The Effect of Infection Time on Internet Worm Propagation
|
|
- Aldous Walton
- 8 years ago
- Views:
Transcription
1 The Effect of Infection Time on Internet Worm Propagation Erika Rice The Effect of Infection Time oninternet Worm Propagation p 1
2 Background Worms are self propagating programs that spread over a network, usually the Internet Unlike viruses, worms are not dependent on other programs, like clients Worms spread by scanning the network for vulnerable machines and then infecting them The Effect of Infection Time oninternet Worm Propagation p 2
3 Worm Spread Internet worms can spread devastatingly quickly July 2001: Code Red infects 359,000 computers in less than 14 hours January 2003: SQL Slammer infects 75,000 computers in 10 minutes August 2003: MSBlaster infects 120,000 computers in 24 hours The Effect of Infection Time oninternet Worm Propagation p 3
4 Existing Models Propagation Models Staniford, Paxson & Weavers s Random Constant Spread Model (RCS) Kephart & White s Epidemiological Model Kermack-Mckendrick Epidemic Model Chen, Gao & Kwiat s Analytical Active Worm Propagation Model (AAWP) Specialized Models Williamson & Léveillé s Virus Scanner Model Zou, Gong & Towsley s Dynamic Quarantine Model The Effect of Infection Time oninternet Worm Propagation p 4
5 Infection Time These models ignore the fact that computers are not infected instantaneously It takes time for the worm to transer its code to the infected machine Does transfer time significantly effect the time it takes a worm to spread? The Effect of Infection Time oninternet Worm Propagation p 5
6 Approach Extend the Kermack-Mckendrick Epidemic Model to have a state for scanned computers The Effect of Infection Time oninternet Worm Propagation p 6
7 Assumptions Computers are not entering the network Removed computers never re-enter the network Computers are only removed after they have been fully infected Any computer can reach any other computer in one hop, and scanning is random The network is large The worm in running on an IPv4 network Infected machines rarely scan the same machine at the same time The network speed is not affected by the worm The Effect of Infection Time oninternet Worm Propagation p 7
8 Assumptions Computers are not entering the network Removed computers never re-enter the network Computers are only removed after they have been fully infected Any computer can reach any other computer in one hop, and scanning is random The network is large The worm in running on an IPv4 network Infected machines rarely scan the same machine at the same time The network speed is not affected by the worm The Effect of Infection Time oninternet Worm Propagation p 7
9 My Model: Populations Define the following populations: V : Vulnerable machines S: Scanned machines I: Infected machines R: Removed machines The Effect of Infection Time oninternet Worm Propagation p 8
10 My Model: Constants Define the following constants: η: Scans per second from an infected machine β: η 2 32, the chance a scan hits a real IP address γ: Removal rate of infected machines γ 1 is the average number of seconds an infected machine will spread the worm τ: The average network transfer rate in KB/s σ: The size of the worm in KB The Effect of Infection Time oninternet Worm Propagation p 9
11 My Model: Equations dv dt = βiv di dt = τ σ S γi ds dt = βiv τ σ S dr dt = γi The Effect of Infection Time oninternet Worm Propagation p 10
12 Results: Code Red These results show the effect of scanning for the Code Red worm For this simulation V 0 = 500,000, I 0 = 1, t max = 100 hours, η = 2 scans/s, and γ = For the scanning model (right) σ = 4 KB, τ = 001 KB/s 5 x 105 Worm Spread Under the Kermack Mckendrick Epidemic Model 5 x 105 Worm Spread Under the Scanning Model Population size % of total population Infected Removed Vulnerable Population size % of total population Infected Removed Vulnerable Scanned time (hours) time (hours) The Effect of Infection Time oninternet Worm Propagation p 11
