Presentation is loading. Please wait.

Presentation is loading. Please wait.

Is There a Role for Modeling and Simulation in this New Battlespace? Bernard P. Zeigler Professor of Electrical and Computer Engineering, University of.

Published byEunice Barnett Modified over 8 years ago

Similar presentations

Presentation on theme: "Is There a Role for Modeling and Simulation in this New Battlespace? Bernard P. Zeigler Professor of Electrical and Computer Engineering, University of."— Presentation transcript:

1 Is There a Role for Modeling and Simulation in this New Battlespace? Bernard P. Zeigler Professor of Electrical and Computer Engineering, University of Arizona, Tucson Director, Arizona Center for Integrative Modeling and Simulation Consultant to NGIT and JITC Information Security, Virus Propagation and Countermeasures:

2 Computer Viruses – how bad is the problem? Fact: The “I Love You” virus spread twice as fast as Melissa in its first ten hours affected 70% of US companies cost between $100 million and $1billion Conclusion: computer viruses can do great harm to our economic and military infrastructures need countermeasures and conversely, could be a way to attack an adversary

3 A New Battlespace – information warfare Modeling and simulation has proven its worth in the conventional battlespace Is there a Role for Modeling and Simulation in the new battlespace? How do we start thinking about this issue? Information Security, Virus Propagation and Countermeasures

4 M&S in the New Battlespace Computer modeling and simulation has been used in the conventional battlespace for: –understanding combat in the battle field –weapons and systems design –test and evaluation –training –many other uses How can we use M&S for modeling the new “battlefield” ? –how do viruses spread? –how to detect them? –how to neutralize them?

5 Computer vs Natural Viruses –Are computer viruses like bio viruses? –How far does this common analogy stretch? –Does a computer get “sick” like a person? –Did the “love” virus infect computers and spread like Asian flu infects a population?

6 Recent Case In Point: MyDoom Incident Report from ECE Network Administrator: There is a fast moving virus called MyDoom going around. Like many viruses this one will pick an e-mail address from the infected system and use it in the From: field of the virus infected message it sends out. If your e-mail address is found on an infected system you will likely get a message from the mail server that your mail wasn't delivered. This would indicate that someone you have an association with has the virus. Sophos now has the signature to catch this virus and we will be pushing out the updates tonight and tomorrow. There are likely to be a few infected systems in ECE and we will be conducting network scans tomorrow. The virus comes as an attachment; you will probably have a significant number of these messages by tomorrow. Just delete them and you are safe – needs to be opened to propagate

7 Mode of Viral Transmission infected computer infected computer mail server address book infected computer infected computer from a to x from b to x from c to x user opens attachment c b a Antiviral countermeasures: spread word to recognize and not to open attachment add signature to anti-viral software scan LANs and disinfect turn systems off and reboot

8 Spread of Infection Through Internet Topology of spread – neigbors are addresses in client’s addressbook

9 Detecting Presence of Virus Normal email behavior Abnormal email behavior Professor Salim Hariri is developing capability to detect and neutralize viruses using agent-based software technology over the Internet “termperature” Elevated Activity Level

10 control plane data plane Network Architectures of the Future, e.g. GigBE will allow built-in virus detection and eradication

11 packet time marker wave spreading virus sentinel source (orange) and sink (green) slowing up of marker wave trigger counter- measure spreading anti-virus restoration of infected cells

12 normal infected antiviral packet wave behavior infect infection spread anti revert anti-viral propagation ping infect anti ping revert infect ping cell type/signalpinginfectanti normal infectedanti-virus infectedno effect anti-virus no effect Viral and Antiviral Behavior

13 sentinel periodically generate packets\ flood sourcesink detect travel time exceeds threshold ping anti Sentinel Based Viral Detection

14 Virus Propagation Model Demonstration

15 Virus Propagation and Countermeasures Design: A New Paradigm Develop models for information network protection applicable to new high speed infrastructure networks such as DoD’s GIG- BE. Currently, there are few theories and models of virus propagation in large scale networks and design of effective counter-measures – a notable exception: Prof. Hariri and DARPA A framework for virus and anti-virus propagation and interaction has been developed in the Discrete Event Systems Specification (DEVS) formalism and implemented in the DEVSJAVA modeling and simulation environment. A notional design for detecting virus propagation and launching countermeasures has been implemented. Continue with the development of the framework, research feasible mechanisms for implementation in network hardware and software and test and evaluate them through more refined simulation.

16 Summary Interesting analogies and dis-analogies between natural and artificial virus propagation Need formal simulation-based methodology to characterize viral behaviors and countermeasures Current popular network simulators are too unwieldy to support this research and development The new paradigm discussed here can!

17 More Information on M&S www.acims.arizona.edu

Download ppt "Is There a Role for Modeling and Simulation in this New Battlespace? Bernard P. Zeigler Professor of Electrical and Computer Engineering, University of."

