The Coral Project: Defending against Large-scale Attacks on the Internet. Chenxi Wang
|
|
- Muriel Caldwell
- 5 years ago
- Views:
Transcription
1 1 The Coral Project: Defending against Large-scale Attacks on the Internet Chenxi Wang
2 The Motivation 2 Computer viruses and worms are a prevalent threat Slammer worm infected 90% of the vulnerable hosts within 10 minutes Existing defenses are local (e.g., scanning) like curing a contagious disease in one patient Global and coordinated defenses like prevention of a contagious spread in a population
3 The Coral Project 3 Objective: Developing global defense mechanisms against propagation of viruses and worms Approach Understanding the global behaviors New defenses
4 Understanding Propagation Behaviors 4 Infection topology Random scanning vs. application-level Saturation time How fast does it spread? Epidemic conditions Why some infections take off while others don t? Effect of containment/patching strategies Containment deployment Prioritized patching/immunization?
5 Background Epidemiological Models 5 Susceptible Population Topology: G=(V,E) Birth rate β (on every edge e) Curing rate δ (on every node v) Average connections α Deterministic time evolution of infection density η t dη t dt = βαη (1 η ) t t δη t Birth term Death term
6 Background Epidemiological Models 6 infection evolution infection dens worm virus Time β = 0.5, α = 2, worm (δ = 0), virus (δ = 0.3)
7 Propagation Topology 7 Random Scanning Worms Close to homogeneous viruses/worms Power law social network, p(k) = k -γ Skewed distribution [Faloutsos 01]: Internet observes a power-law topology
8 Homogeneous vs. Power-law 8 Number of Infected Nodes Time α = 2 Simulation δ/β = 0.8 Model δ/β = 0.8 Simulation δ/β = 1.6 Model δ/β = 1.6 Simulation δ/β = 2.4 Model δ/β = 2.4 Simulation on the Oregon data shows discrepancy with the homogeneous model
9 9 Our Work: Topology-neutral Epidemic Model = + + = = :neighbor 1,,, 1, 2 1, 1,, 1,,, ) (1 ) (1 ) (1 1 j t j t k t k t i t k t i t k t i t i i t i t p p p p p p β ζ ζ δ ζ δ ζ η ζ k,t : probability a k-linked node will NOT receive infections p i,t : probability node i is infected at time t Epidemic Spreading: An Eigenvalue Viewpoint, Wang, Chakrabarti, Wang, Faloutsos, 2003 Symposium of Reliable and Distributed Systems. SRDS 03
10 Evaluation (homogeneous) Number of Infected N α = Time β = 0.2; δ = 0.24 β = 0.2; δ = 0.48 β = 0.2; δ = 0.72 Simulation Simulation Simulation Our Model Our Model Our Model hm Model hm Model hm Model 1000-node homogeneous network hm model Our model Simulation
11 Evaluation (power-law) 11 Number of Infected Nodes Time δ = 0.08 Simulation Our Model SV Model Real-world node Oregon network SV model Our model Simulation Equal or outperform predictions by models for specific topologies
12 Understanding Propagation Behaviors 12 Infection topology Random scanning vs. application-level Saturation time How fast does it spread? Epidemic conditions Why some infections take off while others don t? Effect of containment/patching strategies Containment deployment Prioritized patching/immunization?
13 Epidemic Threshold 13 Epidemic threshold τ predicts the condition for epidemic spreading If β/δ > τ, epidemic ensues If β/δ < τ, infection dies out Well known thresholds τ = 1/ α, for homogeneous network [kephart and white 91] τ 0, for infinite power-law graph [Pastor-Satorras 02] τ = α / α 2 for finite power-law graph [Pastor-Satorras 02] What is the threshold for an arbitrary topology?
14 Epidemic threshold 14 Epidemic threshold condition: τ = 1/ λ 1,A where λ 1,A is the largest eigenvalue of the adjacency matrix A of the topology Epidemic Spreading: An Eigenvalue Viewpoint 2003 Symposium of Reliable and Distributed Systems. SRDS 03
15 Epidemic Threshold Condition 15 [sufficiency]: If β/δ > τ = 1/ λ 1,A, the infection will die out over time, irrespective of initial infection size. [necessity]: If infection probability of each node 0 as t, β/δ < τ = 1/ λ 1,A must be true λ 1,A = α for homogeneous networks, τ = 1/ α λ 1,A = for infinite powerlaw graphs, τ = 0 λ 1,A α/ α 2 for finite powerlaw graphs, τ α 2 /α
16 Oregon 10900: τ = 0.017; δ c = Threshold Prediction in Action (Oregon) 16 Number of Infected Nodes Time δ: Oregon β = β/δ = 0.02 (above) β/δ = (at the threshold) β/δ = (below
17 Threshold Prediction in Action 17 Number of Infected Nodes β/δ = 0.08(below) Time δ: Star 100: τ = ; δ c = Star β= β/δ = 0.4 (above) β/δ = 0.2 (above) β/δ = (close)
18 Our Prediction vs. Previous Predictions 18 SV Our SV Our β/δ Oregon β/δ Star
19 Eigenvalue Threshold: Intuition 19 Eigenvalues for matrix A A X = λ X A t λ 1 t C Graph theory intuitions Eigenvalues correspond to size of clusters and the connectivity Stronger connections, larger clusters larger eigenvalues Larger eigenvalues: smaller threshold easier to spread
20 More about the Threshold Number of Infected Nodes Time δ: Below the threshold, the epidemic dies out exponentially Star 100 node: τ = ; δ = Phase transition behavior at the threshold Model β= 0.01
21 Understanding Propagation Behaviors 21 Infection topology Random scanning vs. application-level Saturation time How fast does it spread? Epidemic conditions Why some infections take off while others don t? Effect of containment/patching strategies Containment deployment Prioritized patching/immunization?
