internet outbreaks internet outbreaks epidemiology and
play

Internet Outbreaks: Internet Outbreaks: Epidemiology and Defenses - PowerPoint PPT Presentation

Jul 14, 2023 •169 likes •760 views

Internet Outbreaks: Internet Outbreaks: Epidemiology and Defenses Epidemiology and Defenses Stefan Savage Stefan Savage Collaborative Center for Internet Epidemiology and Defenses Collaborative Center for Internet Epidemiology and Defenses

  1. Internet Outbreaks: Internet Outbreaks: Epidemiology and Defenses Epidemiology and Defenses Stefan Savage Stefan Savage Collaborative Center for Internet Epidemiology and Defenses Collaborative Center for Internet Epidemiology and Defenses Department of Computer Science & Engineering Department of Computer Science & Engineering University of California at San Diego University of California at San Diego In collaboration with Jay Chen, Cristian Estan, Ranjit Jhala, Erin in Kenneally Kenneally, Justin Ma, David , Justin Ma, David In collaboration with Jay Chen, Cristian Estan, Ranjit Jhala, Er Moore, Vern Paxson (ICSI), Colleen Shannon, Sumeet Singh, Alex Snoeren, Stuart noeren, Stuart Moore, Vern Paxson (ICSI), Colleen Shannon, Sumeet Singh, Alex S Staniford (Nevis), Amin Vahdat, Erik Staniford (Nevis), Amin Vahdat, Erik Vandekeift Vandekeift, George Varghese, Geoff Voelker, Michael , George Varghese, Geoff Voelker, Michael Vrable, Nick Weaver (ICSI) Vrable, Nick Weaver (ICSI)

  2. Who am I? Assistant Professor, UCSD ! B.S., Applied History, CMU ! Ph.D., Computer Science, University of Washington ! Research at the intersection of networking, security and OS ! Co-founder of Collaborative Center for Internet Epidemiology and ! Defenses (CCIED) One of four NSF Cybertrust Centers, joint UCSD/ICSI effort ! Focused on large-scale Internet attacks (worms, viruses, botnets, etc) ! Co-founded a number of commercial security startups ! Asta Networks (failed anti-DDoS startup) ! Netsift Inc, (successful anti-worm/virus startup) !

  3. A Chicken Little view of the Internet…

  4. Why Chicken Little is a naïve optimist ! Imagine the following species: ! Poor genetic diversity; heavily inbred ! Lives in “hot zone”; thriving ecosystem of infectious pathogens ! Instantaneous transmission of disease ! Immune response 10-1M times slower ! Poor hygiene practices ! What would its long-term prognosis be?

  5. Why Chicken Little is a naïve optimist ! Imagine the following species: ! Poor genetic diversity; heavily inbred ! Lives in “hot zone”; thriving ecosystem of infectious pathogens ! Instantaneous transmission of disease ! Immune response 10-1M times slower ! Poor hygiene practices ! What would its long-term prognosis be? ! What if diseases were designed… ! Trivial to create a new disease ! Highly profitable to do so

  6. Threat transformation ! Traditional threats ! Modern threats Attacker manually targets high- Attacker uses automation to ! ! value system/resource target all systems at once (can filter later) Defender increases cost to ! compromise high-value systems Defender must defend all ! systems at once Biggest threat: insider attacker ! Biggest threats: software ! vulnerabilities & naïve users

  7. Large-scale technical enablers ! Unrestricted connectivity ! Large-scale adoption of IP model for networks & apps ! Software homogeneity & user naiveté ! Single bug = mass vulnerability in millions of hosts ! Trusting users (“ok”) = mass vulnerability in millions of hosts ! Few meaningful defenses ! Effective anonymity (minimal risk)

  8. Driving economic forces ! No longer just for fun, but for profit SPAM forwarding (MyDoom.A backdoor, SoBig), Credit Card theft ! (Korgo), DDoS extortion, etc… Symbiotic relationship: worms, bots, SPAM, DDoS, etc ! Fluid third-party exchange market ! ( millions of hosts for sale) ! Going rate for SPAM proxying 3 -10 cents/host/week Seems small, but 25k botnet gets you $40k-130k/yr " ! Raw bots, 1$+/host, Special orders ($50+) ! “Virtuous” economic cycle ! Bottom line: Large numbers of compromised hosts = platform DDoS, SPAM, piracy, identity theft = applications

