Linda Briesemeister, Patrick Lincoln, Phillip Porras Epidemic Profiles and Defense of ScaleFree Netw - PowerPoint PPT Presentation

1 / 31
About This Presentation
Title:

Linda Briesemeister, Patrick Lincoln, Phillip Porras Epidemic Profiles and Defense of ScaleFree Netw

Description:

Linda Briesemeister, Patrick Lincoln, Phillip Porras ... Networks that are inherently defendable. Prevent infection. Delay infection. Infection Strategy ... – PowerPoint PPT presentation

Number of Views:31
Avg rating:3.0/5.0
Slides: 32
Provided by: N800
Category:

less

Transcript and Presenter's Notes

Title: Linda Briesemeister, Patrick Lincoln, Phillip Porras Epidemic Profiles and Defense of ScaleFree Netw


1
Linda Briesemeister, Patrick Lincoln, Phillip
Porras Epidemic Profiles and Defense of
Scale-Free Networks
  • Cmpe 588 Modeling The Internet
  • Fatih Ogun

2
Outline
  • Environment
  • Purpose of the study
  • Related Work
  • Epidemic Profiles
  • Computer Network Topologies
  • Simulation
  • Simulation Results
  • Wrap-up

3
Environment
  • Increasing dependence on networks
  • Worms viruses
  • Harmful
  • Self-propagating
  • Large network infrastructure

4
Purpose of the Study
  • Network design with certain properties
  • Main points
  • Studies of worms and viruses
  • Infection
  • Propagation
  • Studies of percolation and epidemic spread in
    large networks
  • Studies of preservation of mission critical
    functionality

5
Purpose of the Study
  • Sparse connectivity
  • Defensibility
  • Random failures
  • Critical functionality

6
Related Work
  • Moore Code Red
  • Content Blocking
  • Address blacklisting
  • No response time is fast enough
  • Albert
  • Scale-free networks
  • Error attack tolerance
  • Robust against random error
  • Not robust against deliberate attack of highly
    connected nodes

7
Related Work
  • Susceptible-infected-susceptible (SIS)
  • Scale-free networks
  • BA Model
  • KE Model
  • Epidemic threshold found in KE Model
  • Analytical results
  • SIS model in scale-free BA Model
  • Random cures
  • Deliberate cures
  • Simulation of the behavior of computer worms
  • Scale-free networks

8
Epidemic Profiles
  • Networks that are inherently defendable
  • Prevent infection
  • Delay infection
  • Infection Strategy
  • Infection Host configurations vulnerabilities
  • Propagation Seeking new targets
  • Epidemic profiles
  • Infection criteria vs. network configuration
  • Further step
  • Epidemics vs. network resilience

9
Epidemic Profiles
  • Infection Methods
  • Network Service Buffer Overflows
  • Macro and Script Insertion
  • Deception of binary code
  • Argument-driven subversion

10
Epidemic Profiles
  • Vulnerability Dependencies
  • Target Operating System
  • Enabled Network Services
  • Patch revisions
  • Configuration settings
  • Hardware architecture
  • Resident applications

11
Epidemic Profiles
  • Common exploit techniques
  • Operating system
  • Application specific
  • Blended Threat

12
Epidemic Profiles
  • Infection Strategy
  • Sequential Process of Scanning
  • Mail based
  • Topological
  • Contagion
  • Active Scanning
  • Coordinated Scanning
  • Extended scanning
  • Synchronization
  • Single stage worms

13
Epidemic Profiles
  • Epidemic Subgraph Partitioning
  • Example Epidemic Profile
  • Multiple infection strategies
  • Heterogeneous network
  • DoD wide area with several LANs
  • LAN Windows workstations and UNIX servers
  • Network Services DNS and SMTP
  • Strong filtering restrictions at the gateway
  • Objectives
  • Windows exploitation
  • Intra-LAN network communications

14
Epidemic Profiles
  • Antivirus techniques
  • Metamorphic worms

15
Computer Network Topologies
  • Artificially generated network topologies
  • Homogeneous degree distribution
  • Regular graph topologies
  • Degree distribution following a power law
  • Scale-free networks
  • Large, real-world networks