22 Patching and Immunization 22 Patch/immunization: fix host vulnerabilities
23 Prioritized Patching Strategy? 23 Eigen Nodes Increase the threshold Graph cutting minimum nodes so that the largest connected component is at most size k
24 Containment Deployment 24 Containment Slows down the malicious spread, buys time for heavy weight schemes [Williamson02] limits outgoing IP [Williamson03] limits addresses [Zhen04] limits outgoing IP for nodes with large failed connections Containment Deployment Strategies How many? Where? Dynamic Quarantine of Internet Worms 2004 Dependable Systems and Networks (DSN 04).
25 Deployment Strategy Study 25 Where would you deploy Rate Limiting (RL)? Hub node Leaf nodes
26 Star Topology Example 26 50% RL significantly more effective at the hub node
27 Deployment Strategy on the Internet 27 End hosts Edge routers Backbone routers
28 Worm Spread Model 28 dη t dt = βαη (1 η ) t t Birth term D η t = where λ=βα
29 End Host Rate Limiting 29 Gives the model for end host q: percentage rate limited β 1 : Normal contact rate β 2 Limited contact rate η t = RL on end host yields a linear slow down
30 End Host Rate Limiting 30 50%
31 Edge Router Rate Limiting 31 Random Propagation worms (RP) The worm connects to randomly generated IP addresses Every node in the network has an equal chance of being infected Local-Preferential worms (LPP) Worm generates local addresses with higher probability Propagates much faster locally before it infects remote machines
32 RP and LPP worms across subnets 32 50% Rate limiting for LPP is less effective across subnets
33 Backbone Rate Limiting 33 50% η t =
34 Simulation Evaluation 34 Network Simulator 2 (NS-2) based simulations Experiments conducted on a 1000 node power law graph Similar to AS topology Generated by BRITE Simulations begin with a random set of infected hosts
35 Simulations of Rate Limiting (RP) 35 50% RL at backbone routers renders a significant slowdown
36 Simulations of RL (LLP worms) 36 50% Local preferential worms spread quicker than RP worms
37 Simulations of Edge Router RL 37 50% RL for random propagation worms performs slightly better
38 Recap 38 Rate limiting on individual hosts Achieves linear slowdown Edge router rate limiting Achieves linear slowdown Backbone router rate limiting Near exponential slow down
39 Ongoing Work Worm Defenses Infected Host Behavior (sobig) All outgoing TCP flows All successful SMTP flows All failed SMTP conn. attempts Outgoing TCP flows Days A Study of Mass-mailing Worms 2004 Workshop of Rapid Malcode (WORM 04)
40 Worm Defenses Average Distinct IPs for Infected Clients (SoBig) All distinct IPs SMTP succ. conn. distinct IPs SMTP failed. conn. distinctips Number of distinct IPs Days
41 Worm Defenses 41 Williamson s throttling Pro: Effective against random scanning worms Con: Less so against application-level worms (e.g., worms) Con: Need majority participation Williamson s rate limiting Implemented on mail servers Con: worms with SMTP engines not affected Zhen rate limiting based on failed connection [Zhen2004] Pro: Effective against random scanning worms Con: Do not work against application-level worms
42 Worm Defenses 42 Hypothesis: containment based on DNS traffic? Random scanning worms have no DNS translations worms do, majority MX lookups New containment vantage point DNS server + Edge router?
43 SoBig DNS Behavior SMTP new DNS entries All TCP new DNS entries SMTP DNS refreshes All TCP DNS refreshes TCP flows Days
44 SoBig: Mail Server DNS Behavior SMTP new entries All TCP new entries SMTP refreshes All TCP refreshes 3500 TCP flows Days
45 SoBig: Normal Client DNS Behavior Average DNS Translations for Normal Clients (SoBig) SMTP new DNS entries All TCP new DNS entries SMTP DNS refreshes All TCP DNS refreshes TCP flows Days
46 Overall Flows Overall successful TCP flows (sobig) All successful SMTP flows All successful HTTP flows All successful flows TCP flows Days
47 Recap 47 worms induce large number of DNS MX lookups Hypothesis two stage rate limiting: Rate limit MX lookups (DNS server) Rate limit outgoing connections w/o DNS translations (edge router)
48 Open Research Questions 48 Rate limit within the network core How? Performance concerns? Optimal patching strategy Universal algorithm for arbitrary graphs? Alternative rate limit strategies? MX lookups? Connections w/o DNS translations? Connection patterns source to destination?