13 Results: SQL Slammer These results show the effect of scanning for the Code Red worm For this simulation V 0 = 75,000, I 0 = 10, t max = 600 seconds, η = 4000 scans/s, and γ = For the scanning model (right) σ = 04 KB, τ = 001 KB/s 8 x 104 Worm Spread Under the Kermack Mckendrick Epidemic Model 8 x 104 Worm Spread Under the Scanning Model Population size % of total population Infected Removed Vulnerable Population size % of total population Infected Removed Vulnerable Scanned time (seconds) time (seconds) The Effect of Infection Time oninternet Worm Propagation p 12
14 Analysis Choice of network speed: 001 KB/s reflects the network slowing due to the worm Code Red: The download time for the worm is not significant when the scan rate is low SQL Slammer: The download time for the worm is significant when the scan rate is high Extensions: Model the network speed as a function of the number of infected computers The Effect of Infection Time oninternet Worm Propagation p 13
15 References [1] David Becker & Matt Hines FBI arrests MSBlast worm suspect [2] CAIDA Analysis of Code Red [3] Zesheng Chen, Lixin Gao, & Kevin Kwiat Modeling the Spread of Active Worms wwwlabreatechnologiescom/aawppdf [4] Cliff Changchun Zou, Weibo Gong, & Don Towsley Worm Propagation Modeling and Analysis under Dynamic Quarantine Defense tennisecsumassedu/~czou/research/dynamicquarantinepdf [5] Kimberly Claffy Internet traffic characterization citeseeristpsuedu/claffy94internethtml [6] David Moore, Vern Paxson, Stefan Savage, Colleen Shannon, Stuart Staniford, & Nicholas Weaver The Spread of the Sapphire/Slammer Worm The Effect of Infection Time oninternet Worm Propagation p 14
Intelligent Worms: Searching for Preys
Intelligent Worms: Searching for Preys By Zesheng Chen and Chuanyi Ji ABOUT THE AUTHORS. Zesheng Chen is currently a Ph.D. Candidate in the Communication Networks and Machine Learning Group at the School
More informationRouting Worm: A Fast, Selective Attack Worm based on IP Address Information
Routing Worm: A Fast, Selective Attack Worm based on IP Address Information Cliff C. Zou, Don Towsley, Weibo Gong, Songlin Cai Department of Electrical & Computer Engineering Department of Computer Science
More informationOptimal worm-scanning method using vulnerable-host distributions
Optimal worm-scanning method using vulnerable-host distributions Zesheng Chen and Chuanyi Ji School of Electrical & Computer Engineering Georgia Institute of Technology, Atlanta, Georgia 3332 Email: {zchen,
More informationIPv4 Routing Worm - A Fast, Selective Attack
1 Routing Worm: A Fast, Selective Attack Worm based on IP Address Information Cliff C. Zou, Don Towsley, Weibo Gong, Songlin Cai Department of Electrical & Computer Engineering Department of Computer Science
More informationThe Spread of the Sapphire/Slammer Worm
The Spread of the Sapphire/Slammer Worm By (in alphabetical order) David Moore Vern Paxson Stefan Savage Colleen Shannon Stuart Staniford Nicholas Weaver CAIDA & UCSD CSE ICIR & LBNL UCSD CSE CAIDA Silicon
More informationSource Code Analysis of Worms
Source Code Analysis of Worms Puja Bajaj, Arjun Guha Roy Department of Computer Science St. Cloud State University, St. Cloud MN 56301 bapu0201@stcloudstate.edu, roar0301@stcloudstate.edu Abstract New
More informationEffective Worm Detection for Various Scan Techniques
Effective Worm Detection for Various Scan Techniques Jianhong Xia, Sarma Vangala, Jiang Wu and Lixin Gao Department of Electrical and Computer Engineering University of Massachusetts at Amherst Amherst,
More informationA Study of Mass-mailing Worms
A Study of Mass-mailing Worms Cynthia Wong, Stan Bielski, Jonathan M. McCune, Chenxi Wang Carnegie Mellon University 5 Forbes Avenue, Pittsburgh, PA, 15213 {cindywon, bielski, jonmccune, chenxi}@cmu.edu
More informationUnderstanding the Behavior of Internet Worm through PArallel Worm Simulator (PAWS)
Understanding the Behavior of Internet Worm through PArallel Worm Simulator (PAWS) Tiffany Tachibana Computer Science and lnformation Technology California State University, Monteray Bay ttachibana@csumb.edu
More informationReview Study on Techniques for Network worm Signatures Automation