  9. What service-oriented computing really means…

  10. Today’s focus: Outbreaks ! Outbreaks? ! Acute epidemics of infectious malcode designed to actively spread from host to host over the network ! E.g. Worms, viruses, etc (I don’t care about pedantic distinctions, so I’ll use the term worm from now on) ! Why epidemics? ! Epidemic spreading is the fastest method for large- scale network compromise ! Why fast? ! Slow infections allow much more time for detection, analysis, etc (traditional methods may cope)

  11. Today ! Network worm review ! Network epidemiology ! Threat monitors & automated defenses

  12. What is a network worm? ! Self-propagating self-replicating network program Exploits some vulnerability to infect remote machines ! Infected machines continue propagating infection !

  13. What is a network worm? ! Self-propagating self-replicating network program Exploits some vulnerability to infect remote machines ! Infected machines continue propagating infection !

  14. What is a network worm? ! Self-propagating self-replicating network program Exploits some vulnerability to infect remote machines ! Infected machines continue propagating infection !

  15. What is a network worm? ! Self-propagating self-replicating network program Exploits some vulnerability to infect remote machines ! Infected machines continue propagating infection !

  16. A brief history of worms… ! As always, Sci-Fi authors get it first Gerold’s “ When H.A.R.L.I.E. was One ” (1972) – “Virus” ! Brunner’s “Shockwave Rider” (1975) – “tapeworm program” ! ! Shoch&Hupp co-opt idea; coin term “worm” (1982) Key idea: programs that self-propagate through network to ! accomplish some task; benign ! Fred Cohen demonstrates power and threat of self- replicating viruses (1984) ! Morris worm exploits buffer overflow vulnerabilities & infects a few thousand hosts (1988) Hiatus for over a decade…

  17. The Modern Worm era ! Email based worms in late 90’s (Melissa & ILoveYou) Infected >1M hosts, but requires user participation ! ! CodeRed worm released in Summer 2001 Exploited buffer overflow in IIS; no user interaction ! Uniform random target selection (after fixed bug in CRv1) ! Infects 360,000 hosts in 10 hours (CRv2) ! Attempted to mount simultaneous DDoS attack on whitehouse.gov ! Like the energizer bunny… still going ! ! Energizes renaissance in worm construction (1000’s) Exploit-based: CRII, Nimda, Slammer , Blaster, Witty, etc… ! Human-assisted: SoBig, NetSky, MyDoom, etc… ! 6200 malcode variants in 2004; 6x increase from 2003 [Symantec] !

  18. Anatomy of a worm: Slammer ! Exploited SQL server buffer overflow vulnerability Header ! Worm fit in a single UDP packet (404 bytes total) ! Code structure Oflow Cleanup from buffer overflow ! Get API pointers ! API ! Code borrowed from published exploit Create socket & packet ! Seed PRNG with getTickCount() Socket ! While (TRUE) ! Seed ! Increment Pseudo-RNG Mildly buggy " PRNG ! Send packet to pseudo-random address ! Main advancement: doesn’t listen Sendto (decouples scanning from target behavior)

  19. A pretty fast outbreak: Slammer (2003) ! First ~1min behaves like classic random scanning worm Doubling time of ~8.5 seconds ! CodeRed doubled every 40mins ! ! >1min worm starts to saturate access bandwidth Some hosts issue >20,000 scans ! per second Self-interfering ! (no congestion control) ! Peaks at ~3min >55million IP scans/sec ! ! 90% of Internet scanned in <10mins Infected ~100k hosts See: Moore et al, IEEE Security & Privacy, ! (conservative) 1(4), 2003 for more details

  20. Was Slammer really fast? ! Yes , it was orders of magnitude faster than CR ! No , it was poorly written and unsophisticated

  21. Was Slammer really fast? ! Yes , it was orders of magnitude faster than CR ! No , it was poorly written and unsophisticated ! Who cares? It is literally an academic point ! The current debate is whether one can get < 500ms ! Bottom line : way faster than people! See: Staniford et al, ACM WORM, 2004 for more details