49 The Coral Project 49 CMU (ECE, CS, CERT, EPP), Symantec, Akamai John McHugh
50 Contact info 50 Chenxi Wang
Data mining --- mining graphs
Data mining --- mining graphs University of South Florida Xiaoning Qian Today s Lecture 1. Complex networks 2. Graph representation for networks 3. Markov chain 4. Viral propagation 5. Google s PageRank
More informationA Firewall Network System for Worm Defense in Enterprise Networks
1 A Firewall Network System for Worm Defense in Enterprise Networks Cliff C. Zou, Don Towsley, Weibo Gong {czou,gong}@ecs.umass.edu, towsley@cs.umass.edu Univ. Massachusetts, Amherst Technical Report:
More informationWorm Detection, Early Warning and Response Based on Local Victim Information
Worm Detection, Early Warning and Response Based on Local Victim Information Guofei Gu, Monirul Sharif, Xinzhou Qin, David Dagon, Wenke Lee, and George Riley Georgia Institute of Technology ACSAC'04 1
More informationECS 289 / MAE 298, Lecture 15 Mar 2, Diffusion, Cascades and Influence, Part II
ECS 289 / MAE 298, Lecture 15 Mar 2, 2011 Diffusion, Cascades and Influence, Part II Diffusion and cascades in networks (Nodes in one of two states) Viruses (human and computer) contact processes epidemic
More informationModels and Algorithms for Network Immunization
Models and Algorithms for Network Immunization George Giakkoupis University of Toronto Aristides Gionis, Evimaria Terzi and Panayiotis Tsaparas University of Helsinki Abstract Recently, there has been
More informationOn Instant Messaging Worms, Analysis and Countermeasures
COMP 4108 Presentation - Sept 20, 2005 On Instant Messaging Worms, Analysis and Countermeasures Mohammad Mannan School of Computer Science Carleton University, Canada Goals of this talk Discuss a few IM
More informationVery Fast Containment of Scanning Worms. Nicholas Weaver, Stuart Staniford, Vern Paxson ICSI, Nevis Networks, ICSI & LBNL
Very Fast Containment of Scanning Worms Nicholas Weaver, Stuart Staniford, Vern Paxson ICSI, Nevis Networks, ICSI & LBNL 1 Outline Worm Containment Scan Suppression Hardware Implementation Cooperation
More informationCS224W: Social and Information Network Analysis Jure Leskovec, Stanford University
CS224W: Social and Information Network Analysis Jure Leskovec, Stanford University http://cs224w.stanford.edu Setting from the last class: AB-A : gets a AB-B : gets b AB-AB : gets max(a, b) Also: Cost
More informationComputer and Network Security
CIS 551 / TCOM 401 Computer and Network Security Spring 2009 Lecture 5 Announcements First project: Due: 6 Feb. 2009 at 11:59 p.m. http://www.cis.upenn.edu/~cis551/project1.html Group project: 2 or 3 students
More informationMalware Research at SMU. Tom Chen SMU
Malware Research at SMU Tom Chen SMU tchen@engr.smu.edu www.engr.smu.edu/~tchen Outline About SMU and Me Virus Research Lab Early Worm Detection Epidemic Modeling New Research Interests TC/BT/11-5-04 SMU
More informationWednesday, March 8, Complex Networks. Presenter: Jirakhom Ruttanavakul. CS 790R, University of Nevada, Reno
Wednesday, March 8, 2006 Complex Networks Presenter: Jirakhom Ruttanavakul CS 790R, University of Nevada, Reno Presented Papers Emergence of scaling in random networks, Barabási & Bonabeau (2003) Scale-free
More informationSpatial-Temporal Modeling of Malware Propagation in Networks
Spatial-Temporal Modeling of Malware Propagation in Networks Zesheng Chen, Student Member, IEEE, and Chuanyi Ji, Member, IEEE Abstract Network security is an important task of network management. One threat
More informationSymantec Client Security. Integrated protection for network and remote clients.
