Presentation is loading. Please wait.

Presentation is loading. Please wait.

Epidemic Profiles and Defense of Scale-Free Networks L. Briesemeister, P. Lincoln, P. Porras Presented by Meltem Yıldırım CmpE - 588.

Published byNickolas Cook Modified over 7 years ago

Similar presentations

Presentation on theme: "Epidemic Profiles and Defense of Scale-Free Networks L. Briesemeister, P. Lincoln, P. Porras Presented by Meltem Yıldırım CmpE - 588."— Presentation transcript:

1 Epidemic Profiles and Defense of Scale-Free Networks L. Briesemeister, P. Lincoln, P. Porras Presented by Meltem Yıldırım CmpE - 588

2 Meltem YILDIRIM (5.11.2004)2 Agenda  Purpose  Related Work  Epidemic Profiles  Computer Network Topologies  Simulation  Conclusion

3 Meltem YILDIRIM (5.11.2004)3 Purpose  Defending a large network infrastructure from rapidly propagating malicious code  Study: worms, viruses and their infection strategies percolation and epidemic spread in scale-free networks protecting the “network mission” (reliable access to information)

4 Meltem YILDIRIM (5.11.2004)4 e.g. Sapphire Worm Because of the tremendous speed of attacks, we are obligated to search for responsive and rapid defense measures. The geographic spread of Sapphire in 30 min after release

5 Meltem YILDIRIM (5.11.2004)5 Related Work (1)  Moore: “No response time is fast enough to protect against widespread epidemic.”  Albert: “Scale-free networks are resilient against random error, but not against deliberate attack of highly connected nodes.”  Dezsö and Barabási: “Random cures are not very useful but protecting the hubs can rescue the whole network.”

6 Meltem YILDIRIM (5.11.2004)6 Related Work (2)  Pastor-Satorras and Vespignani: worked on the BA model “There is no epidemic threshold that determines prevalence.”  Eguíluz and Klemm: worked on the KE model “There is a finite epidemic threshold that determines prevalence.”

7 Meltem YILDIRIM (5.11.2004)7 Epidemic Profiles (1)  Infection Criteria: The criteria that a host must fullfill (the vulnerabilities that it must possess) in order to be infected.  Worms and viruses make use of these vulnerabilities and apply a number of infection methods Network service buffer overflows Macro and script insertion Deception of binary code  Malicious codes usually use a limited set of the infection methods.

8 Meltem YILDIRIM (5.11.2004)8 Epidemic Profiles (2)  Infection Strategy: the method by which the epidemic seeks new targets  Sequential scanning process in order to find new victims, propagating to the new victims and so on.

9 Meltem YILDIRIM (5.11.2004)9 Epidemic Profiles (3) Methods for Exploring New Victims: MethodDescriptionExample Mail-based use mail services and address books to propagate Melissa virus Topological gather internal topological information on each infected target to seek additional new targets Morris worm Contagion embeds contagions within normal communication channels Active Scanning randomly scans to identify potential targetsCodeRed Coordinated Scanning uses efficient segmentation of IP address space to accelerate scan coverage Warhol worms

10 Meltem YILDIRIM (5.11.2004)10 Computer Network Topologies We divide models of network topologies into two categories: 1. Network models exhibiting a homogeneous degree distribution e.g. random graph (ER model) 2. Network models exhibiting a power law degree distribution (Scale-Free Networks) 2.1. BA Model 2.2. KE Model

11 Meltem YILDIRIM (5.11.2004)11 BA Model (1)  developed by Barabási and Albert  3 parameters: m 0 : the number of initial nodes m: initial degree of every new node attached (m ≤ m 0 ) t: number of time steps  In every time step t, one new node with m new edges is added to the graph.  Preferential attachment: P(k i ) = k i /  j k j where k i is the degree of node i

