quarantine-worm03-speakdraft

quarantine-worm03-speakdraft - Slide#1 Hi my name is Cliff...

Info iconThis preview shows pages 1–3. Sign up to view the full content.

View Full Document Right Arrow Icon
Slide #1: Hi, my name is Cliff Zou. I will talk about our work on worm modeling and analysis under dynamic quarantine defense. Slide #2: First, the motivation. In recent years, fast spreading worms, such as Code Red, Nimda, Slammer, and Blaster, have created serious challenge and security threats to our Internet. These worms spread out very quickly, infected most vulnerable hosts before people took any actions. The SQL Slammer was a super fast worm that infected 90% of vulnerable SQL servers on the whole Internet within just 10 minutes. For these fast- spreading worms, human’s manual counteractions cannot match with worm’s speed. Automatic mitigation is the only way to defend them. However, current automatic mitigation has the problem that the false alarm cost is too high. For unknown worms, automatic mitigation relies on anomaly detection, and anomaly detection systems usually have problem of high false alarm rate. In addition, traditional quarantine is a dramatic action, changing from no quarantine at all to quarantine a whole network for a long time until security staffs finish inspection. Because human’s response is much slower than machine time, many healthy hosts will be quarantined for too long time and the false alarm cost is too high. Slide #3: When we study automatic mitigation, we think that since Internet worms are very similar to epidemic diseases in the real world, why can’t we learn from the experiences in real-world epidemic disease control, such as SARS incident in this summer? After study, we find out that people have used two quarantine principles in epidemic disease control. Principle #1, “preemptive quarantine”. In other words, the principle is “assuming guilty before proven innocent”. For example, during this summer, if a patient in Hong Kong exhibits fever symptom, the patient will immediately be quarantined, even though maybe the patient only has 1% probability to be infected by SARS virus. Principle #2, “feedback adjustment”. People will take more aggressive quarantine actions when they anticipate that the epidemic is more serious, the disease is more infectious. For anther example of SARS, during the summer, if a patient in US exhibits fever symptom, the patient will not be quarantined. But, if at that time, US had the same epidemic situation as in Hong Kong or Beijing, the patient will probably be quarantined immediately. It means that in real-world epidemic control, quarantine action is not just
Background image of page 1

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
based on disease symptom; it is largely based on people’s anticipation of the epidemic situation. In this way, the epidemic disease control is in fact a feedback system. The SARS incident in this summer has proven that these two principles are effective and necessary in controlling contagious diseases. Slide #4:
Background image of page 2
Image of page 3
This is the end of the preview. Sign up to access the rest of the document.

Page1 / 6

quarantine-worm03-speakdraft - Slide#1 Hi my name is Cliff...

This preview shows document pages 1 - 3. Sign up to view the full document.

View Full Document Right Arrow Icon
Ask a homework question - tutors are online