Symantec Client Security Integrated protection for network and remote clients. Complex Internet threats require comprehensive security. Today's complex threats require comprehensive security solutions
More informationSYMANTEC ENTERPRISE SECURITY. Symantec Internet Security Threat Report September 2005 Power and Energy Industry Data Sheet
SYMANTEC ENTERPRISE SECURITY Symantec Internet Security Threat Report September 00 Power and Energy Industry Data Sheet An important note about these statistics The statistics discussed in this document
More informationVasileios Vlachos, Eirini Kalliamvakou and Diomidis Spinellis Athens University of Economics and Business. 11th Panhellenic Conference on Informatics
Simulating Bandwidth-Limited Worms, One Graph to Rule Them All? Vasileios Vlachos, Eirini Kalliamvakou and Diomidis Spinellis Athens University of Economics and Business Rapid Malcode Is rapid malcode
More informationCSCI5070 Advanced Topics in Social Computing
CSCI5070 Advanced Topics in Social Computing Irwin King The Chinese University of Hong Kong king@cse.cuhk.edu.hk!! 2012 All Rights Reserved. Outline Scale-Free Networks Generation Properties Analysis Dynamic
More informationComputer Security. Solutions
Computer Security Solutions What is the Problem? In general, the security issues we are trying to prevent include: illegal or unwanted access to your computer access to your personal information loss or
More informationModeling of Complex Social. MATH 800 Fall 2011
Modeling of Complex Social Systems MATH 800 Fall 2011 Complex SocialSystems A systemis a set of elements and relationships A complex system is a system whose behavior cannot be easily or intuitively predicted
More information1 Introduction. Russia
Modeling of open network reliability including the Internet based on the theory of percolation in two - dimensional and three-dimensional regular and random network structures D. Zhukov 1, S. Lesko 1,
More informationPlan of the lecture I. INTRODUCTION II. DYNAMICAL PROCESSES. I. Networks: definitions, statistical characterization, examples II. Modeling frameworks
Plan of the lecture I. INTRODUCTION I. Networks: definitions, statistical characterization, examples II. Modeling frameworks II. DYNAMICAL PROCESSES I. Resilience, vulnerability II. Random walks III. Epidemic
More informationFast Detection of Scanning Worm Infections
ast Detection of canning Worm Infections Jaeyeon Jung Arthur W. Berger MIT CAIL Harvard DEA This work is sponsored by the Department of Defense under the Air orce Contract 19628-00-C-0002. Opinions, interpretations,
More informationOn the Effectiveness of Distributed Worm Monitoring
On the Effectiveness of Distributed Worm Monitoring Moheeb Abu Rajab Fabian Monrose Andreas Terzis Computer Science Department Johns Hopkins University 1 Monitoring Internet Threats Threat monitoring techniques:
More informationRS (REINFECTION & SELF START) ANALYSIS ON THE PROPAGATED MALWARE
RS (REINFECTION & SELF START) ANALYSIS ON THE PROPAGATED EMAIL MALWARE Reshma Sharafudeen M.Tech, Department of Computer Science & Engineering, Lourdes Matha College of Science & Technology, Kerala, India
More informationSecurity: Worms. Presenter: AJ Fink Nov. 4, 2004
Security: Worms Presenter: AJ Fink Nov. 4, 2004 1 It s a War Out There 2 Analogy between Biological and Computational Mechanisms The spread of self-replicating program within computer systems is just like
More informationInternet Security: Firewall
Internet Security: Firewall What is a Firewall firewall = wall to protect against fire propagation More like a moat around a medieval castle restricts entry to carefully controlled points restricts exits
More informationComparison of Firewall, Intrusion Prevention and Antivirus Technologies
Comparison of Firewall, Intrusion Prevention and Antivirus Technologies (How each protects the network) Dr. Gaurav Kumar Jain Email: gaurav.rinkujain.jain@gmail.com Mr. Pradeep Sharma Mukul Verma Abstract
More informationCERIAS Tech Report
CERIAS Tech Report 24-35 IMPACT OF NETWORK DESIGN ON WORM PROPAGATION by Brian Carrier and Sundararaman Jeyaraman and Sarah Sellke Center for Education and Research in Information Assurance and Security,
More informationMicroscopic Simulation of a Group Defense Strategy
Microscopic Simulation of a Group Defense Strategy Linda Briesemeister and Phillip Porras SRI International, 333 Ravenswood Ave., Menlo Park, CA 9425 first.lastname@sri.com Abstract We introduce a novel
More informationOn the Effectiveness of Rate Limiting Mechanisms
On the Effectiveness of Rate Limiting Mechanisms Cynthia Wong, Stan Bielski, Ahren Studer, Chenxi Wang CMU-PDL--13 March 2 Parallel Data Laboratory Carnegie Mellon University Pittsburgh, PA 1213-389 Abstract
More informationImpact of Clustering on Epidemics in Random Networks
Impact of Clustering on Epidemics in Random Networks Joint work with Marc Lelarge INRIA-ENS 8 March 2012 Coupechoux - Lelarge (INRIA-ENS) Epidemics in Random Networks 8 March 2012 1 / 19 Outline 1 Introduction