Review Study on Techniques for Network worm Signatures Automation 1 Mohammed Anbar, 2 Sureswaran Ramadass, 3 Selvakumar Manickam, 4 Syazwina Binti Alias, 5 Alhamza Alalousi, and 6 Mohammed Elhalabi 1,
More informationREQUIREMENTS ON WORM MITIGATION TECHNOLOGIES IN MANETS
REQUIREMENTS ON WORM MITIGATION TECHNOLOGIES IN MANETS Robert G. Cole and Nam Phamdo JHU Applied Physics Laboratory {robert.cole,nam.phamdo}@jhuapl.edu Moheeb A. Rajab and Andreas Terzis Johns Hopkins
More informationCSE331: Introduction to Networks and Security. Lecture 15 Fall 2006
CSE331: Introduction to Networks and Security Lecture 15 Fall 2006 Worm Research Sources "Inside the Slammer Worm" Moore, Paxson, Savage, Shannon, Staniford, and Weaver "How to 0wn the Internet in Your
More informationDynamic Quarantine of Internet Worms
The International Conference on Dependable Systems and Networks (DSN-24). Palazzo dei Congressi, Florence, Italy. June 28th - July, 24. Dynamic Quarantine of Internet Worms Cynthia Wong, Chenxi Wang, Dawn
More informationCode Red Worm Propagation Modeling and Analysis
Code Red Worm Propagation Modeling and Analysis Cliff Changchun Zou Dept. Electrical & Computer Engineering Univ. Massachusetts Amherst, MA czou@ecs.umass.edu Weibo Gong Dept. Electrical & Computer Engineering
More informationHow To Attack A Server With A Ddos Attack On A Zombie Army Of Your Computer (For A Free Download)
Outline Early DoS and Worms Ben Wilde 7 February, 2005 Comp 290 Network Intrusion Detection Introduction to worms Potential damage that *could* be caused (theoretical) Examples of recent worms and DoS
More informationHow do DoS attacks work? CSE 123b Communications Software. Step 1: Attacker infiltrates machines. Step 2: Attacker sends commands to handler
CSE 123b Communications Software Spring 2003 Lecture 16: Network Security II Stefan Savage How do DoS attacks work? Denial-of-service attacks Logic: exploit bugs to cause crash» e.g. Ping-of-Death, Land
More informationHow To Understand The History Of The Witty Worm
The Spread of the Witty Worm Colleen Shannon David Moore cshannon @ caida.org dmoore @ caida.org www.caida.org SDRIW, June 15, 2004 UCSD CSE What is CAIDA? Cooperative Association for Internet Data Analysis
More informationPeer to Peer Networks for Defense Against Internet Worms
Peer to Peer etworks for Defense Against Internet Worms Srinivas Shakkottai Dept. of Electrical and Computer Engineering and Coordinated Science Laboratory University of Illinois at Urbana-Champaign sshakkot@uiuc.edu
More informationMODELING AND DEFENDING AGAINST INTERNET WORM ATTACKS
MODELING AND DEFENDING AGAINST INTERNET WORM ATTACKS A Thesis Presented to The Academic Faculty by Zesheng Chen In Partial Fulfillment of the Requirements for the Degree Doctor of Philosophy in the School
More informationA Firewall Network System for Worm Defense in Enterprise Networks
1 A Firewall Network System for Worm Defense in Enterprise Networks Cliff C. Zou, Don Towsley, Weibo Gong {czou,gong}@ecs.umass.edu, towsley@cs.umass.edu Univ. Massachusetts, Amherst Technical Report:
More informationDistributed Worm Simulation with a Realistic Internet Model
Distributed Worm Simulation with a Realistic Internet Model Songjie Wei, Jelena Mirkovic, Martin Swany Computer & Information Sciences University of Delaware Newark, DE 19716 (weis, sunshine, swany@cis.udel.edu)
More informationFeedback Email Worm Defense System for Enterprise Networks
Feedback Email Worm Defense System for Enterprise Networks Cliff C. Zou*, Weibo Gong*, Don Towsley *Dept. Electrical & Computer Engineering Dept. Computer Science University of Massachusetts, Amherst Technical
More informationA Real-Time Network Traffic Based Worm Detection System for Enterprise Networks
A Real-Time Network Traffic Based Worm Detection System for Enterprise Networks Long-Quan Zhao 1, Seong-Chul Hong 1, Hong-Taek Ju 2 and James Won-Ki Hong 1 1 Dept. of Computer Science and Engineering,
More informationSapphire/Slammer Worm. Code Red v2. Sapphire/Slammer Worm. Sapphire/Slammer Worm. Sapphire/Slammer Worm. Why Was Slammer So Fast?
