Modeling Malware Spreading Dynamics Michele Garetto (Politecnico di Torino – Italy) Weibo Gong (University of Massachusetts – Amherst – MA) Don Towsley.

Slides:



Advertisements
Similar presentations
Complex Networks Advanced Computer Networks: Part1.
Advertisements

TOPDRIM: Update WP2 March 2013 Rick Quax, Peter M.A. Sloot.
August 16, 2014 Modeling the Performance of Wireless Sensor Networks Carla Fabiana Chiasserini Michele Garetto Telecommunication Networks Group Politecnico.
1 Analysis of Random Mobility Models with PDE's Michele Garetto Emilio Leonardi Politecnico di Torino Italy MobiHoc Firenze.
Scale Free Networks.
‘Small World’ Networks (An Introduction) Presenter : Vishal Asthana
1 Intrusion Monitoring of Malicious Routing Behavior Poornima Balasubramanyam Karl Levitt Computer Security Laboratory Department of Computer Science UCDavis.
SOCELLBOT: A New Botnet Design to Infect Smartphones via Online Social Networking th IEEE Canadian Conference on Electrical and Computer Engineering(CCECE)
It’s a Small World by Jamie Luo. Introduction Small World Networks and their place in Network Theory An application of a 1D small world network to model.
Stopping computer viruses through dynamic immunization E. Shir, J.Goldenberg, Y. Shavitt, S. Solomon.
School of Information University of Michigan Network resilience Lecture 20.
Information Networks Small World Networks Lecture 5.
Farnoush Banaei-Kashani and Cyrus Shahabi Criticality-based Analysis and Design of Unstructured P2P Networks as “ Complex Systems ” Mohammad Al-Rifai.
Topology Generation Suat Mercan. 2 Outline Motivation Topology Characterization Levels of Topology Modeling Techniques Types of Topology Generators.
Networks. Graphs (undirected, unweighted) has a set of vertices V has a set of undirected, unweighted edges E graph G = (V, E), where.
Small Worlds Presented by Geetha Akula For the Faculty of Department of Computer Science, CALSTATE LA. On 8 th June 07.
Presentation Topic : Modeling Human Vaccinating Behaviors On a Disease Diffusion Network PhD Student : Shang XIA Supervisor : Prof. Jiming LIU Department.
Networks FIAS Summer School 6th August 2008 Complex Networks 1.
1 Epidemic Spreading in Real Networks: an Eigenvalue Viewpoint Yang Wang Deepayan Chakrabarti Chenxi Wang Christos Faloutsos.
1 Data Persistence in Large-scale Sensor Networks with Decentralized Fountain Codes Yunfeng Lin, Ben Liang, Baochun Li INFOCOM 2007.
Parallel Routing Bruce, Chiu-Wing Sham. Overview Background Routing in parallel computers Routing in hypercube network –Bit-fixing routing algorithm –Randomized.
1 Efficient Retrieval of User Contents in MANETs Marco Fiore, Claudio Casetti, Carla-Fabiana Chiasserini Dipartimento di Elettronica, Politecnico di Torino,
Advanced Topics in Data Mining Special focus: Social Networks.
Simulation Models as a Research Method Professor Alexander Settles.
On Distinguishing between Internet Power Law B Bu and Towsley Infocom 2002 Presented by.
Correctness of Gossip-Based Membership under Message Loss Maxim Gurevich, Idit Keidar Technion.
Information Networks Power Laws and Network Models Lecture 3.
Epidemic spreading in complex networks: from populations to the Internet Maziar Nekovee, BT Research Y. Moreno, A. Paceco (U. Zaragoza) A. Vespignani (LPT-
1 Worm Modeling and Defense Cliff C. Zou, Don Towsley, Weibo Gong Univ. Massachusetts, Amherst.
Mean Field Methods for Computer and Communication Systems Jean-Yves Le Boudec EPFL ACCESS Distinguished Lecture Series, Stockholm, May 28,
Author: M.E.J. Newman Presenter: Guoliang Liu Date:5/4/2012.
Small-world networks. What is it? Everyone talks about the small world phenomenon, but truly what is it? There are three landmark papers: Stanley Milgram.
