worm-CliffZou - Modeling,Analysis,andMitigation...

Info iconThis preview shows pages 1–9. Sign up to view the full content.

View Full Document Right Arrow Icon
1 Modeling, Analysis, and Mitigation  of Internet Worm Attacks   Presenter:     Cliff C. Zou Dept. of Electrical & Computer Engineering University of Massachusetts, Amherst Advisor: Weibo Gong, Don Towsley Joint work with Don Towsley, Weibo Gong, Lixin Gao, and Songlin Cai
Background image of page 1

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
2 Outline Introduction of epidemic models Two-factor worm model Early detection and monitoring Feedback dynamic quarantine defense Routing worm: a fast, selective attack worm Worm scanning strategies Summary and future work
Background image of page 2
3 Epidemic Model —         Simple Epidemic Model Infectious I Susceptible S contact # of contacts        I   ×   S Simple epidemic model for fixed  population homogeneous system: 0 100 200 300 400 500 600 0 0.5 1 1.5 2 2.5 3 3.5 x 10 5 I(t) susceptible infectious # of susceptible :   # of hosts # of infectious infection ability t
Background image of page 3

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
4 Epidemic Model —   Kermack-McKendrick   Model State transition:           : # of removed from infectious            : removal rate       Epidemic threshold theorem : No  outbreak  happens if susceptible infectious removed 0 10 20 30 40 1 2 3 4 5 6 7 8 9 x 10 5 γ =0 γ = β N/16 γ = β N/4 γ = β N/2 t where :   epidemic threshold
Background image of page 4
5 Outline Introduction of epidemic models Two-factor worm model Early detection and monitoring Feedback dynamic quarantine defense Routing worm: a fast, selective attack worm Worm scanning strategies Summary and future work
Background image of page 5

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
6 Internet Worm Modeling —  Consider Human Countermeasures Human countermeasures:  Clean and patch: download cleaning program, patches. Filter: put filters on firewalls, gateways. Disconnect computers. Reasons for: Suppress most new viruses/worms from outbreak.  Eliminate virulent viruses/worms eventually. Removal of both  susceptible  and  infectious  hosts. susceptible infectious removed
Background image of page 6
7 Internet Worm Modeling —    Two-Factor Worm Model Factor #2:   Network congestion   Large amount of scan traffic. Most scan packets with unused IP addresses ( 30% BGP routable) Effect: slowing down of worm infection ability  Two-factor worm  model (extended from KM model):           : Slowed down infection ability due to congestion          : removal from susceptible hosts.                   :from infectious
Background image of page 7

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
8 Verification of the  Two-Factor Worm Model Conclusion:  Simple epidemic model overestimates a worm’s propagation At beginning, we can ignore these two factors.
Background image of page 8
Image of page 9
This is the end of the preview. Sign up to access the rest of the document.

Page1 / 46

worm-CliffZou - Modeling,Analysis,andMitigation...

This preview shows document pages 1 - 9. Sign up to view the full document.

View Full Document Right Arrow Icon
Ask a homework question - tutors are online