First Worm Ever Morris Worm Robert Morris, a PhD student at Cornell, was interested in network security He created the first worm with a goal to have a program live on the Internet in November 9 Worm was
More informationSpectral Flatness Measurements for Detection of C-Worms
Spectral Flatness Measurements for Detection of C-Worms Rajesh Jaladi #1, Mr. Rakesh Nayak #`2 #1M.tech Student,Dept of CSE, 1 Sri Vasavi Engineering College, Tadepalligudem, Andhra Pradesh, #2Assoc.Professor,Dept
More informationModeling Computer Worm Propagation. Renata Aryanti Ilya Perepelitsky Justin Pettit
Modeling Computer Worm Propagation Renata Aryanti Ilya Perepelitsky Justin Pettit Background Computer worms are self-replicating programs that spread between systems on a network. They often randomly generate
More informationCIS 551 / TCOM 401 Computer and Network Security. Spring 2006 Lecture 21
CIS 551 / TCOM 401 Computer and Network Security Spring 2006 Lecture 21 Outline for Today (and Next Time) Containing worms and viruses Detecting viruses and worms Intrusion detection in general Defenses
More informationSOURCE CODE ANALYSIS AND PERFORMANCE MODELING OF MALWARE
SOURCE CODE NLYSIS ND PERFORMNCE MODELING OF MLWRE nand Mylavarapu, nil Chukkapalli Computer Science Department St. Cloud State University St. Cloud, MN-56301 myan0301@stcloudstate.edu bstract The exponential
More informationVolume 2, Issue 9, September 2014 International Journal of Advance Research in Computer Science and Management Studies
Volume 2, Issue 9, September 2014 International Journal of Advance Research in Computer Science and Management Studies Research Article / Survey Paper / Case Study Available online at: www.ijarcsms.com
More informationIntelligent System for Worm Detection
Intelligent System for Worm Detection Ibrahim A. Farag Faculty of Computers and Information Cairo University Egypt Mohammed A. Shouman Faculty of Computers and Information, Zagazig University Egypt Tarek
More informationOn the Performance of SWORD in Detecting Zero-Day-Worm-Infected Hosts
On the Performance of SWORD in Detecting Zero-Day-Worm-Infected Hosts Shad Stafford University of Oregon staffors@cs.uoregon.edu Jun Li University of Oregon lijun@cs.uoregon.edu Toby Ehrenkranz University
More informationCMSF: Cooperative Mobile Network Security Information Distribution Framework
CMSF: Cooperative Mobile Network Security Information Distribution Framework Nobutaka Kawaguchi, Yusuke Azuma, Shinya Tahara, Hidekazu Shiozawa, Hiroshi Shigeno and Ken-ichi Okada Faculty of Science and
More informationAn Approach against a Computer Worm Attack
48 An Approach against a Computer Worm Attack Ossama Toutonji and Seong-Moo Yoo University of Alabama in untsville, Department of Electrical and Computer Engineering, untsville, Alabama 35899, USA {toutono;
More informationLeast Effort Strategies for Cybersecurity
GORMAN, KULKARNI, SCHINTLER, AND STOUGH: LEAST EFFORT STRATEGIES FOR CYBERSECURITY 1 Least Effort Strategies for Cybersecurity Sean P. Gorman*, Rajendra G. Kulkarni, Laurie A. Schintler, Ph.D., and Roger
More informationOn Friday, 19 March 2004, at approximately 8:45
Editors: Elias Levy, aleph@securityfocus.com Iván Arce, ivan.arce@coresecurity.com The Spread of the Witty Worm COLLEEN SHANNON AND DAVID MOORE Cooperative Association for Internet Data Analysis (CAIDA)
More informationDefending Against Internet Worms: A Signature-Based Approach
Defending Against Internet Worms: A Signature-Based Approach Yong Tang Shigang Chen Department of Computer & Information Science & Engineering University of Florida, Gainesville, FL 32611-612, USA {yt1,
More informationUsing Plant Epidemiological Methods To Track Computer Network Worms
Using Plant Epidemiological Methods To Track Computer Network Worms Rishikesh Pande Thesis submitted to the faculty of Virginia Polytechnic Institute and State University in partial fulfillment of the
More informationLecture 19 - Network Security
Lecture 19 - Network Security CMPSC 443 - Spring 2012 Introduction Computer and Network Security Professor Jaeger www.cse.psu.edu/~tjaeger/cse443-s12/ Exploiting the network... The Internet is extremely
More informationDesigning a Framework for Active Worm Detection on Global Networks
Designing a Framework for Active Worm Detection on Global Networks Vincent Berk vberk@ists.dartmouth.edu Robert Morris Robert.Morris.Sr@dartmouth.edu George Bakos gbakos@ists.dartmouth.edu Institute for
More informationA Worst-Case Worm. Abstract. 1 Introduction. June 8, 2004
A Worst-Case Worm Nicholas Weaver International Computer Science Institute nweaver@icsi.berkeley.edu Vern Paxson International Computer Science Institute vern@icir.org June 8, 2004 Abstract Worms represent
More informationTowards End-to-End Security
Towards End-to-End Security Thomas M. Chen Dept. of Electrical Engineering Southern Methodist University PO Box 750338 Dallas, TX 75275-0338 USA Tel: 214-768-8541 Fax: 214-768-3573 Email: tchen@engr.smu.edu
More informationInferring Internet Denial-of
Inferring Internet Denial-of of-service Activity Geoffrey M. Voelker University of California, San Diego Joint work with David Moore (CAIDA/UCSD) and Stefan Savage (UCSD) Simple Question We were interested
More informationTartarus: A honeypot based malware tracking and mitigation framework
Tartarus: A honeypot based malware tracking and mitigation framework Samuel Oswald Hunter Dept. Computer Science Rhodes University Grahamstown, South Africa Email: shunter.dot@gmail.com Barry Irwin Dept.
