Results 1 -
9 of
9
A PRoactive Malware Identification System based on the Computer Hygiene Principles
, 2007
"... Recent worm epidemics have proven beyond any doubt that the existing centralized worm containment mechanisms are no longer adequate to protect vulnerable systems, resulting in a shift towards distributed cooperative mechanisms that aim to safeguard and immunize the susceptible population. We are pre ..."
Abstract
-
Cited by 4 (1 self)
- Add to MetaCart
Recent worm epidemics have proven beyond any doubt that the existing centralized worm containment mechanisms are no longer adequate to protect vulnerable systems, resulting in a shift towards distributed cooperative mechanisms that aim to safeguard and immunize the susceptible population. We are presenting PROMIS, a P2P based algorithm that provides its participants with early information regarding the existence of a worm epidemic and allows them to automatically adjust their security level. Our argument is that our approach is based on the principles of hygiene: taking the basic precautions to avoid infection when an epidemic is on the rise and no cure is available.
Automatically Deducing Propagation Sequences that Circumvent a Collaborative Worm Defense
- In: Proceedings of the 25 th International Performance Computing and Communications Conference (Workshop on Malware
, 2006
"... We present an approach to the question of evaluating worm defenses against future, yet unseen and possibly defense-aware worm behavior. Our scheme employs model checking to produce worm propagation sequences that defeat a worm defense of interest. We demonstrate this approach using an exemplar colla ..."
Abstract
-
Cited by 4 (2 self)
- Add to MetaCart
(Show Context)
We present an approach to the question of evaluating worm defenses against future, yet unseen and possibly defense-aware worm behavior. Our scheme employs model checking to produce worm propagation sequences that defeat a worm defense of interest. We demonstrate this approach using an exemplar collaborative worm defense, in which LANs share alerts about encountered infections. Through model checking experiments, we then generate propagation sequences that are able to infect the whole population in the modeled network. We discuss these experimental results and also identify open problems in applying formal methods more generally in the context of worm quarantine research. 1
CMSF: Cooperative Mobile Network Security Information Distribution Framework
"... One of the problems with mobile networks is the lack of security information of the networks. Different from organization and home networks, the security measures and conditions of mobile networks are usually unknown to the end users. As a result, users may enter a mobile network filled with attacks ..."
Abstract
- Add to MetaCart
(Show Context)
One of the problems with mobile networks is the lack of security information of the networks. Different from organization and home networks, the security measures and conditions of mobile networks are usually unknown to the end users. As a result, users may enter a mobile network filled with attacks without any prior protection and suffer serious damages. To tackle these issues, in this paper, we propose CMSF: Cooperative Mobile Network Security Information Distribution Framework which provides mobile users with security information of mobile networks through the cooperation of personal security modules equipped with mobile devices of users. In our framework a central server obtains security logs of networks from users who actually use the networks. Then the server analyzes the security condition of the networks from the logs and distributes the results to users who want to know the conditions of mobile networks. This framework will help users find secure networks and prevent from entering unsecure ones. Through the preliminary experiments of CMSF based worm detection method, we have confirmed the effectiveness of our framework.
Categories and Subject Descriptors
"... We present an approach to the question of evaluating worm defenses against future, yet unseen, and possibly defenseaware worm behavior. Our scheme employs model checking to produce worm propagation sequences that defeat a worm defense of interest. We demonstrate this approach using an exemplar colla ..."
Abstract
- Add to MetaCart
(Show Context)
We present an approach to the question of evaluating worm defenses against future, yet unseen, and possibly defenseaware worm behavior. Our scheme employs model checking to produce worm propagation sequences that defeat a worm defense of interest. We demonstrate this approach using an exemplar collaborative worm defense, in which LANs share alerts about encountered infections. Through model checking experiments, we then generate propagation sequences that are able to infect the whole population in the modeled network. We discuss these experimental results and also identify open problems in applying formal methods more generally in the context of worm quarantine research.
Model Checking of Worm Quarantine and
, 2005
"... We consider what it means to perform worm quarantine across a network with an emerging self-propagating worm outbreak. It is generally understood that an effective quarantine defense can under certain conditions reduce the infection growth rate, and ideally can prevent a worm from reaching its full ..."
