Code Red Worm Propagation Modeling and Analysis Zou, Gong, - PowerPoint PPT Presentation

1 / 12
About This Presentation
Title:

Code Red Worm Propagation Modeling and Analysis Zou, Gong,

Description:

good baseline, need to be adjusted to explain Internet worm data ... Two-factor worm model. accurate model without topology constraints ... – PowerPoint PPT presentation

Number of Views:32
Avg rating:3.0/5.0
Slides: 13
Provided by: michaele5
Category:

less

Transcript and Presenter's Notes

Title: Code Red Worm Propagation Modeling and Analysis Zou, Gong,


1
Code Red Worm Propagation Modeling and
AnalysisZou, Gong, Towsley
  • Michael E. Locasto
  • March 4, 2003
  • Paper 46

2
Overview
  • Code Red incident data impact
  • epidemiology models
  • traditional (biological) infection models
  • two-factor worm model
  • related work questions
  • (Weaver Sapphire)

3
Motivation
  • Internet great medium for spreading malicious
    code
  • Code Red Co. renew interest in worm studies
  • Issues
  • How to explain worm propagation curves?
  • What factors affect spreading behavior?
  • Can we generate a more accurate model?

4
Epidemic Models
  • Deterministic vs. Stochastic
  • Simple epidemic model (paper 45)
  • general epidemic model (Kermack-Mckendrick add
    notion of removed hosts)
  • good baseline, need to be adjusted to explain
    Internet worm data
  • any model must be deterministic (b/c of scale)

5
Two-Factor Worm Model
  • Two major factors affect worm spread
  • dynamic human countermeasures
  • anti-virus software cleaning
  • patching
  • firewall updates
  • disconnect/shutdown
  • interference due to aggressive scanning
  • Rate of infection (ß) is not constant

6
Two-Factor Worm Model (con)
  • Two important restrictions
  • consider only continuously activated worms
  • consider worms that propagate w/ort topology

7
Infection Statistics
8
Classic Simple Epidemic Model
  • Model presented in paper 45 (classic simple
    epidemic model, k1.8, kBN)
  • a(t) J(t) / N (fraction of population infected)
  • Wrong! (compare to last slide)

9
Simple Epidemic Model Math
  • Variables
  • infected hosts (had virus at some point) J(t)
  • population size N
  • infection rate ß(t)
  • dJ(t)/dt ßJ(t)N - J(t)

10
Two-Factor Model Math
  • dI(t)/dt ß(t)N - R(t) - I(t) - Q(t)I(t) -
    dR(t)/dt
  • S(t) susceptible hosts
  • I(t) infectious hosts
  • R(t) removed hosts from I population
  • Q(t) removed hosts from S population
  • J(t) I(t) R(t)
  • C(t) R(t) Q(t)
  • J(t) I(t) R(t)
  • N population (IRQS)

11
Two-Factor Fit
  • Take removed hosts from both S and I populations
    into account
  • non-constant infection rate (decreases)
  • fits well with observed data

12
Results
  • Two-factor worm model
  • accurate model without topology constraints
  • explains exponential start end drop off
  • identifies 2 critical factors in worm propagation
  • Only 60 of CR targets infected
Write a Comment
User Comments (0)
About PowerShow.com
Home About Us Terms and Conditions Privacy Policy Presentation Removal Request Contact Us
Copyright 2024 CrystalGraphics, Inc. — All rights Reserved. PowerShow.com is a trademark of CrystalGraphics, Inc.
The PowerPoint PPT presentation: "Code Red Worm Propagation Modeling and Analysis Zou, Gong," is the property of its rightful owner.
Do you have PowerPoint slides to share? If so, share your PPT presentation slides online with PowerShow.com. It's FREE!