  22. How to think about worms ! Reasonably well described as infectious epidemics Simplest model: Homogeneous random contacts ! ! Classic SI model dI IS di = β ! N: population size dt N i ( 1 i ) = β − ! S(t): susceptible hosts at time t dt dS IS = − β ! I(t): infected hosts at time t dt N ! ß: contact rate ( t T ) e β − i ( t ) = ! i(t): I(t)/N, s(t): S(t)/N ( t T ) 1 e β − + courtesy Paxson, Staniford, Weaver

  23. What’s important? ! There are lots of improvements to this model… Chen et al, Modeling the Spread of Active Worms , Infocom 2003 (discrete time) ! Wang et al, Modeling Timing Parameters for Virus Propagation on the Internet , ! ACM WORM ’04 (delay) Ganesh et al, The Effect of Network Topology on the Spread of Epidemics , ! Infocom 2005 (topology) ! … but the conclusion is the same. We care about two things: ! How likely is it that a given infection attempt is successful? Target selection (random, biased, hitlist, topological,…) ! Vulnerability distribution (e.g. density – S(0)/N) ! ! How frequently are infections attempted? ß: Contact rate !

  24. What can be done? ! Reduce the number of susceptible hosts ! Prevention , reduce S(t) while I(t) is still small (ideally reduce S(0)) ! Reduce the contact rate ! Containment , reduce ß while I(t) is still small ! Reduce the number of infected hosts ! Treatment , reduce I(t) after the fact

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

WVDHHR/BPH/OEPS Division of Infectious Disease Epidemiology November 16, 2012 1 Outbreaks in

WVDHHR/BPH/OEPS Division of Infectious Disease Epidemiology November 16, 2012 1 Outbreaks in

Sherif Ibrahim, MD, MPH WVDHHR/BPH/OEPS Division of Infectious Disease Epidemiology November 16, 2012 1 Outbreaks in WV over last decade Outbreaks in 2011 Outbreaks to remember: Outbreak of novel influenza A (H3N2)v Regional

926 views • 70 slides
Not All Outbreaks Are GI Buy one get three free! Get a flavour for other outbreaks! Listeria

Not All Outbreaks Are GI Buy one get three free! Get a flavour for other outbreaks! Listeria

Not All Outbreaks Are GI Buy one get three free! Get a flavour for other outbreaks! Listeria Outbreak April August 2019 Helen Doyle Emergency Planning Officer Overview Listeriosis is a rare infection caused by bacteria called

546 views • 26 slides
Fast and near-optimal monitoring for healthcare acquired infection outbreaks Thu 4/23 CS:4980

Fast and near-optimal monitoring for healthcare acquired infection outbreaks Thu 4/23 CS:4980

Fast and near-optimal monitoring for healthcare acquired infection outbreaks Thu 4/23 CS:4980 Computational Epidemiology Published in Sep 2019. Side note : Bijaya Adhikari is joining our department this fall! Overview The paper has 5 parts:

554 views • 21 slides
ASF cases and outbreaks in Poland Since SGE1 meeting 13 cases (22-34) of ASF in wild boar and 1

ASF cases and outbreaks in Poland Since SGE1 meeting 13 cases (22-34) of ASF in wild boar and 1

ASF cases and outbreaks in Poland Since SGE1 meeting 13 cases (22-34) of ASF in wild boar and 1 outbreak (3 rd ) of ASF in pigs have been detected in Poland. Those events occurred in the same area as previous outbreaks/cases (parts of 2

411 views • 25 slides
Outbreaks in Long Term Care &amp; Assisted Living Facilities Steven Burnite Communicable Disease

Outbreaks in Long Term Care &amp; Assisted Living Facilities Steven Burnite Communicable Disease

Outbreaks in Long Term Care &amp; Assisted Living Facilities Steven Burnite Communicable Disease Epidemiology Program Colorado Department of Public Health and Environment Steven.Burnite@state.co.us What is an outbreak? In general: More

633 views • 32 slides
No Yes Do you use the Internet to do homework? Do you use the Internet to follow your

No Yes Do you use the Internet to do homework? Do you use the Internet to follow your

No Yes Do you use the Internet to do homework? Do you use the Internet to follow your favourite team? Do you use the internet to watch music videos? Do you use the Internet to read the news? Do you use the Internet to play games? Shared

997 views • 51 slides
Topics Current regulations and reporting of outbreaks Major changes to regulations

Topics Current regulations and reporting of outbreaks Major changes to regulations