Abstract
- Add to MetaCart
We consider what it means to perform worm quarantine across a network with an emerging self-propagating worm outbreak. It is generally understood that an effective quarantine defense can under certain conditions reduce the infection growth rate, and ideally can prevent a worm from reaching its full saturation potential. This report attempts to more precisely define the desired properties of a quarantine algorithm, and suggest different forms of quarantine properties that vary in their ability to isolate infected nodes, ensure the existence of an uninfected population, and guarantee some persistent protection, no matter how the worm behaves. We employ the SAL formal modeling language and model checker to investigate these properties on a specific group-based quarantine algorithm. In addition to answering questions regarding algorithm correctness and validating some quarantine properties, the model checker disproves other quarantine properties. The proofs and counter-examples produced during this process help in algorithm design and may be useful in informing simulation experiments or building test cases. Using a game theoretic approach, counter-examples of a win scenario for the defense yield insight into smart worm behavior that defeats a known quarantine defense.
Using Performance Signatures and Software Rejuvenation for Worm Mitigation in Tactical MANETs
"... ABSTRACT In this paper, we propose a new approach for mitigation of worm propagation through tactical Mobile Ad-Hoc Networks (MANETs) which is based upon performance signatures and software rejuvenation. Three application performance signature and software rejuvenation algorithms are proposed and a ..."
Abstract
- Add to MetaCart
(Show Context)
ABSTRACT In this paper, we propose a new approach for mitigation of worm propagation through tactical Mobile Ad-Hoc Networks (MANETs) which is based upon performance signatures and software rejuvenation. Three application performance signature and software rejuvenation algorithms are proposed and analyzed. These algorithms monitor critical applications' responsiveness and trigger actions for software rejuvenation when host resources degrade due to a co-resident worm competing for host resources. We analyze the effectiveness of our algorithms through analytic modeling and detailed, extensive simulation studies. The key performance metrics investigated are application response time, mean time between rejuvenations and the steady state probability of host infection. We also use simulation models to investigate several design and parameter tuning issues. We investigate the relationship between the rate at which the application performance monitors can detect out-of-specification applications and the rate of worm propagation in the network.
Security
"... We present a method for detecting large-scale worm attacks using only end-host detectors. These detectors propagate and aggregate alerts to cooperating partners to detect largescale distributed attacks in progress. The properties of the host-based detectors may in fact be relatively poor in isolatio ..."
Abstract
- Add to MetaCart
(Show Context)
We present a method for detecting large-scale worm attacks using only end-host detectors. These detectors propagate and aggregate alerts to cooperating partners to detect largescale distributed attacks in progress. The properties of the host-based detectors may in fact be relatively poor in isolation but when taken collectively result in a high-quality distributed worm detector. We implement a cooperative alert sharing protocol coupled with distributed sequential hypothesis testing to generate global alarms about distributed attacks. We evaluate the system’s response in the presence of a variety of false alarm conditions and in the presence of an Internet worm attack. Our evaluation is conducted with agents on the Emulab and DETER emulated testbeds using real operating systems and computing platforms.
Applying Formal Evaluation to Worm Defense Design Raman Sharykin
"... We discuss the early insertion of formal analyses in distributed malware defense evaluation, and provide an example method for applying an executable rewriting logic specification to drive both simulation and property validation of a collaborative group-based worm defense. An important aspect of the ..."
Abstract
- Add to MetaCart
(Show Context)
We discuss the early insertion of formal analyses in distributed malware defense evaluation, and provide an example method for applying an executable rewriting logic specification to drive both simulation and property validation of a collaborative group-based worm defense. An important aspect of the algorithm under consideration is its distributed and probabilistic nature, which makes the defense system harder to attack but unfortunately also complicates the ability of designers to fully understand its behavioral properties. We demonstrate one approach to formally analyze our case study worm defense algorithm, employing tools that facilitate both statistical simulation and property validation. Our approach is posed as complementary to the current practice of informal design specification and evaluation through network simulation. 1