16
Computer Network Topologies
  • Scale-Free Networks
  • Scale-free distribution of degree power-law
  • High clustering
  • Short average path length
  • Scale-free network models
  • BA-Model
  • KE-Model

17
Computer Network Topologies
  • BA-Model
  • m0 initial nodes
  • m initial degrees m lt m0
  • t time steps
  • Preferential attachment
  • Power-law degree distribution

18
Computer Network Topologies
  • KE-Model
  • Higher clustering coefficient than BA-Model
  • m initial nodes
  • t time steps

19
Computer Network Topologies
  • Network mission
  • Special clients C and S
  • Random failures
  • Worms
  • KE and BA networks
  • Tolerant to random faults
  • Hub-and-spokes, tree, ring

20
Computer Network Topologies
  • Lemma 1
  • In a KE network with generation parameter m there
    are m disjoint paths between any node in the
    original set of m nodes and any other node
  • Theorem 1
  • In a nontrivial KE network with generation
    parameter m there are m disjoint paths between
    any pairs of nodes.

21
Simulation
  • Scale-free networks
  • Topological properties
  • Dynamics of interaction

22
Simulation
  • Simulation parameters
  • N 50000 nodes
  • NWAN 1000 autonomous systems or LANs
  • Each LAN 50 nodes
  • Blended threat close client machines or servers
  • WAN BA-Model and KE-Model
  • LAN Simplified completely connected topology
  • Node uptime exceeds 99
  • m0, m and t

23
Simulation
  • Susceptiple-infected-susceptible (SIS) spreading
  • Infection probability
  • Either infected or susceptible
  • Infected at time t-1, susceptible at time t
  • Susceptible and connected to at least one
    infected individual at time t-1, infected at time
    t with probability ?
  • Susceptible-infected (SI) spreading
  • Infected node stays infected
  • Used in the simulation
  • Individual susceptibility bi
  • Determined by the degree of the node i - di

24
Simulation
  • Immunization
  • Dynamic introduction of node-level blocking of
    message exchanges
  • May affect other network functions
  • Prevalence number of infected nodes / number of
    nodes
  • Threshold pres if exceeded, immunize the most
    connected nodes (regardless of infection state)
  • Two immunization cases 1 and 10
  • Three threshold settings 20, 5, 1

25
Simulation
  • One node at random selected
  • T 25 time steps performed
  • For each set of parameters 50 simulation runs

26
Simulation
27
Simulation
28
Simulation Results
  • BA network
  • Simulated worm spreads extremely rapidly
  • Even with the defensive measures
  • KE network
  • Much slower than BA network
  • Simulation extended to 100 time steps
  • Can provide enough time for saving the remaining
    portion
  • WAN network architectural choices

29
Wrap-up
  • Analysis of real-world networks
  • Epidemic profiles of worms
  • Epidemic spread in scale-free network topologies
  • Simulation combining the concepts
  • Network topologies
  • Inherently defensible
  • Reliable mission-critical network services
  • Fault tolerant against normal accidents and
    random outages

30
Wrap-up
  • Comparing KE-Model with a more similar scale-free
    network topology
  • Epidemic profiling rather than individual worm
    and virus classification
  • Containment strategy
  • Network Management
  • Contingency plans and disaster recovery
  • Epidemics anticipating different network
    topologies

31
Thank you
Write a Comment
User Comments (0)
About PowerShow.com
Home About Us Terms and Conditions Privacy Policy Presentation Removal Request Contact Us
Copyright 2024 CrystalGraphics, Inc. — All rights Reserved. PowerShow.com is a trademark of CrystalGraphics, Inc.
The PowerPoint PPT presentation: "Linda Briesemeister, Patrick Lincoln, Phillip Porras Epidemic Profiles and Defense of ScaleFree Netw" is the property of its rightful owner.
Do you have PowerPoint slides to share? If so, share your PPT presentation slides online with PowerShow.com. It's FREE!