More informationANALYZE AND PREVENT MODERN MALWARE PROPAGATION USING SEII MODEL S. Sneha*, P. Swapna
ISSN: 0976-3104 SPECIAL ISSUE: (Emerging Technologies in Networking and Security (ETNS) Sneha and Swapna ARTICLE OPEN ACCESS ANALYZE AND PREVENT MODERN EMAIL MALWARE PROPAGATION USING SEII MODEL S. Sneha*,
More informationA Self-Learning Worm Using Importance Scanning
A Self-Learning Worm Using Importance Scanning Zesheng Chen and Chuanyi Ji Communication Networks and Machine Learning Group School of Electrical and Computer Engineering Georgia Institute of Technology,
More informationM.E.J. Newman: Models of the Small World
A Review Adaptive Informatics Research Centre Helsinki University of Technology November 7, 2007 Vocabulary N number of nodes of the graph l average distance between nodes D diameter of the graph d is
More informationTowards Better Definitions and Measures of Internet Security
Towards Better Definitions and Measures of Internet Security The Harvard community has made this article openly available. Please share how this access benefits you. Your story matters Citation Aspnes,
More informationSimulating Internet Worms
Simulating Internet Worms George F. Riley 1 Monirul I. Sharif 2 Wenke Lee 2 1 Department of Electrical and Computer Engineering Georgia Institute of Technology Atlanta, GA 3332-25 riley@ece.gatech.edu
More informationCharacterizing the Power of Moving Target Defense via Cyber Epidemic Dynamics
Characterizing the Power of Moving Target Defense via Cyber Epidemic Dynamics Yujuan Han Wenlian Lu Shouhuai Xu Fudan U & UTSA Fudan U & U Warwick UTSA HotSoS 14 Moving Target Defense (MTD) MTD is believed
More informationNetwork protection against worms and cascading failures using modularity partitioning
Network protection against worms and cascading failures using modularity partitioning Jasmina Omić Network Architectures and Services Delft University of Technology Delft, Netherlands Email: J.Omic@tudelft.nl
More informationOur Narrow Focus Computer Networking Security Vulnerabilities. Outline Part II
Our Narrow Focus 15-441 15-441 Computer Networking 15-641 Lecture 22 Security: DOS Peter Steenkiste Fall 2016 www.cs.cmu.edu/~prs/15-441-f16 Yes: Creating a secure channel for communication (Part I) Protecting
More informationThe monitoring and early detection of Internet worms
University of Massachusetts Amherst From the SelectedWorks of Lixin Gao January, 5 The monitoring and early detection of Internet worms CC Zou WB Gong D Towsley LX Gao Available at: https://works.bepress.com/lixin_gao/4/
More informationTopology and Dynamics of Complex Networks
CS 790R Seminar Modeling & Simulation Topology and Dynamics of Complex Networks ~ Lecture 3: Review based on Strogatz (2001), Barabási & Bonabeau (2003), Wang, X. F. (2002) ~ René Doursat Department of
More informationImportance-Scanning Worm Using Vulnerable-Host Distribution
Importance-Scanning Worm Using Vulnerable-Host Distribution Zesheng Chen and Chuanyi Ji School of Electrical & Computer Engineering Georgia Institute of Technology, Atlanta, Georgia 333 Email: {zchen,
More informationW is a Firewall. Internet Security: Firewall. W a Firewall can Do. firewall = wall to protect against fire propagation
W is a Firewall firewall = wall to protect against fire propagation Internet Security: Firewall More like a moat around a medieval castle restricts entry to carefully controlled points restricts exits
More informationYubin Li Florida International University. Zesheng Chen Florida International University. Chao Chen Indiana University Purdue University Fort Wayne
Yubin Li Florida International University Zesheng Chen Florida International University Chao Chen Indiana University Purdue University Fort Wayne Background and motivations Mathematical model Simulation
More informationINSIDE. Symantec AntiVirus for Microsoft Internet Security and Acceleration (ISA) Server. Enhanced virus protection for Web and SMTP traffic
Virus Protection & Content Filtering TECHNOLOGY BRIEF Symantec AntiVirus for Microsoft Internet Security and Acceleration (ISA) Server Enhanced virus protection for Web and SMTP traffic INSIDE The need
More informationModeling Epidemic Spreading in Mobile Environments
Modeling Epidemic Spreading in Mobile Environments James W. Mickens and Brian D. Noble EECS Department, University of Michigan Ann Arbor, MI, 4813 jmickens,bnoble@eecs.umich.edu ABSTRACT The growing popularity
More informationTowards Blocking Outgoing Malicious Impostor s
Towards Blocking Outgoing Malicious Impostor Emails Erhan J. Kartaltepe Shouhuai Xu Department of Computer Science, University of Texas at San Antonio {ekartalt,shxu}@cs.utsa.edu Abstract Electronic mails
More informationEXECUTIVE REPORT 20 / 12 / 2006
EXECUTIVE REPORT 20 / 12 / 2006 1 Executive summary Audit start date Audit end date 07 / 09 / 2006 19:12 08/ 09 / 2006 09:34 Licenses contracted: 300 Computers audited: 161 items scanned: 703499 Computers
More informationThe Evolving Threat of Internet Worms
