100 %
0 %
Information about Shir

Published on September 13, 2007

Author: AscotEdu



Stopping computer viruses through dynamic immunization:  Stopping computer viruses through dynamic immunization E. Shir, J.Goldenberg, Y. Shavitt, S. Solomon The War on Viruses Is Being Lost:  The War on Viruses Is Being Lost A recent British survey conducted by PwC: 93% of British business have installed an anti virus solution Nonetheless, 50% (68% of the large ones) have reported suffering from virus infection in the last year. And the situation gets worse and worse… Why would I buy a software which guarantees merely 32% success rate? From the Horse’s mouth – What Symantec has to say::  From the Horse’s mouth – What Symantec has to say: '..One of the most significant events of 2003 occurred in August when the Internet experienced three new Category 4 worms in only 12 days.1 Blaster, Welchia, and Sobig.F infected millions of computers worldwide. These threats alone may have resulted in as much as $2 billion in damages…' '…In the first half of 2003, only one-sixth of the companies analyzed reported a serious breach. In the second half of the year, half of the companies reported a serious breach…' '…Financial services, healthcare, and power and energy were among the industries hardest hit by severe events…' '…Finally, ... As exploits are developed and released more quickly, companies are increasingly vulnerable ... Symantec believes that 'zero-day' threats are imminent... If such an outbreak occurs, widespread damage could occur before users are able to effectively patch their systems…' From 'Symantec Internet Security Threat Report' March 2004 Virus Spread in a Networked World:  Virus Spread in a Networked World Several spread mechanisms for malicious code: Email infection Worms Web vulnerabilities Note: diskette/CD infection are not included Similar behavior – different overlay networks: Address book network (social network) LAN/WAN (Internet Routing Network) Web links network All broad-scale networks, can be modeled by a scale-free network model Most of the economic damage is caused due to denial of network services and not due to information loss!! The Anti Virus Industry:  The Anti Virus Industry Current Anti-virus approach has not been updated since its incubation and is the same as in the 'diskette virus' age: The anti-virus software defends only its owner A new threat defense must be updated centrally No real immunization against new viruses The distribution of the anti virus updates is a slow, stochastic process, compared to the rapid spread of the viruses, the virus always has the upper end. Current Immunization schemes:  Current Immunization schemes Focus on changing the topology of the network through nodes immunization, so to introduce an epidemic threshold (random nodes, targeted hubs, neighbors of random nodes) before the epidemic has approached Static in nature (do not interact with the infection process) New Virus Fighting Paradigms:  New Virus Fighting Paradigms Distributed immunization revisited partially un-correlated networks Honey Traps and shrinking a small world an Anti-virus Paradigm for a Networked World:Distributed Immunization:  an Anti-virus Paradigm for a Networked World: Distributed Immunization 'Spread the word' – 'Infecting' my neighborhood with new threat information in real-time Enough to shout 'danger'. Speed is more important than thorough analysis We want to immune un-infected nodes, rather than curing infected ones We want to suppress the infected cluster an Anti-virus Paradigm for a Networked World: Partially Uncorrelated Overlay Networks:  an Anti-virus Paradigm for a Networked World: Partially Uncorrelated Overlay Networks Spread the anti virus on a similar but not identical network e.g. – the virus moves on the email network – the anti virus moves on email plus the SMS networks We change the topology for the anti-virus, while leaving the virus topology intact. Thus allowing the anti-virus to win Conjecture: For large enough networks, the virus cluster can be contained to any desirable portion of the network, if there are enough links that are unique to the anti-virus network Honey Traps – Shrinking a Small World :  Honey Traps – Shrinking a Small World How do we engineer an effective system that can immune distributively using a partially uncorrelated network? Use a set of fully connected honey traps Effectively, a small amount shrinks the network considerably for the anti virus by creating a virtual super-hub Initial Math Analysis :  Initial Math Analysis We statistically analyze the model as an interacting random branching process on a graph Without anti virus the virus cluster layers are given by: =andgt; With the anti virus, the ratio of the infected to immuned clusters size takes the form: This ratio is thus inversely proportional to the relative edge addition Model Description:  Model Description Node possible states: 1. Neutral 2. Infected 3. Immuned 4. Infected and Immuning (conform to SIR) Edge Types: 1. Common 2. Virus only 3. Anti-virus only Model Description (cont.):  Model Description (cont.) Model Description (Cont.):  Model Description (Cont.) Rules of the dynamics: 1. Stochastic: Each process has an occurrence probability centered around a typical time scale (delay) Deterministic: Constant Delay 2. The processes which occur are: a. Infection – an infected node infects a neighbor which was neutral b. Birth of an anti-virus – an infected node creates an anti-virus and sends it to a neutral neighbor c. Immunization – an immuned node sends an anti-virus to a neutral neighbor d. In the Honey Traps model, only the Honey Traps can create an anti virus 3. Once immuned or infected, a node cannot change its status Model Description (Cont.):  Model Description (Cont.) Both the virus and anti virus can move on edges of type 'common'. Each of them also can move on its specific typed edges By definition, there is always only one cluster of infected nodes. Not true for the anti-virus In the scale free case, the typed degrees of a node are correlated (a 'common' hub will also be a 'virus' and an 'anti-virus' hub, though possibly in a different scale) Movies:  Movies Empirical Survey of email/SMS networks:  Empirical Survey of email/SMS networks We surveyed hundreds of people, gaining eventually a sample set containing 513 answers People were asked for the size of their address book, the size of their phone book and the corresponding overlap Empirical Survey of email/SMS networks - Results:  The average overlap was only 32.6% The phone book data exhibited power law tale with exponent=-1.88 Empirical Survey of email/SMS networks - Results The address book data exhibited a close to power law distribution with exponent=-0.75 Results:  Results We studied both random and scale free networks in both deterministic and stochastic settings We checked the dependence on the following parameters: Characteristic delay gap between infection and virus birth Dependence on common, virus and anti virus edge density Dependence on honey traps Average degree dependence (Random-ER):  Average degree dependence (Random-ER) Dependence on Delay Gap (Random, common density=0.01):  Dependence on Delay Gap (Random, common density=0.01) Dependence on delay gap(Scale Free - common, virus, anti=1):  Dependence on delay gap (Scale Free - common, virus, anti=1) Dependence on anti-virus edges degree (Random – delay gap=20, common degree=10):  Dependence on anti-virus edges degree (Random – delay gap=20, common degree=10) The virus cluster can be suppressed to any desirable size by adding more anti-virus links Dependence on virus and anti virus edge addition:  Dependence on virus and anti virus edge addition Some interesting results: The most important point is to have anti virus edges Dependence on link addition(SF – delay gap=0):  Dependence on link addition (SF – delay gap=0) Dependency on Immunizing links density – random link addition(100000-170000 nodes networks):  Dependency on Immunizing links density – random link addition (100000-170000 nodes networks) Dependency on Honey Traps Density(100000 nodes network):  Dependency on Honey Traps Density (100000 nodes network) Dependence on the exponent (delay gap=20, common=1,anti=1):  Dependence on the exponent (delay gap=20, common=1,anti=1) Future Directions:  Future Directions Further in the future: Test and Implement in the real world w/ DIMES and PlanetLab

