1 / 15

Dynamics of Malicious Software in the Internet

Tatehiro Kaiwa, University of Aizu. E-mail:m5081224@u-aizu.ac.jp. Dynamics of Malicious Software in the Internet. 1. Outline. Random Network and Scale-free Network Observed Arrivals of E-mail Simulation Model of Worm Spread Dynamics Local Network Structure Inference

nora
Download Presentation

Dynamics of Malicious Software in the Internet

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Tatehiro Kaiwa, University of Aizu. E-mail:m5081224@u-aizu.ac.jp Dynamics of Malicious Softwarein the Internet 1

  2. Outline • Random Network and Scale-free Network • Observed Arrivals of E-mail • Simulation Model of Worm Spread Dynamics • Local Network Structure Inference • Mathematical Model of Outbreak • Hub Defense Strategy • Conclusion 2

  3. Two Model of Network • Model of Network • Random Network Degree Distribution: bell curve • Scale-free Network Degree Distribution: power-law 3

  4. Scale-free and Preferential Attachment Scale-free Network is a network with power-law degree distribution. 4

  5. Structure of E-mail Network *k: The number of links. Degree Distribution of an e-mail network. Reference: Holger Ebel, Lutz-Ingo Mielsch, and Stefan Bornholdt, “Scale-free topology of e-mail networks”, Physical Review E 66, 2002 5

  6. Spoofed From-field • The From-filed of an e-mail message a worm sends is varies and/or is spoofed. • It is almost impossible to identify where a worm sends the e-mail and how many worms send observed e-mails. • It is only arrival intervals that we can obtain a correct data from received e-mails. 6

  7. Observed Arrivals of E-mail • There are log data* of the time on which each e-mail messages with a worm attached arrived at University of Aizu. * http://web-int/labs/istc/ipc/Security/virus/index.html 7

  8. Simulation Model of Worm Spread Dynamics 8

  9. Comparison between Simulation and Observed Data 9

  10. Arrival Intervals of Simulation i) ii) iii) i) mk:115.619 ii) mk:92.15 iii) mk:61.95 *mk : Mean of Number of links neighbors have. 10

  11. Mathematical Model of Outbreak 11

  12. Hub Defense Strategy (1) Difference of Number of immune hub nodes. *h = Number of immune hub nodes 12

  13. Hub Defense Strategy (2) Comparison Between Hub Defense and Random Defense r = Number of immune nodes selected randomly. h= Number of immune hub nodes. 13

  14. Conclusion • Observing arrival intervals, we can estimate damage of a worm and estimate a network structure around observer. • We can confirm that hub defense strategy is an effective method in this network even though the number of immune hub nodes are not much enough. 14

  15. Thank you 15

More Related