More informationEvaluation of collaborative worm containment on the DETER testbed
Evaluation of collaborative worm containment on the DETER testbed L. Li, P. Liu, Y.C. Jhi, G. Kesidis College of Information Sciences & Technology Computer Science and Engineering and Electrical Engineering
More informationAnalysis of Attacks towards Turkish National Academic Network
Analysis of Attacks towards Turkish National Academic Network Murat SOYSAL, Onur BEKTAŞ Abstract Monitoring unused IP address is an emerging method for capturing Internet security threads. Either an attack
More informationCSE331: Introduction to Networks and Security. Lecture 14 Fall 2006
CSE331: Introduction to Networks and Security Lecture 14 Fall 2006 Announcements Homework 1 has been graded: Class average: 82 Std. Dev.: 13 CSE331 Fall 2004 2 Malicious Code Trapdoors (e.g. debugging
More informationDefending Computer Networks Lecture 9: Worms/Firewalls. Stuart Staniford Adjunct Professor of Computer Science
Defending Computer Networks Lecture 9: Worms/Firewalls Stuart Staniford Adjunct Professor of Computer Science Quiz Twenty Minutes (10:10-10:30am) No notes/laptops/tablets/phones/etc Write name/net- id
More informationINTRUSION DETECTION SYSTEMS. Edited by Pawel Skrobanek
INTRUSION DETECTION SYSTEMS Edited by Pawel Skrobanek Intrusion Detection Systems Edited by Pawel Skrobanek Published by InTech Janeza Trdine 9, 51000 Rijeka, Croatia Copyright 2011 InTech All chapters
More information2-5 DAEDALUS: Practical Alert System Based on Large-scale Darknet Monitoring for Protecting Live Networks
2-5 DAEDALUS: Practical Alert System Based on Large-scale Darknet Monitoring for Protecting Live Networks A darknet is a set of globally announced unused IP addresses and using it is a good way to monitor
More informationSimulating Realistic Network Worm Traffic for Worm Warning System Design and Testing
Simulating Realistic Network Worm Traffic for Worm Warning System Design and Testing Michael Lilenstam David M. Nicol Vincent H. Berk Robert S. Gray {mili,nicol,vberk,rgray}@ists.dartmouth.edu Institute
More informationSlammer (sometimes called Sapphire) was the
Inside the Slammer Worm Slammer Worm Dissection DAVID MOORE Cooperative Association for Internet Data Analysis and University of California, San Diego VERN PAXSON International Computer Science Institute
More informationLecture 13 - Network Security
Lecture 13 - Network Security CSE497b - Spring 2007 Introduction Computer and Network Security Professor Jaeger www.cse.psu.edu/~tjaeger/cse497b-s07/ Exploiting the network... The Internet is extremely
More informationModel-Based Analysis of Two Fighting Worms
ICCCE '6, Kuala Lumpur, alaysia, ay 26, Vol-I, Page 157-163. odel-based Analysis of Two Fighting Worms Zakiya. Tamimi 1 1 Faculty of Information Technology Arab American University- Jenin Jenin, Palestine,
More informationSoftware & Hardware Security
Software & Hardware Security Erik Poll Digital Security group Radboud University Nijmegen The Netherlands Nijmegen 2 Digital Security group Rigorous & formal methods to design & analyse secure ICT systems
More informationHotspots: The Root Causes of Non-Uniformity in Self-Propagating Malware
Hotspots: The Root Causes of Non-Uniformity in Self-Propagating Malware Evan Cooke, Z. Morley Mao, Farnam Jahanian Department of Electrical Engineering and Computer Science University of Michigan {emcooke,
More informationComputer Security DD2395
Computer Security DD2395 http://www.csc.kth.se/utbildning/kth/kurser/dd2395/dasakh11/ Fall 2011 Sonja Buchegger buc@kth.se Lecture 7 Malicious Software DD2395 Sonja Buchegger 1 Course Admin Lab 2: - prepare
More informationWorm Traffic Analysis and Characterization
This full text paper was peer reviewed at the direction of IEEE Communications Society subject matter experts for publication in the ICC 7 proceedings. Worm Traffic Analysis and Characterization Alberto
More informationParadigmatic and Exploration of Blind Worm
Paradigmatic and Exploration of Blind Worm Yellamandaiah Gogula 1, E.Jhansi Rani 2 1Pursuing M.Tech(CSE), 2Asst. Professor, Department of Computer Science Engineering, Nalanda Institute of Engineering
