2016/3/13 1 Peer-to-peer system-based active worm attacks: Modeling, analysis and defense Wei Yu, Sriram Chellappan, Xun Wang, Dong Xuan Computer Communications.

Slides:



Advertisements
Similar presentations
Code-Red : a case study on the spread and victims of an Internet worm David Moore, Colleen Shannon, Jeffery Brown Jonghyun Kim.
Advertisements

Research Direction Introduction Advisor : Frank, Y.S. Lin Presented by Yu Pu Wu.
Worm Origin Identification Using Random Moonwalks Yinglian Xie, V. Sekar, D. A. Maltz, M. K. Reiter, Hui Zhang 2005 IEEE Symposium on Security and Privacy.
Simulation and Analysis of DDos Attacks Poongothai, M Department of Information Technology,Institute of Road and Transport Technology, Erode Tamilnadu,
 Well-publicized worms  Worm propagation curve  Scanning strategies (uniform, permutation, hitlist, subnet) 1.
1 Epidemic Spreading in Real Networks: an Eigenvalue Viewpoint Yang Wang Deepayan Chakrabarti Chenxi Wang Christos Faloutsos.
Modeling the spread of active worms Zesheng Chen, Lixin Gao, and Kevin Kwiat bearhsu - INFOCOM 2003.
Distributed Intrusion Detection Systems (dIDS) 2/10 CIS 610.
T H E O H I O S T A T E U N I V E R S I T Y Computer Science and Engineering 1 Wenjun Gu, Xiaole Bai, Sriram Chellappan and Dong Xuan Presented by Wenjun.
T H E O H I O S T A T E U N I V E R S I T Y Computer Science and Engineering Current Calendar Calendar Index Upcoming Speakers About... Artificial Intelligence.
An Authentication Service Against Dishonest Users in Mobile Ad Hoc Networks Edith Ngai, Michael R. Lyu, and Roland T. Chin IEEE Aerospace Conference, Big.
T H E O H I O S T A T E U N I V E R S I T Y Computer Science and Engineering T H E O H I O S T A T E U N I V E R S I T Y Computer Science and Engineering.
Analyzing Cooperative Containment Of Fast Scanning Worms Jayanthkumar Kannan Joint work with Lakshminarayanan Subramanian, Ion Stoica, Randy Katz.
Worm Defense. Outline  Internet Quarantine: Requirements for Containing Self-Propagating Code  Netbait: a Distributed Worm Detection Service  Midgard.
Modeling/Detecting the Spread of Active Worms Lixin Gao Dept. Of Electrical & Computer Engineering Univ. of Massachusetts
How to Own the Internet in your spare time Ashish Gupta Network Security April 2004.
Authors: Thomas Ristenpart, et at.
Internet Quarantine: Requirements for Containing Self-Propagating Code David Moore et. al. University of California, San Diego.
A Study on Mobile P2P Systems Hongyu Li. Outline  Introduction  Characteristics of P2P  Architecture  Mobile P2P Applications  Conclusion.
Active Worm and Its Defense1 CSE651: Network Security.
1 Worm Modeling and Defense Cliff C. Zou, Don Towsley, Weibo Gong Univ. Massachusetts, Amherst.
An Evaluation model of botnet based on peer to peer Gao Jian KangFeng ZHENG,YiXian Yang,XinXin Niu 2012 Fourth International Conference on Computational.
1 Reading Report 4 Yin Chen 26 Feb 2004 Reference: Peer-to-Peer Architecture Case Study: Gnutella Network, Matei Ruoeanu, In Int. Conf. on Peer-to-Peer.
A Framework for Hybrid Structure P2P Botnet Speakers:MA2G0207 bo rong,sue Source:IEEE.
T H E O H I O S T A T E U N I V E R S I T Y Computer Science and Engineering T H E O H I O S T A T E U N I V E R S I T Y Computer Science and Engineering.
WHAT IS VIRUS? NAE GRAND CHALLENGE SECURE CYBERSPACE.
1 How to 0wn the Internet in Your Spare Time Authors: Stuart Staniford, Vern Paxson, Nicholas Weaver Publication: Usenix Security Symposium, 2002 Presenter:
A Taxonomy of Computer Worms Nicholas Weaver, Vern Paxson, Stuart Staniford, and Robert Cunningham ACM WORM 2003 Speaker: Chang Huan Wu 2008/8/8.
Resisting Denial-of-Service Attacks Using Overlay Networks Ju Wang Advisor: Andrew A. Chien Department of Computer Science and Engineering, University.
How to Own the Internet in Your Spare Time (Stuart Staniford Vern Paxson Nicholas Weaver ) Giannis Kapantaidakis University of Crete CS558.
Detection Unknown Worms Using Randomness Check Computer and Communication Security Lab. Dept. of Computer Science and Engineering KOREA University Hyundo.