Similar presentations

Security Administration Tools and Practices Amit Bhan Usable Privacy and Security.

Security Administration Tools and Practices Amit Bhan Usable Privacy and Security.
Modeling Malware Spreading Dynamics Michele Garetto (Politecnico di Torino – Italy) Weibo Gong (University of Massachusetts – Amherst – MA) Don Towsley.

Modeling Malware Spreading Dynamics Michele Garetto (Politecnico di Torino – Italy) Weibo Gong (University of Massachusetts – Amherst – MA) Don Towsley.
Computer Viruses and Worms* *Referred to slides by Dragan Lojpur, Zhu Fang at Florida State University.

Computer Viruses and Worms* *Referred to slides by Dragan Lojpur, Zhu Fang at Florida State University.
NCS welcome all participants on behalf of Quick Heal Anti Virus and Fortinet Firewall solution.

NCS welcome all participants on behalf of Quick Heal Anti Virus and Fortinet Firewall solution.
DEVS-Based Simulation Web Services for Net-Centric T&E Saurabh Mittal, Ph.D. Jose L. Risco-Martin*, Ph.D. Bernard P. Zeigler, Ph.D. Arizona Center for.

DEVS-Based Simulation Web Services for Net-Centric T&E Saurabh Mittal, Ph.D. Jose L. Risco-Martin*, Ph.D. Bernard P. Zeigler, Ph.D. Arizona Center for.
Web Servers Security: What You Should Know. The World Wide Web (WWW) is one of the best ways to develop an e-commerce business presence and interact with.

Web Servers Security: What You Should Know. The World Wide Web (WWW) is one of the best ways to develop an e-commerce business presence and interact with.
Lesson 14-Desktop Protection. Overview Protect against malicious code. Use the Internet. Protect against physical tampering.

Lesson 14-Desktop Protection. Overview Protect against malicious code. Use the Internet. Protect against physical tampering.
Protecting Yourself Online. VIRUSES, TROJANS, & WORMS Computer viruses are the common cold of modern technology. One e-mail in every 200 containing.

Protecting Yourself Online. VIRUSES, TROJANS, & WORMS Computer viruses are the "common cold" of modern technology. One in every 200 containing.
Viruses and Spyware. What is a Virus? A virus can be defined as a computer program that can reproduce by changing other programs to include a copy of.

Viruses and Spyware. What is a Virus? A virus can be defined as a computer program that can reproduce by changing other programs to include a copy of.
1 Networking and Security: Connecting Computers and Keeping Them Safe from Hackers and Viruses Networking fundamentals Network architecture Network components.

1 Networking and Security: Connecting Computers and Keeping Them Safe from Hackers and Viruses Networking fundamentals Network architecture Network components.
Internet Quarantine: Requirements for Containing Self-Propagating Code David Moore et. al. University of California, San Diego.

Internet Quarantine: Requirements for Containing Self-Propagating Code David Moore et. al. University of California, San Diego.
Lesson 10 – SECURING YOUR NETWORK Security devices Internal security External security Viruses and other malicious software OVERVIEW.

Lesson 10 – SECURING YOUR NETWORK Security devices Internal security External security Viruses and other malicious software OVERVIEW.
Computer Viruses and Worms Dragan Lojpur Zhu Fang.

Computer Viruses and Worms Dragan Lojpur Zhu Fang.
Internet Relay Chat Security Issues By Kelvin Lau and Ming Li.

Internet Relay Chat Security Issues By Kelvin Lau and Ming Li.
By:Tanvi lotliker TE COMPUTER

By:Tanvi lotliker TE COMPUTER
1 Email Worm Modeling and Defense Cliff C. Zou, Don Towsley, Weibo Gong Univ. Massachusetts, Amherst.

1 Worm Modeling and Defense Cliff C. Zou, Don Towsley, Weibo Gong Univ. Massachusetts, Amherst.
SEC835 Database and Web application security Information Security Architecture.

SEC835 Database and Web application security Information Security Architecture.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Basic Security Networking for Home and Small Businesses – Chapter 8.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Basic Security Networking for Home and Small Businesses – Chapter 8.
Network and Internet Security SYSTEM SECURITY. Virus Countermeasures Antivirus approach ◦Ideal solution: Prevention ◦Not allowing the virus to infect.

Network and Internet Security SYSTEM SECURITY. Virus Countermeasures Antivirus approach ◦Ideal solution: Prevention ◦Not allowing the virus to infect.
Life in a Dangerous World: Developing effective strategies against Virus, Worms and Other Threats Marshall Breeding Vanderbilt University

Life in a Dangerous World: Developing effective strategies against Virus, Worms and Other Threats Marshall Breeding Vanderbilt University

Similar presentations

Ads by Google