Dynamics of Malicious Software in the Internet
15
Dynamics of Malicious Software in the Internet Tatehiro Kaiwa, University of Aizu. E-mail:[email protected] 1
description
Tatehiro Kaiwa, University of Aizu. E-mail:[email protected]. Dynamics of Malicious Software in the Internet. 1. Outline. Random Network and Scale-free Network Observed Arrivals of E-mail Simulation Model of Worm Spread Dynamics Local Network Structure Inference - PowerPoint PPT Presentation
Transcript of Dynamics of Malicious Software in the Internet
Dynamics of Malicious Software
in the InternetTatehiro Kaiwa,
University of Aizu.
E-mail:[email protected]
1
Outline●Random Network and Scale-free Network
●Observed Arrivals of E-mail
●Simulation Model of Worm Spread Dynamics
●Local Network Structure Inference
●Mathematical Model of Outbreak
●Hub Defense Strategy
●Conclusion
2
Two Model of Network● Model of Network
– Random Network Degree Distribution: bell curve– Scale-free Network Degree Distribution: power-law
3
Scale-free and Preferential Attachment
Scale-free Network is a network with power-law degree distribution.
4
Structure of E-mail Network
Degree Distribution of an e-mail network.Reference:Holger Ebel, Lutz-Ingo Mielsch, and Stefan Bornholdt,“Scale-free topology of e-mail networks”,Physical Review E 66, 2002
*k: The number of links.
5
Spoofed From-field
● The From-filed of an e-mail message a worm sends is varies and/or is spoofed.
● It is almost impossible to identify where a worm sends the e-mail and how many worms send observed e-mails.
● It is only arrival intervals that we can obtain a correct data from received e-mails.
6
Observed Arrivals of E-mail
● There are log data* of the time on which each e-mail messages with a worm attached arrived at University of Aizu. * http://web-int/labs/istc/ipc/Security/virus/index.html
7
Simulation Model of Worm Spread Dynamics
8
Comparison between Simulation and Observed Data
9
Arrival Intervals of Simulationi) ii)
iii) i) mk:115.619 ii) mk:92.15
iii) mk:61.95
*mk : Mean of Number of links neighbors have.
10
Mathematical Model of Outbreak
][2
][1][
eME
MESE
11
Hub Defense Strategy (1)
*h = Number of immune hub nodes
Difference of Number of immune hub nodes.
12
Hub Defense Strategy (2)
r = Number of immune nodes selected randomly. h= Number of immune hub nodes.
Comparison Between Hub Defense and Random Defense
13
Conclusion● Observing arrival intervals, we can estimate damage
of a worm and estimate a network structure around observer.
● We can confirm that hub defense strategy is an effective method in this network even though the number of immune hub nodes are not much enough.
14
Thank you
15
