attacks on your network.

1. Thwart attacks on your network. An IDPS can secure your enterprise, track regulatory compliance, enforce security policies and save money. 10 Reasons to Deploy an Intrusion Detection and Prevention System Intrusion Detection Systems

More information

LASTLINE WHITEPAPER. The Holy Grail: Automatically Identifying Command and Control Connections from Bot Traffic

LASTLINE WHITEPAPER. The Holy Grail: Automatically Identifying Command and Control Connections from Bot Traffic LASTLINE WHITEPAPER The Holy Grail: Automatically Identifying Command and Control Connections from Bot Traffic Abstract A distinguishing characteristic of bots is their ability to establish a command and

More information

Lecture 13 - Network Security

Lecture 13 - Network Security Lecture 13 - Network Security CSE497b - Spring 2007 Introduction Computer and Network Security Professor Jaeger www.cse.psu.edu/~tjaeger/cse497b-s07/ Exploiting the network... The Internet is extremely

More information

Second-generation (GenII) honeypots

Second-generation (GenII) honeypots Second-generation (GenII) honeypots Bojan Zdrnja CompSci 725, University of Auckland, Oct 2004. b.zdrnja@auckland.ac.nz Abstract Honeypots are security resources which trap malicious activities, so they

More information

Multifaceted Approach to Understanding the Botnet Phenomenon

Multifaceted Approach to Understanding the Botnet Phenomenon Multifaceted Approach to Understanding the Botnet Phenomenon Christos P. Margiolas University of Crete A brief presentation for the paper: Multifaceted Approach to Understanding the Botnet Phenomenon Basic

More information

SECURE SHARING AND COMMUNICATION. Protection for servers, email and collaboration

SECURE SHARING AND COMMUNICATION. Protection for servers, email and collaboration SECURE SHARING AND COMMUNICATION Protection for servers, email and collaboration THE VALUE OF SECURITY Most malware attacks use software vulnerabilities to reach their targets. Only 90% of malware attacks

More information

The Design and Evaluation of a Defense System for Internet Worms

The Design and Evaluation of a Defense System for Internet Worms The Design and Evaluation of a Defense System for Internet Worms Riccardo Scandariato Dipartimento di Automatica e Informatica Politecnico di Torino Corso Duca degli Abruzzi, 24 10129 Torino, Italy Phone:

More information

isheriff CLOUD SECURITY

isheriff CLOUD SECURITY isheriff CLOUD SECURITY isheriff is the industry s first cloud-based security platform: providing fully integrated endpoint, Web and email security, delivered through a single Web-based management console

More information

IBM Protocol Analysis Module

IBM Protocol Analysis Module IBM Protocol Analysis Module The protection engine inside the IBM Security Intrusion Prevention System technologies. Highlights Stops threats before they impact your network and the assets on your network

More information

Automotive Ethernet Security Testing. Alon Regev and Abhijit Lahiri

Automotive Ethernet Security Testing. Alon Regev and Abhijit Lahiri Automotive Ethernet Security Testing Alon Regev and Abhijit Lahiri 1 Automotive Network Security Cars are evolving Number of ECUs, sensors, and interconnects is growing Moving to Ethernet networks utilizing

More information

Data Driven Assessment of Cyber Risk:

Data Driven Assessment of Cyber Risk: Data Driven Assessment of Cyber Risk: Challenges in Assessing and Mitigating Cyber Risk Mustaque Ahamad, Saby Mitra and Paul Royal Georgia Tech InformationSecurity Center Georgia Tech Research Institute

More information

Conficker by the numbers

Conficker by the numbers Conficker by the numbers Sebastián Bortnik Security Analyst at ESET Latin America This is a translation for ESET LLC of a document previously available in Spanish by ESET Latin America (see http://eset-la.com/centro-amenazas/2241-conficker-numeros).

More information

BOTNET SPREADING DETECTION AND PREVENTION VIA WEBSITES

BOTNET SPREADING DETECTION AND PREVENTION VIA WEBSITES BOTNET SPREADING DETECTION AND PREVENTION VIA WEBSITES Jonas Juknius, Nikolaj Goranin Vilnius Gediminas Technical University, Faculty of Fundamental Sciences Saulėtekio al. 11, 10223 Vilnius In this article

More information

Application of Data Mining based Malicious Code Detection Techniques for Detecting new Spyware

Application of Data Mining based Malicious Code Detection Techniques for Detecting new Spyware Application of Data Mining based Malicious Code Detection Techniques for Detecting new Spyware Cumhur Doruk Bozagac Bilkent University, Computer Science and Engineering Department, 06532 Ankara, Turkey

More information

Study of Virus Propagation Model Under the Cloud

Study of Virus Propagation Model Under the Cloud Tongrang Fan, Yanjing Li, Feng Gao School of Information Science and Technology, Shijiazhuang Tiedao University, Shijiazhuang, 543, China Fantr29@26.com, 532465444 @qq.com, f.gao@live.com bstract. The

More information

Real-time Network Monitoring and Security Platform for Securing Next-Generation Network. Assoc. Prof. Dr. Sureswaran Ramadass

Real-time Network Monitoring and Security Platform for Securing Next-Generation Network. Assoc. Prof. Dr. Sureswaran Ramadass Real-time Network Monitoring and Security Platform for Securing Next-Generation Network Assoc. Prof. Dr. Sureswaran Ramadass The platform Definition A description of a software framework that makes services

More information

End-user Security Analytics Strengthens Protection with ArcSight

End-user Security Analytics Strengthens Protection with ArcSight Case Study for XY Bank End-user Security Analytics Strengthens Protection with ArcSight INTRODUCTION Detect and respond to advanced persistent threats (APT) in real-time with Nexthink End-user Security

More information

COMP-530 Cryptographic Systems Security *Requires Programming Background. University of Nicosia, Cyprus

COMP-530 Cryptographic Systems Security *Requires Programming Background. University of Nicosia, Cyprus COMP-530 Cryptographic Systems Security *Requires Programming Background University of Nicosia, Cyprus Course Code Course Title ECTS Credits COMP-530 Cryptographic Systems 10 Security Department Semester

More information

Secure Your Mobile Workplace

Secure Your Mobile Workplace Secure Your Mobile Workplace Sunny Leung Senior System Engineer Symantec 3th Dec, 2013 1 Agenda 1. The Threats 2. The Protection 3. Q&A 2 The Mobile Workplaces The Threats 4 Targeted Attacks up 42% in

More information

HOW TO PREVENT SPAM AND MALWARE IN MAIL MOST EFFECTIVELY Index 1. Battling the increase in malware 2 2. Addressing the surplus of spam 3 3. The mail server A critical vulnerability 4 3.1 Denial of Service

More information

Comparison of Firewall, Intrusion Prevention and Antivirus Technologies

Comparison of Firewall, Intrusion Prevention and Antivirus Technologies White Paper Comparison of Firewall, Intrusion Prevention and Antivirus Technologies How each protects the network Juan Pablo Pereira Technical Marketing Manager Juniper Networks, Inc. 1194 North Mathilda

More information