Energy-Aware Scheduling with Quality of Surveillance Guarantee in Wireless Sensor Networks Jaehoon Jeong, Sarah Sharafkandi and David H.C. Du Dept. of.
Code Red Worm Propagation Modeling and Analysis Cliff Changchun Zou, Weibo Gong, Don Towsley Univ. Massachusetts, Amherst.
CODE RED WORM PROPAGATION MODELING AND ANALYSIS Cliff Changchun Zou, Weibo Gong, Don Towsley.
Code Red Worm Propagation Modeling and Analysis Cliff Changchun Zou, Weibo Gong, Don Towsley.
Directed-Graph Epidemiological Models of Computer Viruses Presented by: (Kelvin) Weiguo Jin “… (we) adapt the techniques of mathematical epidemiology to.
CCAN: Cache-based CAN Using the Small World Model Shanghai Jiaotong University Internet Computing R&D Center.
A Graph-based Friend Recommendation System Using Genetic Algorithm
Distributed Monitoring and Aggregation in Wireless Sensor Networks INFOCOM 2010 Changlei Liu and Guohong Cao Speaker: Wun-Cheng Li.
Aemen Lodhi (Georgia Tech) Amogh Dhamdhere (CAIDA)
Gennaro Cordasco - How Much Independent Should Individual Contacts be to Form a Small-World? - 19/12/2006 How Much Independent Should Individual Contacts.
Social Network Analysis Prof. Dr. Daning Hu Department of Informatics University of Zurich Mar 5th, 2013.
E PIDEMIC SPREADING Speaker: Ao Weng Chon Advisor: Kwang-Cheng Chen 1.
1 Performance Analysis of the Distributed Coordination Function under Sporadic Traffic joint work with C.-F. Chiasserini (Politecnico di Torino)
Analyzing the Vulnerability of Superpeer Networks Against Attack Niloy Ganguly Department of Computer Science & Engineering Indian Institute of Technology,
Dynamics of Malicious Software in the Internet
Yongqin Gao, Greg Madey Computer Science & Engineering Department University of Notre Dame © Copyright 2002~2003 by Serendip Gao, all rights reserved.
1 On the Performance of Internet Worm Scanning Strategies Authors: Cliff C. Zou, Don Towsley, Weibo Gong Publication: Journal of Performance Evaluation,
Class 9: Barabasi-Albert Model-Part I
Most of contents are provided by the website Network Models TJTSD66: Advanced Topics in Social Media (Social.
1 On the Performance of Internet Worm Scanning Strategies Cliff C. Zou, Don Towsley, Weibo Gong Univ. Massachusetts, Amherst.
1 Friends and Neighbors on the Web Presentation for Web Information Retrieval Bruno Lepri.
Speaker : Yu-Hui Chen Authors : Dinuka A. Soysa, Denis Guangyin Chen, Oscar C. Au, and Amine Bermak From : 2013 IEEE Symposium on Computational Intelligence.
Biao Wang 1, Ge Chen 1, Luoyi Fu 1, Li Song 1, Xinbing Wang 1, Xue Liu 2 1 Shanghai Jiao Tong University 2 McGill University
Mean Field Methods for Computer and Communication Systems Jean-Yves Le Boudec EPFL Network Science Workshop Hong Kong July
Cmpe 588- Modeling of Internet Emergence of Scale-Free Network with Chaotic Units Pulin Gong, Cees van Leeuwen by Oya Ünlü Instructor: Haluk Bingöl.
Epidemic Profiles and Defense of Scale-Free Networks L. Briesemeister, P. Lincoln, P. Porras Presented by Meltem Yıldırım CmpE
Routing Protocols to Maximize Battery Efficiency
Structures of Networks
Hiroki Sayama NECSI Summer School 2008 Week 2: Complex Systems Modeling and Networks Network Models Hiroki Sayama
Peer-to-Peer and Social Networks
Infocom April 26, Anchorage AK, USA
Recovering Temporally Rewiring Networks: A Model-based Approach
The Watts-Strogatz model
Department of Computer Science University of York
Topology and Dynamics of Complex Networks
Global mean-first-passage time of random walks on Vicsek fractals
Computer Systems Performance Evaluation
Advanced Topics in Data Mining Special focus: Social Networks
Presentation transcript:

Modeling Malware Spreading Dynamics Michele Garetto (Politecnico di Torino – Italy) Weibo Gong (University of Massachusetts – Amherst – MA) Don Towsley (University of Massachusetts – Amherst – MA) INFOCOM 2003

2 Outline Motivation Modeling framework Interactive Markov Chains Analysis and simulation of malware propagation dynamics Percolation problem Transient behavior Conclusions

3 Motivation The Internet is an easy and powerful mechanism for propagating malicious software programs : the “ malware ” ( viruses, worms, …) It is expected that future malware acitivity will be more prevalent and virulent, resulting in significant greater damage and economic losses

4 Motivation Dynamics of malware propagation are still not well understood We would like to:  Predict the temporal evolution of an infection process that starts propagating on a network  Design and evaluate effective countermeasures  Assess the defensibility and vulnerability of different network architectures Need to develop mathematical methodologies that are able capture the spreading characteristics of malware

5 Our contribution A flexible modeling framework based on Interactive Markov Chains, able to capture the probabilistic nature of malware propagation Application of such framework to the case of viruses: Identification of a “percolation problem” Investigation of the impact of the underlying network topology Analytical bounds and approximations validated through extensive simulations

6 The “Interactive Markov Chain” (IMC) Modeling Framework  Global network structure... alert failednormal Local Structure (can vary from node to node) secureinsecureemergency  Each node is represented by a Markov chain, whose state transitions are influenced by the status of its neighbors but locally a Markov chain Global Structure (the network)

7 Computational complexity issue  The whole system evolves according to a global Markov chain G, whose state space dimension ( #G ) is equal to the product of the local chain dimensions ( #L )  G =  L N  The solution of the global Markov chain is feasible only for small systems example: - 20 nodes - binary status (0 = not infected, 1 = infected)  2 20 states !

8 How can we study very large systems (thousands of nodes) ?  Discrete event simulations of the model  how many runs ? how long ?  could be computationally too expensive  do not help to understand the system dynamics  Analytical bounds and approximations  quick prediction of the system behavior  gross-level approximations can be sufficient  provide insights into the inner dynamics

9 The virus propagates as attachment to messages Requires human assistance  random time elapses before the recipient reads the message  the “click” probability  The virus makes use of the recipient’s address book to send copies of itself virus propagation

10 We consider the network graph induced by address books Each node stands for an address Edges represent social or business relationships The resulting graph is expected to have “small world” properties:  small characteristic path length  high clustering coefficient IMC model : global structure

11 IMC model : local structure 3 statuses for each node: S (Susceptible): the node can be infected by the virus I (Infected): the node has been infected by the virus M (Immune): the node can no more be infected by the virus Discrete time model probability that node “j” is susceptible at time k probability that node “j” is infected at time k probability that node “j” is immune at time k

12 IMC model i j w ij IM S cjcj 1-c j

13 Virus propagation model  The numerical solution of the system requires to know the joint probabilities of neighboring nodes: ?

14 Fundamental questions about malware propagation dynamics: Virus propagation model  What is the final size of the infection outbreak ?  How many nodes (on average) will be reached by the virus at the end ?  How fast is the malware propagation ?  What is the (average) number of infected node as a function of time ?

15 The “small-world” model of Watts and Strogatz A ring lattice with additional random shortcuts Parameters: N = number of nodes S = number of shortcuts (  = shortcuts density) k = lattice connectivity (number of neighbors on each side of a node) N = 24 S = 4 k = 3

16 What is the final size of the infection outbreak ? Not all of the susceptible nodes necessarily receive a copy of the virus !  site percolation problem (node occupation probability = click probability)

17 Site percolation problem on the small world graph: exact asymptotic result [Moore, Newman 2000]

18 Transient analysis of an infection process : Bounds Probability that a node has been reached by the virus Lower bound property of joint probabilities Upper bound theory of Associated Random Variables

19 Analytical bounds Average number of infected nodes time sim upper bound lower bound  Infinite unidimentional lattice k = 1 k = 10 k = 100 (click probability = 1) 1

20 Transient analysis of an infection process : approximation  Linear mixing of lower bound and upper bound k = local connectivity of the node s = self-influence probability

21 Fitting of mixing coefficient M(k,s) Infinite unidimentional lattice

22 Approximate analysis on the small world graph: the impact of topology Average number of infected nodes time model approx simulation k = 10 no shortcuts k = 10 2 shortcuts k ~ geom(10) no shortcuts k = shortcuts Fully-connected graph (2000 nodes - click probability = 1)

23 Combining transient analysis and percolation on general topologies  Probability not to be reached by the virus = initial immunization  overestimate of the spreading rate of the virus  Upper bound of the reaching probability on general topologies:  Global upper bound for the infection process

Average number of infected nodes time simulation model approx + bound perc Transient analysis and percolation on power-law random graphs nodes GLP algorithm (Bu 2002) power-law node degree, small-world properties (click probability = 0.5) m = initial connectivity m = 1 m = 2 m = 4 One initially infected node with degree 10

25 Conclusions We have proposed an analytical framework to study the dynamics of malware propagation on a network We have obtained useful bounds and approximations to study an infection process on a general topology Approach suitable to analyze a wide range of “dynamic interactions on networks” (routing protocols, p2p,…)

26 The End Thanks…

27 Site percolation on a given small-world graph Reaching probability node index sim upper bound - h = 0 upper bound - h = 8 approximation lower bound - h = 8 lower bound - h = 0

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.