modeling worm spread
play

Modeling Worm Spread Often well described as infectious epidemics - PowerPoint PPT Presentation

Sep 20, 2022 •229 likes •537 views

Modeling Worm Spread Often well described as infectious epidemics Simplest model: homogeneous random contacts Classic SI model dI IS N: population size = S(t): susceptible hosts at time t di dt N i ( 1 i )

  1. Modeling Worm Spread • Often well described as infectious epidemics – Simplest model: homogeneous random contacts • Classic SI model dI IS – N: population size = β – S(t): susceptible hosts at time t di dt N i ( 1 i ) – I(t): infected hosts at time t = β − dS IS dt – β : contact rate = − β dt N – i(t): I(t)/N, s(t): S(t)/N ( t T ) e β − i ( t ) = ( t T ) 1 e β − +

  2. The Usual Logistic Growth

  3. Slammer ’ s Growth (2003)

  5. 80% of Code Red 2 Code Red 2 re-re- Code Red 1 and Code Red 2 Code Red 2 re- cleaned up due to released Jan 2004 Nimda endemic dies off released with Oct. onset of Blaster (and 2005; not since … ?) again 2003 die-off

  6. Code Red 2 re-re- Feb 19 2013! released Jan 2004 (and 2005; not since … ?)

  12. 2009 - 2010

  13. 2015-2016

  20. Stuxnet : Slowly ramped up centrifuge speeds until they flew apart … … while feeding false readings to control system. Included 4 zero days for spreading

  21. Flame : General information stealer. Includes geolocation from local photos, taking screenshots, microphone access to capture local audio, recording Skype calls, download contacts from nearby BlueTooth devices. Exploited previously unknown MD5 hash collision vulnerability . Built-in autowipe “ kill switch ” .

  22. Gauss : Specifically targets banking transactions, mainly in Lebanon. Includes trapdoor looking for specific accounts, undeciphered to date.

  24. #!/usr/bin/perl while (<>) { chomp; if ( /^(get|post|options|head|...)(.*)/i ) { # Do not respond if it looks like an exploit last if length > 1000; my $date = gmtime; if ( $1 =~ /get|head/i ) print "HTTP/1.1 200 OK\r\n"; elsif ( $1 =~ /search/i ) print "HTTP/1.1 411 Length Required\r\n"; elsif ( $1 =~ /options/i ) { print "HTTP/1.1 200 OK\r\n"; print "DASL: \r\nDAV: 1, 2\r\n"; print "Public: OPTIONS, TRACE, GET, HEAD, DELETE, ...\r\n"; print "Allow: OPTIONS, TRACE, GET, HEAD, DELETE, ...\r\n"; } elsif ( $1 =~ /propfind/i ) print "HTTP/1.1 207 Multi-Status\r\n"; else print "HTTP/1.1 405 Method Not Allowed\r\n"; } print <<EOF; Server: Microsoft-IIS/5.0 Date: $date GMT Content-Length: 0 Content-Type: text/html Set-Cookie: ASPSESSIONIDACBAABCQ=BHAMAEHAOAIHMOMGJCPFLBGO; path=/ Cache-control: private EOF last; } }

  29. Polymorphic Propagation Decryptor Key Encrypted Glob of Bits ê Decryptor Once running, worm Encryptor uses an encryptor with Key Main Worm Code a new key to propagate } Jmp ê Decryptor Key ' Different Encrypted Glob of Bits

  30. Metamorphic Propagation When ready to propagate, Rewriter worm invokes a randomized Main Worm Code rewriter to construct new but semantically equivalent worm code (incl. rewriter) } ê Rewriter' (Main Worm Code)' } ê Rewriter'' (Main Worm Code)''

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Code-Red: a case study on the spread and victims of an Internet worm David Moore, Colleen

Code-Red: a case study on the spread and victims of an Internet worm David Moore, Colleen

Code-Red: a case study on the spread and victims of an Internet worm David Moore, Colleen Shannon, Jeff Brown November, 2002 IMW {dmoore, cshannon} @ caida.org www.caida.org Outline What is the Code-Red worm? Detection Host

495 views • 35 slides
Monitoring and Modeling the Spread of the Poisonous, Invasive

Monitoring and Modeling the Spread of the Poisonous, Invasive

Monitoring and Modeling the Spread of the Poisonous, Invasive Giant Hogweed in Latvia Using PPGIS and Satellite Image Analysis Mike Larrivee, Dr.