CODE RED WORM PROPAGATION MODELING AND ANALYSIS Cliff Changchun Zou, Weibo Gong, Don Towsley.
A Multifaceted Approach to Understanding the Botnet Phenomenon Authors : Moheeb Abu Rajab, Jay Zarfoss, Fabian Monrose, Andreas Terzis Computer Science.
An Analysis of Location-Hiding Using Overlay Networks Ju Wang and Andrew A. Chien Department of Computer Science and Engineering, University of California.
IEEE Communications Surveys & Tutorials 1st Quarter 2008.
1 Worm Propagation Modeling and Analysis under Dynamic Quarantine Defense Cliff C. Zou, Weibo Gong, Don Towsley Univ. Massachusetts, Amherst.
1 Modeling, Early Detection, and Mitigation of Internet Worm Attacks Cliff C. Zou Assistant professor School of Computer Science University of Central.
1 HoneyNets. 2 Introduction Definition of a Honeynet Concept of Data Capture and Data Control Generation I vs. Generation II Honeynets Description of.
1 On the Performance of Internet Worm Scanning Strategies Authors: Cliff C. Zou, Don Towsley, Weibo Gong Publication: Journal of Performance Evaluation,
Ad Hoc Network.
Search Worms, ACM Workshop on Recurring Malcode (WORM) 2006 N Provos, J McClain, K Wang Dhruv Sharma
Research Direction Advisor: Frank,Yeong-Sung Lin Presented by Jia-Ling Pan 2010/10/211NTUIM OPLAB.
A Case Study on Computer Worms Balaji Badam. Computer worms A self-propagating program on a network Types of Worms  Target Discovery  Carrier  Activation.
1 On the Performance of Internet Worm Scanning Strategies Cliff C. Zou, Don Towsley, Weibo Gong Univ. Massachusetts, Amherst.
1 Modeling, Early Detection, and Mitigation of Internet Worm Attacks Cliff C. Zou Assistant professor School of Computer Science University of Central.
1 Monitoring and Early Warning for Internet Worms Cliff C. Zou, Lixin Gao, Weibo Gong, Don Towsley Univ. Massachusetts, Amherst.
1 Monitoring and Early Warning for Internet Worms Authors: Cliff C. Zou, Lixin Gao, Weibo Gong, Don Towsley Univ. Massachusetts, Amherst Publish: 10th.
A Key Management Scheme for Distributed Sensor Networks Laurent Eschaenauer and Virgil D. Gligor.
1 Modeling and Measuring Botnets David Dagon, Wenke Lee Georgia Institute of Technology Cliff C. Zou Univ. of Central Florida Funded by NSF CyberTrust.
Speaker: Hom-Jay Hom Date:2009/10/20 Botnet Research Survey Zhaosheng Zhu. et al July 28-August
Volunteer-based Monitoring System Min Gyung Kang KAIST.
Research Direction Introduction Advisor : Frank, Y.S. Lin Presented by Yu Pu Wu.
Research Direction Introduction Advisor: Frank, Yeong-Sung Lin Presented by Hui-Yu, Chung 2011/11/22.
Presented by Yu-Shun Wang Advisor: Frank, Yeong-Sung Lin Near Optimal Defense Strategies to Minimize Attackers’ Success Probabilities for networks of Honeypots.
Exact Propagation Modeling of Permutation-Scanning Worms Parbati Kumar Manna Dr. Shigang Chen Dr. Sanjay Ranka University of Florida.
Sybil Attacks VS Identity Clone Attacks in Online Social Networks Lei Jin, Xuelian Long, Hassan Takabi, James B.D. Joshi School of Information Sciences.
SELF-DEFENDING NETWORK. CONTENTS Introduction What is Self Defending Network? Types of Network Attacks Structure of Self Defending Network Conclusion.
Epidemic Profiles and Defense of Scale-Free Networks L. Briesemeister, P. Lincoln, P. Porras Presented by Meltem Yıldırım CmpE
Internet Quarantine: Requirements for Containing Self-Propagating Code
Worm Origin Identification Using Random Moonwalks
                                                                                                            Network Decoupling for Secure Communications.
                                                                                                            Network Decoupling for Secure Communications.
A Distributed DoS in Action
Research Progress Report
Modeling Botnet Propagation Using Time Zones
Modeling, Early Detection, and Mitigation of Internet Worm Attacks
CSE551: Introduction to Information Security
Advisor: Frank,Yeong-Sung Lin Presented by Jia-Ling Pan
Introduction to Internet Worm
Dong Xuan*, Sriram Chellappan*, Xun Wang* and Shengquan Wang+
Presentation transcript:

2016/3/13 1 Peer-to-peer system-based active worm attacks: Modeling, analysis and defense Wei Yu, Sriram Chellappan, Xun Wang, Dong Xuan Computer Communications 31 (2008)

2 2016/3/13 Outlines Introduction Modeling P2P-based active worm attacks Analyzing P2P-based active worm attacks Defending against P2P-based active worm attacks Performance evaluation Final remarks

Introduction Automatically propagate themselves and compromise hosts in the Internet. Traditional worms predominantly adopt the random- based scan approach to propagate. A more powerful worm attack strategy is the hit-list strategy, which collects a list of IP addresses prior to the attack to improve success rate of infection. P2P systems can be a potential vehicle for the attacker /3/13

Modeling P2P-based active worm attacks In general, there are two stages in an active worm attack: (1) scanning the network to select victim hosts; (2) infecting the victim after discovering its vulnerability. Pure Random Scan (PRS)  Only 24% of addresses in the Internet space are used /3/13

Offline P2P-based hit-list scan (OPHLS) The attacker collects IP address information of the P2P system offline. We denote this as the hit-list of the attacker. After obtaining the hit-list,, there are two phases of attack model: First, all newly infected hosts continuously attack the hit-list until all hosts in the hit-list have been scanned (called the P2P system attack phase). In the second phase, all infected hosts continue to attack the Internet via PRS /3/13

Online P2P-based scan (OPS) The host immediately launches the attack on its P2P neighbors as a high priority (using 60% of its attack capability), and attack the rest of the Internet with its remaining capability (40%) via PRS. Note that there are two types of P2P systems: structured and unstructured.  In the OPHLS model, it is the same in both types of systems, since the attacker predetermines the hit-list before attacks.  In the OPS model, the number of neighbors is quite different /3/13

Model parameters (1) P2P system size:  A Super-P2P system.  The size is the total number of users, denoted as m. The remaining hosts are a part of the Non-P2P system. (2) P2P structured/unstructured topology:  Structured: all P2P nodes maintain the similar number of neighbors (average topology degree is ).  Unstructured: is the mean value of topology degree, is a constant for a given, and denotes the power law degree /3/13

8

9

Analyzing P2P-based active worm attacks In the OPHLS attack model, Recursive formulas: /3/13

Analyzing P2P-based active worm attacks In the OPS attack model, /3/13

Defending against P2P-based active worm attacks Defense framework:  Control center: it can be a system deployed node, or a stable P2P node itself.  A number of volunteer defense hosts: worm detection and response.  Threshold-based and trend-based worm detection schemes.  Threshold-based scheme: simple and easy to apply,but high false alarm rates /3/13

Performance evaluation  SYS:  ATT:, where OPSS & OPUS: the Online P2P-based scan attack model for the structured and unstructured P2P system.  DE:, where WB: denotes results obtained using simulations for the which one attack model. D: Trend-based detection (D1), Threshold-based detection(D2) /3/13

Worm Attack Performance Comparision of All Attack Models /3/13

The Sensitivity of Attack Performance to P2P System Size /3/13

The Sensitivity of Attack Performance to P2P Topology Degree /3/13 OPSS(degree #)

The Sensitivity of Attack Performance to P2P Host Vulnerability /3/13

The Sensitivity of Defense Performance to Different Attack Models /3/13

Sensitivity of Detection Time to Defense Host Ratio /3/13

Sensitivity of Detection Time to Defense Region Size /3/13 The defense region size g denotes a region with a group of P2P defense hosts within g P2P hops from the region leader.

Region False Alarm Rate vs. Host False Alarm Rate /3/13

Final remarks P2P systems are gaining rapid popularity in the Internet. We believe that P2P-based active worm attacks are very dangerous threats for rapid worm propagation and infection. Model and analyze P2P-based active worm propagation. Design effective defense strategies against them. An offline P2P-based hit-list attack model (OPHLS) and an online P2P-based attack model (OPS) /3/13

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.