Code Red Worm Propagation Modeling and Analysis Zou, Gong, & Towsley Michael E. Locasto March 4, 2003 Paper # 46.

Slides:

Advertisements

Similar presentations

Sigurnost računala i podataka

Advertisements

Computer Viruses and Worms* *Referred to slides by Dragan Lojpur, Zhu Fang at Florida State University.

1 Routing Worm: A Fast, Selective Attack Worm based on IP Address Information Cliff C. Zou, Don Towsley, Weibo Gong, Songlin Cai Univ. Massachusetts, Amherst.

RUMORS: How can they work ? Summer School Math Biology, 2007 Nuno & Sebastian.

 Population: N=100,000  Scan rate  = 4000/sec, Initially infected: I 0 =10  Monitored IP space 2 20, Monitoring interval:  = 1 second Infected hosts.

 Well-publicized worms  Worm propagation curve  Scanning strategies (uniform, permutation, hitlist, subnet) 1.

1 Epidemic Spreading in Real Networks: an Eigenvalue Viewpoint Yang Wang Deepayan Chakrabarti Chenxi Wang Christos Faloutsos.

Modeling the spread of active worms Zesheng Chen, Lixin Gao, and Kevin Kwiat bearhsu - INFOCOM 2003.

Internet Quarantine: Requirements for Containing Self- Propagating Code David Moore, Colleen Shannon, Geoffrey M. Voelker, Stefan Savage.

Computer Viruses and Worms By Rafael Albuernes What is a Virus? What is a Virus? What is a Worm? What is a Worm? Types of Infections Types of Infections.

Removing Spyware Cleaning Up Your Computer. Pin Point the Problem Is Your Computer Not Running Properly? Are You Sure That the Problem is Spyware? Observe.

Analyzing Cooperative Containment Of Fast Scanning Worms Jayanthkumar Kannan Joint work with Lakshminarayanan Subramanian, Ion Stoica, Randy Katz.

On the Effectiveness of Automatic Patching Milan Vojnović & Ayalvadi Ganesh Microsoft Research Cambridge, United Kingdom WORM’05, Fairfax, VA, USA, Nov.

1 The epidemic in a closed population Department of Mathematical Sciences The University of Liverpool U.K. Roger G. Bowers.

Network modeling of the Ebola Outbreak Ahmet Aksoy.

1 The Spread of the Sapphire/Slammer Worm D. Moore, V. Paxson, S. Savage, C. Shannon, S. Staniford, N. Weaver Presented by Stefan Birrer.

Internet Quarantine: Requirements for Containing Self-Propagating Code David Moore et. al. University of California, San Diego.

Is There a Role for Modeling and Simulation in this New Battlespace? Bernard P. Zeigler Professor of Electrical and Computer Engineering, University of.

Viruses, Worms and Spam Definitions Virus - unauthorized software, embedded in other programs and with the ability to propagate when the host program is.

Malware Spyware & Viruses Overview  What does it look like?  What is it?  How can you prevent it?  What can you do about it when you get it?

1 Worm Modeling and Defense Cliff C. Zou, Don Towsley, Weibo Gong Univ. Massachusetts, Amherst.

Virus & Anti-Virus Itthiwat Phiphopsukhawadee M.2/7 No.5 Saranpat Prasertthum M.2/7 No.17 Korakrit Laotrakul M.2/7 No.23 Pesan Kasemkitjanuwat M.2/7 No.25.

Internet Worms Brad Karp UCL Computer Science CS GZ03 / th December, 2007.

Emerging Infectious Disease: A Computational Multi-agent Model.

Spyware and Viruses Group 6 Magen Price, Candice Fitzgerald, & Brittnee Breze.

 The purpose of this report is to inform people that the spyware and virus threat is growing and what people can do to stop the spread of spyware and.

WHAT IS VIRUS? NAE GRAND CHALLENGE SECURE CYBERSPACE.

Active Worms CSE 4471: Information Security 1. Active Worm vs. Virus Active Worm –A program that propagates itself over a network, reproducing itself.

Modeling Botnets and Epidemic Malware Marco Ajelli, Renato Lo Cigno, Alberto Montresor DISI – University of Trento, Italy disi.unitn.it

1 How to 0wn the Internet in Your Spare Time Authors: Stuart Staniford, Vern Paxson, Nicholas Weaver Publication: Usenix Security Symposium, 2002 Presenter:

1 Modeling, Analysis, and Mitigation of Internet Worm Attacks Presenter: Cliff C. Zou Dept. of Electrical & Computer Engineering University of Massachusetts,

V5 Epidemics on networks

Computer project – computer virus 1D Christy Chan (9) Patricia Cheung (14)

1 Figure 4-16: Malicious Software (Malware) Malware: Malicious software Essentially an automated attack robot capable of doing much damage Usually target-of-opportunity.

Code Red Worm Propagation Modeling and Analysis Zou, Gong, & Towsley Michael E. Locasto March 21, 2003.

Code Red Worm Propagation Modeling and Analysis Cliff Changchun Zou, Weibo Gong, Don Towsley Univ. Massachusetts, Amherst.

Worms, Viruses, and Cascading Failures in networks D. Towsley U. Massachusetts Collaborators: W. Gong, C. Zou (UMass) A. Ganesh, L. Massoulie (Microsoft)

CODE RED WORM PROPAGATION MODELING AND ANALYSIS Cliff Changchun Zou, Weibo Gong, Don Towsley.

Code Red Worm Propagation Modeling and Analysis Cliff Changchun Zou, Weibo Gong, Don Towsley.