12 Meltem YILDIRIM (5.11.2004)12 BA Model (2) Example: m 0 = 3, m = 2 t = 1 t = 2 t = 3

13 Meltem YILDIRIM (5.11.2004)13 KE Model (1)  developed by Klemm and Equíluz  2 parameters: m: number of initial nodes t: number of time steps  Start with m fully connected, active nodes. In every time step t, attach one new node to all active nodes. Make the new node active as well. Inactivate one of the nodes according to a probability P(k i ).  P(k i ) = ((  j k j –1 ) k i ) –1  Higher clustering coefficient, more similar to real computer networks

14 Meltem YILDIRIM (5.11.2004)14 KE Model (2) Example: m = 3 (yellow:active, gray:inactive, red:new) t = 1 t = 2 t = 3

15 Meltem YILDIRIM (5.11.2004)15 Fault Tolerance  Theorem: “In a nontrivial KE network with generation parameter m, there are m disjoint paths between any pairs of nodes.”

16 Meltem YILDIRIM (5.11.2004)16 Simulation (1) Assumptions:  N = 50,000 nodes = 1000 LANs containing 50 nodes each  WAN: BA or KE model, LANs: completely connected  m 0 = m = 10 and t = N WAN - m = 100 - 10 = 90 steps  At the beginning of each simulation, a node is infected randomly. Simulation runs for T = 25 time steps.  Infected nodes stay infected, continue to spread disease and do not change back to normal.   : Prevalence: number of infected nodes / number of all nodes If  exceeds a certain threshold, a certain number of most connected nodes are automatically immunized whether they are infected or not. 6 cases: 10 and 100 nodes immunized for  = 20%, 5%, 1%

17 Meltem YILDIRIM (5.11.2004)17 Simulation (2) Threshold  = 20% No response to epidemic 1% nodes immunized 10% nodes immunized

18 Meltem YILDIRIM (5.11.2004)18 Simulation (3) No response to epidemic 1% nodes immunized 10% nodes immunized ( Threshold  = 20% ) ( Threshold  = 1% )

19 Meltem YILDIRIM (5.11.2004)19 Simulation (4) Explanation of Simulation Results:  Although defensive measures are taken, worm spreads extremely rapidly in BA networks. In only a few time steps, majority of the BA network is infected. KE networks are infected much more slowly.  Network defenses that are put in place after the attack can slow down the spread of infection in certain topologies.  It is easier to slow down the spread of infection in KE networks than in BA networks. Usually, there is no time to defend the rest of the computers in BA networks.

20 Meltem YILDIRIM (5.11.2004)20 Conclusion  Some scale-free network topologies are inherently more defensible than others against rapidly spreading malicious code.  With a few alterations, inherently defensible networks can prevent or delay an infection from reaching its maximum potential. Network segmentation Lack of communication channels between vulnerable nodes IP filtering to limit scanning

21 Questions

Download ppt "Epidemic Profiles and Defense of Scale-Free Networks L. Briesemeister, P. Lincoln, P. Porras Presented by Meltem Yıldırım CmpE - 588."

Similar presentations

Peer-to-Peer and Social Networks Power law graphs Small world graphs.

Peer-to-Peer and Social Networks Power law graphs Small world graphs.
Scale Free Networks.

Scale Free Networks.
Code-Red : a case study on the spread and victims of an Internet worm David Moore, Colleen Shannon, Jeffery Brown Jonghyun Kim.

Code-Red : a case study on the spread and victims of an Internet worm David Moore, Colleen Shannon, Jeffery Brown Jonghyun Kim.
Analysis and Modeling of Social Networks Foudalis Ilias.

Analysis and Modeling of Social Networks Foudalis Ilias.
Modeling Malware Spreading Dynamics Michele Garetto (Politecnico di Torino – Italy) Weibo Gong (University of Massachusetts – Amherst – MA) Don Towsley.

Modeling Malware Spreading Dynamics Michele Garetto (Politecnico di Torino – Italy) Weibo Gong (University of Massachusetts – Amherst – MA) Don Towsley.
Stopping computer viruses through dynamic immunization E. Shir, J.Goldenberg, Y. Shavitt, S. Solomon.