The Evolving Threat of Internet Worms Jose Nazario, Arbor Networks Why Worm Based Intrusions Relative ease Write once, run everywhere promise can come true Penetration Right past firewalls
More informationINITIAL STUDIES ON WORM PROPAGATION IN MANETS FOR FUTURE ARMY COMBAT SYSTEMS. Robert G. Cole JHU Applied Physics Laboratory Laurel, MD, 20723
INITIAL STUDIES ON WORM PROPAGATION IN MANETS FOR FUTURE ARMY COMBAT SYSTEMS Robert G. Cole JHU Applied Physics Laboratory Laurel, MD, 20723 31 September 2004 ABSTRACT This study presents an analysis of
More informationOn the Development of an Internetwork-centric Defense for Scanning Worms
On the Development of an Internetwork-centric Defense for Scanning Worms Scott E. Coull Johns Hopkins University Baltimore, MD 118 coulls@cs.jhu.edu Boleslaw K. Szymanski Rensselaer Polytechnic Institute
More informationTopologies and Centralities of Replied Networks on Bulletin Board Systems
Topologies and Centralities of Replied Networks on Bulletin Board Systems Qin Sen 1,2 Dai Guanzhong 2 Wang Lin 2 Fan Ming 2 1 Hangzhou Dianzi University, School of Sciences, Hangzhou, 310018, China 2 Northwestern
More informationSmall-World Models and Network Growth Models. Anastassia Semjonova Roman Tekhov
Small-World Models and Network Growth Models Anastassia Semjonova Roman Tekhov Small world 6 billion small world? 1960s Stanley Milgram Six degree of separation Small world effect Motivation Not only friends:
More informationDemand-Aware Content Distribution
Demand-Aware Content Distribution Srinivas Shakkottai Texas A&M University Hybrid content distribution High level idea: Use P2P dissemination to assist traditional clientserver methods, e.g., content delivery
More informationMitigating Outgoing Spam, DoS/DDoS Attacks and Other Security Threats
Solution Brief Mitigating Outgoing Spam, DoS/DDoS Attacks and Other Security Threats 2006 Allot Communications Ltd. Allot Communications, NetEnforcer and the Allot logo are registered trademarks of Allot
More informationHow Chicken Little sees the Internet
How Chicken Little sees the Internet Why Chicken Little is a naïve optimist Imagine the following species: Poor genetic diversity; heavily inbred Lives in hot zone ; thriving ecosystem of infectious pathogens
More informationScott Philips, Edward Kao, Michael Yee and Christian Anderson. Graph Exploitation Symposium August 9 th 2011
Activity-Based Community Detection Scott Philips, Edward Kao, Michael Yee and Christian Anderson Graph Exploitation Symposium August 9 th 2011 23-1 This work is sponsored by the Office of Naval Research
More informationAn Epidemic Theoretic Framework for Vulnerability Analysis of Broadcast Protocols in Wireless Sensor Networks
An Epidemic Theoretic Framework for Vulnerability Analysis of Broadcast Protocols in Wireless Sensor Networks Pradip De, Yonghe Liu, and Sajal K. Das Center for Research in Wireless Mobility and Networking(CReWMaN)
More informationA Closed-Form Expression for Static Worm-Scanning Strategies
A Closed-Form Expression for Static Worm-Scanning Strategies Zesheng Chen Department of Electrical & Computer Engineering Florida International University Miami, FL 7 zchen@fiu.edu Chao Chen Department
More informationTools for Large Graph Mining
Tools for Large Graph Mining by Deepayan Chakrabarti Submitted to the Center for Automated Learning and Discovery in partial fulfillment of the requirements for the degree of Doctor of Philosophy at Carnegie
More informationTopic mash II: assortativity, resilience, link prediction CS224W
Topic mash II: assortativity, resilience, link prediction CS224W Outline Node vs. edge percolation Resilience of randomly vs. preferentially grown networks Resilience in real-world networks network resilience
More informationTrashing the Internet Commons: Implications for ISPs. Geoff Huston Presentation to NZNOG 04 January 2004
Trashing the Internet Commons: Implications for ISPs Geoff Huston Presentation to NZNOG 04 January 2004 Acknowledgement is given to Bernard Aboba and the Internet Architecture Board, where some of this
More informationUsing Centralized Security Reporting
This chapter contains the following sections: Centralized Email Reporting Overview, on page 1 Setting Up Centralized Email Reporting, on page 2 Working with Email Report Data, on page 4 Understanding the
More informationArtificial Immune System against Viral Attack
Artificial Immune System against Viral Attack Hyungjoon Lee 1, Wonil Kim 2*, and Manpyo Hong 1 1 Digital Vaccine Lab, G,raduated School of Information and Communication Ajou University, Suwon, Republic
More informationPhase Transitions in Random Graphs- Outbreak of Epidemics to Network Robustness and fragility
Phase Transitions in Random Graphs- Outbreak of Epidemics to Network Robustness and fragility Mayukh Nilay Khan May 13, 2010 Abstract Inspired by empirical studies researchers have tried to model various
More informationComplex Networks: Ubiquity, Importance and Implications. Alessandro Vespignani