Add a comment

Related presentations

Related pages

Shir – Wikipedia

Shir bzw. Schir (arabisch شير, DMG Šīr) ist ein spätneolithischer Fundplatz in Westsyrien, zwölf Kilometer nordwestlich der Stadt Hama, der ...
Read more - Shir-Ran Yinon

Shir-Ran Yinons Homepage - Viola, Violine, Gesang, Komposition, Arrangement
Read more

SHIR KHAN | Free Listening on SoundCloud

Shir Khan is leader of Berlin’s deephouse label Exploited. He keeps a label residency at Berlin’s Watergate, hosts a weekly radioshow at Radio Fritz ...
Read more | Chants, louange, paroles et accords c’est : Un répertoire de 1 083 chants de louange avec paroles et accords. Les chants de Bryan Ost, Dan Luiten, Pierre-Nicolas, JEM 2, JEM 3 ...
Read more

Shir – Bücher, CDs, LPs und mehr -

Startseite; Shir – Bücher, CDs, LPs und mehr
Read more

Aviv Shir-On – Wikipedia

Aviv Aharon Shir-On (* 31. Oktober 1952 bei Tel Aviv) ist ein israelischer Diplomat. Leben. Aviv Shir-On wurde 1952 als Sohn einer deutschen Holocaust ...
Read more

index []

Narajana Orientalischer Tanz
Read more

Shir: Israeli Songs - Microsoft Store

Shir: Israeli Songs Shir. 2003 • 16 Musiktitel • Mehr • Weltmusik • ARC. Album kaufen 7,99 € Kostenlos erhältlich + + Mit Groove Music Pass ...
Read more

Shir - YouTube

Israeli Circle Dance choreogrpahed by Israel Shiker in 1990. Danced here at Danse Montreal in 1992.
Read more

Shir Khan – Duckipedia

Charakter . Shir Khan ist ein Tiger und damit das größte und gefährlichste Raubtier im Dschungel. Er hält sich selbst für den uneingeschränkten ...
Read more