Stopping computer viruses through dynamic immunization E. Shir, J.Goldenberg, Y. Shavitt, S. Solomon.
School of Information University of Michigan Network resilience Lecture 20.

School of Information University of Michigan Network resilience Lecture 20.
Worm Origin Identification Using Random Moonwalks Yinglian Xie, V. Sekar, D. A. Maltz, M. K. Reiter, Hui Zhang 2005 IEEE Symposium on Security and Privacy.

Worm Origin Identification Using Random Moonwalks Yinglian Xie, V. Sekar, D. A. Maltz, M. K. Reiter, Hui Zhang 2005 IEEE Symposium on Security and Privacy.
4. PREFERENTIAL ATTACHMENT The rich gets richer. Empirical evidences Many large networks are scale free The degree distribution has a power-law behavior.

4. PREFERENTIAL ATTACHMENT The rich gets richer. Empirical evidences Many large networks are scale free The degree distribution has a power-law behavior.
Weighted networks: analysis, modeling A. Barrat, LPT, Université Paris-Sud, France M. Barthélemy (CEA, France) R. Pastor-Satorras (Barcelona, Spain) A.

Weighted networks: analysis, modeling A. Barrat, LPT, Université Paris-Sud, France M. Barthélemy (CEA, France) R. Pastor-Satorras (Barcelona, Spain) A.
Emergence of Scaling in Random Networks Barabasi & Albert Science, 1999 Routing map of the internet

Emergence of Scaling in Random Networks Barabasi & Albert Science, 1999 Routing map of the internet
Networks. Graphs (undirected, unweighted) has a set of vertices V has a set of undirected, unweighted edges E graph G = (V, E), where.

Networks. Graphs (undirected, unweighted) has a set of vertices V has a set of undirected, unweighted edges E graph G = (V, E), where.
The Barabási-Albert [BA] model (1999) ER Model Look at the distribution of degrees ER ModelWS Model actorspower grid www The probability of finding a highly.

The Barabási-Albert [BA] model (1999) ER Model Look at the distribution of degrees ER ModelWS Model actorspower grid www The probability of finding a highly.
1 Epidemic Spreading in Real Networks: an Eigenvalue Viewpoint Yang Wang Deepayan Chakrabarti Chenxi Wang Christos Faloutsos.

1 Epidemic Spreading in Real Networks: an Eigenvalue Viewpoint Yang Wang Deepayan Chakrabarti Chenxi Wang Christos Faloutsos.
Modeling the spread of active worms Zesheng Chen, Lixin Gao, and Kevin Kwiat bearhsu - INFOCOM 2003.

Modeling the spread of active worms Zesheng Chen, Lixin Gao, and Kevin Kwiat bearhsu - INFOCOM 2003.
Copyright Silicon Defense 2003. Worm Overview Stuart Staniford Silicon Defense www.silicondefense.com.

Copyright Silicon Defense Worm Overview Stuart Staniford Silicon Defense
The Topology of Covert Conflict Shishir Nagaraja, Ross Anderson Cambridge University.

The Topology of Covert Conflict Shishir Nagaraja, Ross Anderson Cambridge University.
Worm Defense. Outline  Internet Quarantine: Requirements for Containing Self-Propagating Code  Netbait: a Distributed Worm Detection Service  Midgard.

Worm Defense. Outline  Internet Quarantine: Requirements for Containing Self-Propagating Code  Netbait: a Distributed Worm Detection Service  Midgard.
1 Algorithms for Large Data Sets Ziv Bar-Yossef Lecture 7 May 14, 2006

1 Algorithms for Large Data Sets Ziv Bar-Yossef Lecture 7 May 14, 2006
Error and Attack Tolerance of Complex Networks Albert, Jeong, Barabási (presented by Walfredo)

Error and Attack Tolerance of Complex Networks Albert, Jeong, Barabási (presented by Walfredo)

Similar presentations

Ads by Google