Contribution : 2005 NAE Frontiers of Engineering Complex Networks: Ubiquity, Importance and Implications Alessandro Vespignani School of Informatics and Department of Physics, Indiana University, USA 1
More informationNetwork Environments in AnyLogic. Nathaniel Osgood Agent-Based Modeling Bootcamp for Health Researchers
Network Environments in AnyLogic Nathaniel Osgood Agent-Based Modeling Bootcamp for Health Researchers August 23, 2011 Hands on Model Use Ahead Load model: Network Modification of SIR AB The Environment
More informationMET: An Experimental System for Malicious Tracking
MET: An Experimental System for Malicious Email Tracking Manasi Bhattacharyya, Matthew G. Schultz, Eleazar Eskin, Shlomo Hershkop, and Salvatore J. Stolfo Department of Computer Science, Columbia University
More informationUTM 5000 WannaCry Technote
UTM 5000 WannaCry Technote The news is full of reports of the massive ransomware infection caused by WannaCry. Although these security threats are pervasive, and ransomware has been around for a decade,
More informationQuick Review of Graphs
COMP 102: Excursions in Computer Science Lecture 11: Graphs Instructor: (jpineau@cs.mcgill.ca) Class web page: www.cs.mcgill.ca/~jpineau/comp102 Quick Review of Graphs A graph is an abstract representation
More informationCisco IOS Inline Intrusion Prevention System (IPS)
Cisco IOS Inline Intrusion Prevention System (IPS) This data sheet provides an overview of the Cisco IOS Intrusion Prevention System (IPS) solution. Product Overview In today s business environment, network
More informationGraph Exploitation Testbed
Graph Exploitation Testbed Peter Jones and Eric Robinson Graph Exploitation Symposium April 18, 2012 This work was sponsored by the Office of Naval Research under Air Force Contract FA8721-05-C-0002. Opinions,
More informationSNA 8: network resilience. Lada Adamic
SNA 8: network resilience Lada Adamic Outline Node vs. edge percolation Resilience of randomly vs. preferentially grown networks Resilience in real-world networks network resilience Q: If a given fraction
More informationLecture 6: Worms, Viruses and DoS attacks. II. Relationships between Biological diseases and Computers Viruses/Worms
CS 4740/6740 Network Security Feb. 09, 2011 Lecturer: Ravi Sundaram I. Worms and Viruses Lecture 6: Worms, Viruses and DoS attacks 1. Worms They are self-spreading They enter mostly thru some security
More informationFailure in Complex Social Networks
Journal of Mathematical Sociology, 33:64 68, 2009 Copyright # Taylor & Francis Group, LLC ISSN: 0022-250X print/1545-5874 online DOI: 10.1080/00222500802536988 Failure in Complex Social Networks Damon
More informationImmunization for complex network based on the effective degree of vertex
Immunization for complex network based on the effective degree of vertex Ke Hu and Yi Tang * Department of Physics and Institute of Modern Physics, Xiangtan University, Xiangtan 411105, Hunan, China The
More informationDefense-in-Depth Against Malicious Software. Speaker name Title Group Microsoft Corporation
Defense-in-Depth Against Malicious Software Speaker name Title Group Microsoft Corporation Agenda Understanding the Characteristics of Malicious Software Malware Defense-in-Depth Malware Defense for Client
More informationCS 425 / ECE 428 Distributed Systems Fall 2015
CS 425 / ECE 428 Distributed Systems Fall 2015 Indranil Gupta (Indy) Sep 24, 2015 Lecture 10: Gossiping All slides IG Multicast Fault-tolerance and Scalability Needs: 1. Reliability (Atomicity) 100% receipt
More informationFour Grand Challenges in Trustworthy Computing
Overview Four Grand Challenges in Trustworthy Computing Reformatted from the presentation created and given by Dr. Gene Spafford, Purdue University. CS 6204 Spring 2005 2 Why Grand Challenges? Inspire
More informationPrevx 3.0 v Product Overview - Core Functionality. April, includes overviews of. MyPrevx, Prevx 3.0 Enterprise,
Prevx 3.0 v3.0.1.65 Product Overview - Core Functionality April, 2009 includes overviews of MyPrevx, Prevx 3.0 Enterprise, and Prevx 3.0 Banking and Ecommerce editions Copyright Prevx Limited 2007,2008,2009
More informationCracked BitDefender Security for File Servers 2 Years 55 PCs pc repair software for free ]
Cracked BitDefender Security for File Servers 2 Years 55 PCs pc repair software for free ] Description: FILE SERVERS - THE BACKBONE OF THE NETWORK File servers are not just a network repository for the
More informationCIS 551 / TCOM 401 Computer and Network Security. Spring 2007 Lecture 12
CIS 551 / TCOM 401 Computer and Network Security Spring 2007 Lecture 12 Announcements Project 2 is on the web. Due: March 15th Send groups to Jeff Vaughan (vaughan2@seas) by Thurs. Feb. 22nd. Plan for
More informationInternet Quarantine: Requirements for Containing Self-Propagating Code
Internet Quarantine: Requirements for Containing Self-Propagating Code David Moore, Colleen Shannon, Geoffrey M. Voelker, Stefan Savage University of California, San Diego Abstract It has been clear since