Conference For Humbaugh 11/07/2014 Healthcare Transparency &amp; Patient Safety 2 Topics Current regulations and reporting of outbreaks Major changes to regulations Definitions Simultaneous reporting of data to both National

348 views • 5 slides
Epidemiologic Approaches to Investigating Multistate Outbreaks in the United States Ian Williams,

Epidemiologic Approaches to Investigating Multistate Outbreaks in the United States Ian Williams,

Epidemiologic Approaches to Investigating Multistate Outbreaks in the United States Ian Williams, PhD, MS Chief, Outbreak Response and Prevention Branch Division of Foodborne, Waterborne and Environmental Diseases National Center for Emerging

1.75k views • 112 slides
AFRICAN DUST OUTBREAKS A satellite perspective of temporal and spatial variability over the

AFRICAN DUST OUTBREAKS A satellite perspective of temporal and spatial variability over the

AFRICAN DUST OUTBREAKS A satellite perspective of temporal and spatial variability over the tropical Atlantic Ocean Jingfeng Huang 1,2 , Chidong Zhang 3 , Joseph M. Prospero 3 1 UMBC GEST; 2 NASA GSFC; 3 University of Miami, RSMAS Thanks to:

787 views • 16 slides
How to Protect Students and Drivers from Infectious Disease Outbreaks on Buses The Bugs ARE Out

How to Protect Students and Drivers from Infectious Disease Outbreaks on Buses The Bugs ARE Out

How to Protect Students and Drivers from Infectious Disease Outbreaks on Buses The Bugs ARE Out to Get US Technology Can Help National Association for Pupil Transportation Webinar March 16th. www.wilcoxevs.com About Me!!! Life long New

706 views • 37 slides
Understanding the Diversity of Tweets in the Time of Outbreaks Nattiya Kanhabua and Wolfgang

Understanding the Diversity of Tweets in the Time of Outbreaks Nattiya Kanhabua and Wolfgang

Understanding the Diversity of Tweets in the Time of Outbreaks Nattiya Kanhabua and Wolfgang Nejdl L3S Research Center Leibniz Universitt Hannover, Germany http://www.L3S.de Search result from Google retrieved on 12 May 2013 Tweets in the

546 views • 32 slides
Microbiological Testing of Foods Investigating outbreaks of foodborne disease Assessing

Microbiological Testing of Foods Investigating outbreaks of foodborne disease Assessing

Importance of detecting microorganisms in food Microbiological Testing of Foods Investigating outbreaks of foodborne disease Assessing the safety of the product to consumers. Mehrdad Tajkarimi Assessing the stability or shelf life of

356 views • 4 slides
Use of Social Media to Monitor and Predict Outbreaks and Public Opinion on Health Topics

Use of Social Media to Monitor and Predict Outbreaks and Public Opinion on Health Topics

Use of Social Media to Monitor and Predict Outbreaks and Public Opinion on Health Topics Alessio Signorini Department of Computer Science University of Iowa December 3rd, 2014 Measurement is the first step that leads to control and

393 views • 28 slides
Ebola, Leadership, and Communication Kaci Hickox MSN/MPH, DTN, BSN MSF Ebola Unit Bo, Sierra

Ebola, Leadership, and Communication Kaci Hickox MSN/MPH, DTN, BSN MSF Ebola Unit Bo, Sierra

Ebola, Leadership, and Communication Kaci Hickox MSN/MPH, DTN, BSN MSF Ebola Unit Bo, Sierra Leone Past Outbreaks First humans cases documented in 1967 &gt;20 previous Ebola and Marburg virus outbreaks Doctors Without Borders and

695 views • 47 slides
Communication security over the Internet The big picture Me Internet Resource Internet

Communication security over the Internet The big picture Me Internet Resource Internet

Communication security over the Internet The big picture Me Internet Resource Internet Server Client Attack vectors MAN DNS LAN Client Internet Back Bone Router Networking WWW overview MITM (Man In The Middle) 3 2 4 5 LAN

244 views • 23 slides
Why Is It Difficult to Detect Outbreaks in Twitter? Avar Stewart, Nattiya Kanhabua, Sara Romano

Why Is It Difficult to Detect Outbreaks in Twitter? Avar Stewart, Nattiya Kanhabua, Sara Romano