More informationUsing Predators to Combat Worms and Viruses: A Simulation-Based Study
Using Predators to Combat Worms and Viruses: A Simulation-Based Study Ajay Gupta, Daniel C. DuVarney Department of Computer Science Stony Brook University Stony Brook, NY 11794 {ajay,dand}@cs.sunysb.edu
More informationWORMS : attacks, defense and models. Presented by: Abhishek Sharma Vijay Erramilli
WORMS : attacks, defense and models Presented by: Abhishek Sharma Vijay Erramilli What is a computer worm? Is it not the same as a computer virus? A computer worm is a program that selfpropagates across
More informationAn Analysis on Distribution of Malicious Packets and Threats over the Internet
An Analysis on Distribution of Malicious Packets and Threats over the Internet Masaki Ishiguro Mitsubishi Research Institute 3-6 Otemachi 2-Chome, Chiyoda-ku, Tokyo, Japan masa@mri.co.jp Shigeki Goto Waseda
More informationNonlinear Analysis: Real World Applications
Nonlinear Analysis: Real World Applications 11 (21) 4335 4341 Contents lists available at ScienceDirect Nonlinear Analysis: Real World Applications journal homepage: www.elsevier.com/locate/nonrwa Fuzzy
More informationHow to Detect and Prevent Cyber Attacks
Distributed Intrusion Detection and Attack Containment for Organizational Cyber Security Stephen G. Batsell 1, Nageswara S. Rao 2, Mallikarjun Shankar 1 1 Computational Sciences and Engineering Division
More informationWorkshop on Infrastructure Security and Operational Challenges of Service Provider Networks
Workshop on Infrastructure Security and Operational Challenges of Service Provider Networks Farnam Jahanian University of Michigan and Arbor Networks IFIP Working Group 10.4 June 29-30, 2006 What s the
More informationVigilante and WormCatapults
Network Worm Containment Using Approach Akinwumi David Information and Communication Application Centre, Adekunle Ajasin University, Akungba-Akoko, Ondo State, Nigeria Alese Boniface Kayode & Oluwadare
More information1 Introduction. Agenda Item: 7.23. Work Item:
3GPP TSG SA WG3 Security S3#34 S3-040583 6-9 Jul 2004 updated S3-040566 Acapulco, Mexico Title: Selective Disabling of UE Capabilities; updated S3-040566 based on the comments on SA3 mailing list Source:
More informationMalware: Malicious Software
Malware: Malicious Software 10/21/2010 Malware 1 Viruses, Worms, Trojans, Rootkits Malware can be classified into several categories, depending on propagation and concealment Propagation Virus: human-assisted
More informationOn the Development of an Internetwork-centric Defense for Scanning Worms
On the Development of an Internetwork-centric Defense for Scanning Worms Scott E. Coull Department of Computer Science University of North Carolina 01 South Columbia Street Chapel Hill, NC 7599, USA scoull@cs.unc.edu
More informationCryptography and Network Security Chapter 21. Malicious Software. Backdoor or Trapdoor. Logic Bomb 4/19/2010. Chapter 21 Malicious Software
Cryptography and Network Security Chapter 21 Fifth Edition by William Stallings Chapter 21 Malicious Software What is the concept of defense: The parrying of a blow. What is its characteristic feature:
More informationThreats. Physical Threats. Digital Threats CIS/CSE 583. By and large, the physical world is a safe place. This is also true for Cyberspace
Threats CIS/CSE 583 Physical Threats By and large, the physical world is a safe place Very few people are attacked each day Very few businesses are robbed But the nightly news plays up each such event
More informationStudy of Virus Propagation Model Under the Cloud
Tongrang Fan, Yanjing Li, Feng Gao School of Information Science and Technology, Shijiazhuang Tiedao University, Shijiazhuang, 543, China Fantr29@26.com, 532465444 @qq.com, f.gao@live.com bstract. The
More information1 Introduction. Agenda Item: 7.23. Work Item:
3GPP TSG SA WG3 Security S3#34 S3-040682 6-9 Jul 2004 updated S3-040632 Acapulco, Mexico Title: Selective Disabling of UE Capabilities; updated S3-040583 based on the comments in SA3#34 meeting Source:
More informationMalicious Software. Malicious Software. Overview. Backdoor or Trapdoor. Raj Jain. Washington University in St. Louis
Malicious Software Overview Raj Jain Washington University in Saint Louis Saint Louis, MO 63130 Jain@cse.wustl.edu Audio/Video recordings of this lecture are available at: http://www.cse.wustl.edu/~jain/cse571-14/
More informationHoneyBOT User Guide A Windows based honeypot solution
HoneyBOT User Guide A Windows based honeypot solution Visit our website at http://www.atomicsoftwaresolutions.com/ Table of Contents What is a Honeypot?...2 How HoneyBOT Works...2 Secure the HoneyBOT Computer...3
More informationFusion and Filtering in Distributed Intrusion Detection Systems
Fusion and Filtering in Distributed Intrusion Detection Systems Paul Barford Somesh Jha Vinod Yegneswaran pb@cs.wisc.edu jha@cs.wisc.edu vinod@cs.wisc.edu University of Wisconsin, Madison Abstract False
More informationThe Design and Evaluation of a Defense System for Internet Worms
The Design and Evaluation of a Defense System for Internet Worms Riccardo Scandariato Dipartimento di Automatica e Informatica Politecnico di Torino Corso Duca degli Abruzzi, 24 10129 Torino, Italy Phone:
More informationAre You at Risk? Profiling Organizations and Individuals Subject to Targeted Attacks
Are You at Risk? Profiling Organizations and Individuals Subject to Targeted Attacks Olivier Thonnard, Leyla Bilge, Anand Kashyap, and Martin Lee Symantec Research Lab, {Olivier Thonnard,Leylya Yumer,Anand
More informationFirewalls and intrusion detection systems
Firewalls and intrusion detection systems Markus Peuhkuri 2005-03-22 Lecture topics Firewalls Security model with firewalls Intrusion detection systems Intrusion prevention systems How to prevent and detect
More informationSelf-Stopping Worms. Justin Ma, Geoffrey M. Voelker, and Stefan Savage
Self-Stopping Worms Justin Ma, Geoffrey M. Voelker, and Stefan Savage Collaborative Center for Internet Epidemiology and Defenses Department of Computer Science and Engineering University of California,
More informationSECURITY TERMS: Advisory Backdoor - Blended Threat Blind Worm Bootstrapped Worm Bot Coordinated Scanning
SECURITY TERMS: Advisory - A formal notice to the public on the nature of security vulnerability. When security researchers discover vulnerabilities in software, they usually notify the affected vendor
More informationInternet Worms, Firewalls, and Intrusion Detection Systems
Internet Worms, Firewalls, and Intrusion Detection Systems Brad Karp UCL Computer Science CS 3035/GZ01 12 th December 2013 Outline Internet worms Self-propagating, possibly malicious code spread over Internet
More informationThe Coremelt Attack. Ahren Studer and Adrian Perrig. We ve Come to Rely on the Internet
The Coremelt Attack Ahren Studer and Adrian Perrig 1 We ve Come to Rely on the Internet Critical for businesses Up to date market information for trading Access to online stores One minute down time =
More informationA Realistic Simulation of Internet-Scale Events
A Realistic Simulation of Internet-Scale Events Songjie Wei and Jelena Mirkovic Department of Computer and Information Sciences University of Delaware Newark, DE 19716 (weis, sunshine)@cis.udel.edu ABSTRACT
More informationA Virtual Honeypot Framework
CITI Technical Report 03-1 A Virtual Honeypot Framework Niels Provos niels@google.com Abstract A honeypot is a closely monitored network decoy serving several purposes: it can distract adversaries from
More informationNetwork Security and the Small Business
Network Security and the Small Business Why network security is important for a small business Many small businesses think that they are less likely targets for security attacks as compared to large enterprises,
More informationHoneypot-Aware Advanced Botnet Construction and Maintenance
Honeypot-Aware Advanced Botnet Construction and Maintenance Cliff C. Zou Ryan Cunningham School of Electrical Engineering and Computer Science University of Central Florida Orlando, FL 32816-2362 {czou,rcunning}@cs.ucf.edu