More informationSlowing Down Internet Worms
Slowing Down Internet Worms Shigang Chen Yong Tang Department of Computer & Information Science & Engineering University of Florida, Gainesville, FL 32611 {sgchen, yt1}@cise.ufl.edu Abstract An Internet
More informationAn SII Model for Tracking the Propagation of Modern Malware
An SII Model for Tracking the Propagation of Modern Email Malware I Bincy George, II Liji Jacob, III Dhanya P J I M.Tech Student, II,III Asst. Professor I,II,III Dept. of CSE, Mount Zion College of Engg.,
More informationPeer-to-Peer (P2P) Network Pricing for Increased Resistance to Malicious Code Propagation
Peer-to-Peer (P2P) Network Pricing for Increased Resistance to Malicious Code Propagation Daniel O. Rice, George Wright Loyola College in Maryland Abstract This research proposes a security pricing mechanism
More informationModerated by: Moheeb Rajab Background singers: Jay and Fabian
Network Forensics and Next Generation Internet Attacks Moderated by: Moheeb Rajab Background singers: Jay and Fabian 1 Agenda Questions and Critique of Timezones paper Extensions Network Monitoring (recap)
More informationNetwork Awareness and Network Security
Network Awareness and Network Security John McHugh Canada Research Chair in Privacy and Security Director, oratory Dalhousie University, Halifax, NS CASCON CyberSecurity Workshop 17 October 2005 Overview
More informationDetecting Spam Zombies by Monitoring Outgoing Messages
Detecting Spam Zombies by Monitoring Outgoing Messages Zhenhai Duan, Peng Chen, Fernando Sanchez Florida State University {duan, pchen, sanchez}@cs.fsu.edu Yingfei Dong University of Hawaii yingfei@hawaii.edu
More informationThe Complex Network Phenomena. and Their Origin
The Complex Network Phenomena and Their Origin An Annotated Bibliography ESL 33C 003180159 Instructor: Gerriet Janssen Match 18, 2004 Introduction A coupled system can be described as a complex network,
More informationCOMPUTER NETWORK SECURITY
COMPUTER NETWORK SECURITY Prof. Dr. Hasan Hüseyin BALIK (9 th Week) 9. Firewalls and Intrusion Prevention Systems 9.Outline The Need for Firewalls Firewall Characterictics and Access Policy Type of Firewalls
More informationTrashing the Internet Commons: Implications for ISPs
Trashing the Internet Commons: Implications for ISPs Geoff Huston May 2004 Thanks Acknowledgement is given to Bernard Aboba and the Internet Architecture Board, where some of this material was originally
More informationExam : JK Title : CompTIA E2C Security+ (2008 Edition) Exam. Version : Demo
Exam : JK0-015 Title : CompTIA E2C Security+ (2008 Edition) Exam Version : Demo 1.Which of the following logical access control methods would a security administrator need to modify in order to control
More informationFrom Routing to Traffic Engineering
1 From Routing to Traffic Engineering Robert Soulé Advanced Networking Fall 2016 2 In the beginning B Goal: pair-wise connectivity (get packets from A to B) Approach: configure static rules in routers
More informationThe Evolution of System-call Monitoring
The Evolution of System-call Monitoring Stephanie Forrest Steven Hofmeyr Anil Somayaji December, 2008 Outline of Talk A sense of self for Unix processes (Review) Emphasize method rather than results Evolutionary
More informationReal Security. In Real Time. White Paper. Preemptive Malware Protection through Outbreak Detection
Real Security. In Real Time. White Paper Preemptive Malware Protection through Detection Table of Contents Executive Summary...2 Response Time to New s The Achilles Heel of the Anti-Virus Industry...3
More informationA Hybrid Approach for Misbehavior Detection in Wireless Ad-Hoc Networks
A Hybrid Approach for Misbehavior Detection in Wireless Ad-Hoc Networks S. Balachandran, D. Dasgupta, L. Wang Intelligent Security Systems Research Lab Department of Computer Science The University of
More informationCS 421: COMPUTER NETWORKS SPRING FINAL May 21, minutes
CS 421: COMPUTER NETWORKS SPRING 2015 FINAL May 21, 2015 150 minutes Name: Student No: Show all your work very clearly. Partial credits will only be given if you carefully state your answer with a reasonable
More informationConfiguring Anomaly Detection
CHAPTER 9 Caution Anomaly detection assumes it gets traffic from both directions. If the sensor is configured to see only one direction of traffic, you should turn off anomaly detection. Otherwise, when
More informationEnterprise Cybersecurity Best Practices Part Number MAN Revision 006
Enterprise Cybersecurity Best Practices Part Number MAN-00363 Revision 006 April 2013 Hologic and the Hologic Logo are trademarks or registered trademarks of Hologic, Inc. Microsoft, Active Directory,
More informationMarkov Model Based Congestion Control for TCP
Markov Model Based Congestion Control for TCP Shan Suthaharan University of North Carolina at Greensboro, Greensboro, NC 27402, USA ssuthaharan@uncg.edu Abstract The Random Early Detection (RED) scheme
More information