Why Is It Difficult to Detect Outbreaks in Twitter? Avar Stewart, Nattiya Kanhabua, Sara Romano Ernesto Diaz-Aviles, Wolf Siberski, and Wolfgang Nejdl L3S Research Center / Leibniz Universitt Hannover, Germany SIGIR 2013 Workshop on Health

753 views • 36 slides
ANTI-CONVULSIVE ACTIVITY OF NL197, A DERIVATIVE FROM 4(3 H )QUINAZOLINON ON CHEMICAL INDUCED

ANTI-CONVULSIVE ACTIVITY OF NL197, A DERIVATIVE FROM 4(3 H )QUINAZOLINON ON CHEMICAL INDUCED

[c015] ANTI-CONVULSIVE ACTIVITY OF NL197, A DERIVATIVE FROM 4(3 H )QUINAZOLINON ON CHEMICAL INDUCED SEIZURE MICE Lien Kieu Suong 1* , Trinh Thi Phuong Lan 1 , Vo Phung Nguyen 1 1 School of Pharmacy, HCMC University of Medicine and Pharmacy, 41 Dinh

270 views • 7 slides
cs160. cs160. valkyriesavage.com valkyriesavage.com personas, scenarios, &amp; storyboards

cs160. cs160. valkyriesavage.com valkyriesavage.com personas, scenarios, &amp; storyboards

cs160. cs160. valkyriesavage.com valkyriesavage.com personas, scenarios, &amp; storyboards June 29, 2015 Valkyrie Savage you made it through PRG01 and DES01! PRG01 and DES01 we are grading as quickly as possible THIS ONE TIME I will

944 views • 63 slides
LEADERSHIP PROGRAMME t h 1 9 C a mbridge, U K , 1 4 t h 1 9 t h t h S e p t ember 2 0 1 4

LEADERSHIP PROGRAMME t h 1 9 C a mbridge, U K , 1 4 t h 1 9 t h t h S e p t ember 2 0 1 4

ASEAN GLOBAL LEADERSHIP PROGRAMME t h 1 9 C a mbridge, U K , 1 4 t h 1 9 t h t h S e p t ember 2 0 1 4 Competing in the New Global Economy CONTENT F o r ewor d 2 I n fo r mat ion 4 P r og ramme A ge nda 6 F a c ulty &amp; S p

187 views • 16 slides
CPSC 531: System Modeling and Simulation Carey Williamson Department of Computer Science

CPSC 531: System Modeling and Simulation Carey Williamson Department of Computer Science

CPSC 531: System Modeling and Simulation Carey Williamson Department of Computer Science University of Calgary Fall 2017 Recap: Simulation Model Taxonomy 2 Recap: DES Model Development How to develop a simulation model: Determine the

1.23k views • 95 slides
Theory 1 Introduction SS 09 Prerequisite of Theory I Basic knowledge on data structures

Theory 1 Introduction SS 09 Prerequisite of Theory I Basic knowledge on data structures

Theory 1 Introduction SS 09 Prerequisite of Theory I Basic knowledge on data structures and algorithms, mathematics Programming language, such as C++ Sufficient knowledge on English for reading research papers Course Goal

1.04k views • 54 slides
s rrt

s rrt

s rrt t rt r

1.73k views • 140 slides
Day 14: Wrapper Scripts 2012 Spring Cartwright 1 Computer Sciences 368 Scripting for CHTC

Day 14: Wrapper Scripts 2012 Spring Cartwright 1 Computer Sciences 368 Scripting for CHTC

Computer Sciences 368 Scripting for CHTC Day 14: Wrapper Scripts 2012 Spring Cartwright 1 Computer Sciences 368 Scripting for CHTC Turn In Homework 2012 Spring Cartwright 2 Computer Sciences 368 Scripting for CHTC Homework Review 2012

566 views • 32 slides
a legal case study 57 AD Riot @ Temple 57 AD Riot @ Temple INITIAL INTERVIEW 57 AD Riot @

a legal case study 57 AD Riot @ Temple 57 AD Riot @ Temple INITIAL INTERVIEW 57 AD Riot @

Paul: a legal case study 57 AD Riot @ Temple 57 AD Riot @ Temple INITIAL INTERVIEW 57 AD Riot @ Temple INITIAL INTERVIEW BACKGROUND 57 AD Riot @ Temple INITIAL INTERVIEW If you want to know where ones If you want to know where ones

645 views • 62 slides

More recommend