Dynamics of Malicious Software
in the InternetTatehiro Kaiwa,
University of Aizu.
E-mail:[email protected]
1
Outline●Random Network and Scale-free Network
●Observed Arrivals of E-mail
●Simulation Model of Worm Spread Dynamics
●Local Network Structure Inference
●Mathematical Model of Outbreak
●Hub Defense Strategy
●Conclusion
2
Two Model of Network● Model of Network
– Random Network Degree Distribution: bell curve– Scale-free Network Degree Distribution: power-law
3
Scale-free and Preferential Attachment
Scale-free Network is a network with power-law degree distribution.
4
Structure of E-mail Network
Degree Distribution of an e-mail network.Reference:Holger Ebel, Lutz-Ingo Mielsch, and Stefan Bornholdt,“Scale-free topology of e-mail networks”,Physical Review E 66, 2002
*k: The number of links.
5
Spoofed From-field
● The From-filed of an e-mail message a worm sends is varies and/or is spoofed.
● It is almost impossible to identify where a worm sends the e-mail and how many worms send observed e-mails.
● It is only arrival intervals that we can obtain a correct data from received e-mails.
6
Observed Arrivals of E-mail
● There are log data* of the time on which each e-mail messages with a worm attached arrived at University of Aizu. * http://web-int/labs/istc/ipc/Security/virus/index.html
7
Simulation Model of Worm Spread Dynamics
8
Comparison between Simulation and Observed Data
9
Arrival Intervals of Simulationi) ii)
iii) i) mk:115.619 ii) mk:92.15
iii) mk:61.95
*mk : Mean of Number of links neighbors have.
10
Mathematical Model of Outbreak
][2
][1][
eME
MESE
11
Hub Defense Strategy (1)
*h = Number of immune hub nodes
Difference of Number of immune hub nodes.
12
Hub Defense Strategy (2)
r = Number of immune nodes selected randomly. h= Number of immune hub nodes.
Comparison Between Hub Defense and Random Defense
13
Conclusion● Observing arrival intervals, we can estimate damage
of a worm and estimate a network structure around observer.
● We can confirm that hub defense strategy is an effective method in this network even though the number of immune hub nodes are not much enough.
14
Thank you
15
Top Related