More informationA Survey Paper on Malicious Computer Worms
A Survey Paper on Malicious Computer Worms I B. Rajesh, II Y.R. Janardhan Reddy, III B. Dillip Kumar Reddy I,II,III Asst. Professor, G.Pulla Reddy Engg. College, Kurnool, Andhra Pradesh, India Abstract
More informationResearch in Computer Viruses and Worms. Tom Chen SMU tchen@engr.smu.edu
Research in Computer Viruses and Worms Tom Chen SMU tchen@engr.smu.edu Outline About Me and SMU Background on Viruses/Worms Research Activities - - - Virus research lab Early detection Epidemic modeling
More informationWORM vs. WORM: Preliminary Study of an Active Counter-Attack Mechanism
WORM vs. WORM: Preliminary Study of an Active Counter-Attack Mechanism Frank Castañeda castanef@us.ibm.com Pervasive Computing Division IBM Software Group Emre Can Sezer ecsezer@ncsu.edu Jun Xu jxu3@ncsu.edu
More informationFrequently Asked Questions for New Electric Mail Administrators 1 Domain Setup/Administration
Frequently Asked Questions for New Electric Mail Administrators 1 Domain Setup/Administration 1.1 How do I access the records of the domain(s) that I administer? To access the domains you administer, you
More informationHoneypot Detection in Advanced Botnet Attacks. Ping Wang, Lei Wu, Ryan Cunningham, Cliff C. Zou
Int. J. Information and Computer Security, Vol. x, No. x, xxxx 1 Honeypot Detection in Advanced Botnet Attacks Ping Wang, Lei Wu, Ryan Cunningham, Cliff C. Zou School of Electrical Engineering and Computer
More informationTowards Better Definitions and Measures of Internet Security (Position Paper)
Towards Better Definitions and Measures of Internet Security (Position Paper) J. Aspnes and J. Feigenbaum Yale University {aspnes,feigenbaum}@cs.yale.edu M. Mitzenmacher and D. Parkes Harvard University
More informationLet the Pirates Patch? An Economic Analysis of Network Software Security Patch Restrictions
Let the Pirates Patch? An Economic Analysis of Network Software Security Patch Restrictions Terrence August and Tunay I. Tunca Graduate School of Business, Stanford University Stanford, CA, 94305 Extended
More informationDetecting Intra-enterprise Scanning Worms based on Address Resolution
Detecting Intra-enterprise Scanning Worms based on Address Resolution David Whyte, aul C. van Oorschot, Evangelos Kranakis School of Computer Science Carleton University, Ottawa, Canada dlwhyte, paulv,
More informationResearch Article Worms Propagation Modeling and Analysis in Big Data Environment
Distributed Sensor Networks Volume 2015, Article ID 985856, 8 pages http://dxdoiorg/101155/2015/985856 Research Article Worms Propagation Modeling and Analysis in Big Data Environment Song He, 1 Can Zhang,
More informationA SURVEY OF INTERNET WORM DETECTION
1ST QUARTER 2008, VOLUME 10, NO. 1 IEEE COMMUNICATIONS SURVEYS The Electronic Magazine of Original Peer-Reviewed Survey Articles www.comsoc.org/pubs/surveys A SURVEY OF INTERNET WORM DETECTION AND CONTAINMENT
More informationCan You Infect Me Now? Malware Propagation in Mobile Phone Networks
Can You Infect Me Now? Malware Propagation in Mobile Phone Networks Chris Fleizach, Michael Liljenstam, Per Johansson, Geoffrey M. Voelker, and András Méhes University of California, San Diego 95 Gilman
More informationSecure and Safe Computing Primer Examples of Desktop and Laptop standards and guidelines
Secure and Safe Computing Primer Examples of Desktop and Laptop standards and guidelines 1. Implement anti-virus software An anti-virus program is necessary to protect your computer from malicious programs,
More informationMalware Defense Using Network Security Authentication
Proceedings of the IEEE International Information Assurance Workshop, 2005 Malware Defense Using Network Security Authentication Joseph V. Antrosio and Errin W. Fulp Wake Forest University Department of
More information(Self-Study) Identify How to Protect Your Network Against Viruses
SECTION 24 (Self-Study) Identify How to Protect Your Network Against Viruses The following objective will be tested: Describe What You Can Do to Prevent a Virus Attack In this section you learn about viruses
More information