Directed-Graph Epidemiological Models of Computer Viruses Presented by: (Kelvin) Weiguo Jin “… (we) adapt the techniques of mathematical epidemiology to.

Modeling Worms: Two papers at Infocom 2003 Worms Programs that self propagate across the internet by exploiting the security flaws in widely used services.

1 Worm Propagation Modeling and Analysis under Dynamic Quarantine Defense Cliff C. Zou, Weibo Gong, Don Towsley Univ. Massachusetts, Amherst.

1 Modeling, Early Detection, and Mitigation of Internet Worm Attacks Cliff C. Zou Assistant professor School of Computer Science University of Central.

Malware Spyware & Viruses Overview  What does it look like?  What is it?  How can you prevent it?  What can you do about it when you get it?

Internet Quarantine: Requirements for Containing Self-Propagating Code David Moore, Colleen Shannon, Geoffrey M.Voelker, Stefan Savage University of California,

Epidemics Pedro Ribeiro de Andrade Gilberto Câmara.

1 On the Performance of Internet Worm Scanning Strategies Authors: Cliff C. Zou, Don Towsley, Weibo Gong Publication: Journal of Performance Evaluation,

Exact Modeling of Propagation for Permutation-Scanning Worms Parbati Kumar Manna, Shigang Chen, Sanjay Ranka INFOCOM’08.

L – Modelling and Simulating Social Systems with MATLAB © ETH Zürich | Lesson 3 – Dynamical Systems Anders Johansson and Wenjian.

SPYCE/May’04 coverage: A Cooperative Immunization System for an Untrusting Internet Kostas Anagnostakis University of Pennsylvania Joint work with: Michael.

Dynamics of Infectious Diseases. Using Lotka-Volterra equations? PredatorPrey VS.

1 On the Performance of Internet Worm Scanning Strategies Cliff C. Zou, Don Towsley, Weibo Gong Univ. Massachusetts, Amherst.

1 Modeling, Early Detection, and Mitigation of Internet Worm Attacks Cliff C. Zou Assistant professor School of Computer Science University of Central.

Class 21: Spreading Phenomena PartI

1 Monitoring and Early Warning for Internet Worms Cliff C. Zou, Lixin Gao, Weibo Gong, Don Towsley Univ. Massachusetts, Amherst.

1 Monitoring and Early Warning for Internet Worms Authors: Cliff C. Zou, Lixin Gao, Weibo Gong, Don Towsley Univ. Massachusetts, Amherst Publish: 10th.

1 Modeling and Measuring Botnets David Dagon, Wenke Lee Georgia Institute of Technology Cliff C. Zou Univ. of Central Florida Funded by NSF CyberTrust.

Biao Wang 1, Ge Chen 1, Luoyi Fu 1, Li Song 1, Xinbing Wang 1, Xue Liu 2 1 Shanghai Jiao Tong University 2 McGill University

@Yuan Xue Worm Attack Yuan Xue Fall 2012.

Internet Quarantine: Requirements for Containing Self-Propagating Code

Modeling and Measuring Botnets

Effective Social Network Quarantine with Minimal Isolation Costs

Research Progress Report

Modeling Botnet Propagation Using Time Zones

Brad Karp UCL Computer Science

Internet Worms: Reality or Hype

Modeling, Early Detection, and Mitigation of Internet Worm Attacks

Jonathan Griffin Andy Norman Jamie Twycross Matthew Williamson

Advisor: Frank,Yeong-Sung Lin Presented by Jia-Ling Pan

Introduction to Internet Worm

Presentation transcript:

Code Red Worm Propagation Modeling and Analysis Zou, Gong, & Towsley Michael E. Locasto March 4, 2003 Paper # 46

Overview Code Red incident data & impact epidemiology models –traditional (biological) infection models –two-factor worm model related work & questions –(Weaver & Sapphire)

Motivation Internet great medium for spreading malicious code –Code Red & Co. renew interest in worm studies Issues: –How to explain worm propagation curves? –What factors affect spreading behavior? –Can we generate a more accurate model?

Epidemic Models Deterministic vs. Stochastic –Simple epidemic model (paper #45) –general epidemic model (Kermack-Mckendrick add notion of removed hosts) good baseline, need to be adjusted to explain Internet worm data any model must be deterministic (b/c of scale)

Two-Factor Worm Model Two major factors affect worm spread: –dynamic human countermeasures anti-virus software cleaning patching firewall updates disconnect/shutdown –interference due to aggressive scanning Rate of infection (ß) is not constant

Two-Factor Worm Model (con) Two important restrictions: –consider only “continuously activated” worms –consider worms that propagate w/ort topology

Infection Statistics

Classic Simple Epidemic Model Model presented in paper 45 (classic simple epidemic model, k=1.8, k=BN) a(t) = J(t) / N (fraction of population infected) Wrong! (compare to last slide)

Simple Epidemic Model Math Variables: infected hosts (had virus at some point) = J(t) population size = N infection rate = ß(t) dJ(t)/dt = βJ(t)[N - J(t)]

Two-Factor Model Math dI(t)/dt = β(t)[N - R(t) - I(t) - Q(t)]I(t) - dR(t)/dt –S(t) = susceptible hosts –I(t) = infectious hosts –R(t) = removed hosts from I population –Q(t) = removed hosts from S population –J(t) = I(t) + R(t) –C(t) = R(t) + Q(t) –J(t) = I(t) + R(t) –N = population (I+R+Q+S)

Two-Factor Fit Take removed hosts from both S and I populations into account non-constant infection rate (decreases) fits well with observed data

Results Two-factor worm model –accurate model without topology constraints –explains exponential start & end drop off –identifies 2 critical factors in worm propagation Only 60% of CR targets infected