361 views • 3 slides
Representing and Modeling Space McGill COMP 765 Jan 9 th , 2019 * The topology of quantum worm-

Representing and Modeling Space McGill COMP 765 Jan 9 th , 2019 * The topology of quantum worm-

Representing and Modeling Space McGill COMP 765 Jan 9 th , 2019 * The topology of quantum worm- holes will be left for self-study. Goals today Brief beginning on models of a robots movements Brief beginning on models of robotic

839 views • 73 slides
The Stuxnet Worm Babak Yadegari and Paul Mueller CSc 566: Computer Security April 25, 2012

The Stuxnet Worm Babak Yadegari and Paul Mueller CSc 566: Computer Security April 25, 2012

The Stuxnet Worm Babak Yadegari and Paul Mueller CSc 566: Computer Security April 25, 2012 Presentation Outline Background &amp; Overview Stuxnets Purpose How Stuxnet Spread Possible Attack Scenarios Infection RPC Server Attack

540 views • 43 slides
Worm enabling exploits Cyber Security Lab Spring 10 Background reading Worm Anatomy and

Worm enabling exploits Cyber Security Lab Spring 10 Background reading Worm Anatomy and

Worm enabling exploits Cyber Security Lab Spring 10 Background reading Worm Anatomy and Model http://portal.acm.org/citation.cfm?id=948196 Smashing the Stack for Fun and Profit

525 views • 36 slides
Modeling COVID-19 spread and control: Data needs and challenges Alison L Hill, PhD Department

Modeling COVID-19 spread and control: Data needs and challenges Alison L Hill, PhD Department

Modeling COVID-19 spread and control: Data needs and challenges Alison L Hill, PhD Department of Organismic &amp; Evolutionary Biology Harvard University May 14, 2020 Disclaimers: 1) Like many, I am new to the field of coronavirus research.

367 views • 13 slides
Modeling the Spread of Actionable I nformation in Social Networks Cindy Hui Department of

Modeling the Spread of Actionable I nformation in Social Networks Cindy Hui Department of

Modeling the Spread of Actionable I nformation in Social Networks Cindy Hui Department of Industrial and Systems Engineering Rensselaer Polytechnic Institute April 8, 2011 Diffusion Model of Actionable Information Agent-based model

358 views • 20 slides
ring worm ring worm herpes ring worm herpes staphylococcal ring worm herpes impetigo

ring worm ring worm herpes ring worm herpes staphylococcal ring worm herpes impetigo

ring worm ring worm herpes ring worm herpes staphylococcal ring worm herpes impetigo staphylococcal ring worm herpes 3-4 weeks 2-3 weeks impetigo staphylococcal 1 week 1 week wrestlers are 16x more likely than other athletes to

613 views • 60 slides
Spread Spectrum Concept Frequency Hopping Spread Spectrum Direct Sequence Spread

Spread Spectrum Concept Frequency Hopping Spread Spectrum Direct Sequence Spread

CMPE 477 Wireless and Mobile Networks Lecture 6: Spread Spectrum Concept Frequency Hopping Spread Spectrum Direct Sequence Spread Spectrum CMPE 477 Spread Spectrum Problem of radio transmission: frequency dependent fading can

656 views • 17 slides
Easy Worm Composting at Home What is vermicomposting? Utilizing worms and microorganisms to

Easy Worm Composting at Home What is vermicomposting? Utilizing worms and microorganisms to

SSN presents: Easy Worm Composting at Home What is vermicomposting? Utilizing worms and microorganisms to convert organic waste into a nutrient rich humus like material known as vermicompost (worm castings) Why do it? Produce your own

736 views • 14 slides
REVIEW OF MICROSTRUCTURE AND PROPERTIES OF NON- FERROUS ALLOYS FOR WORM GEAR APPLICATION &amp;

REVIEW OF MICROSTRUCTURE AND PROPERTIES OF NON- FERROUS ALLOYS FOR WORM GEAR APPLICATION &amp;

REVIEW OF MICROSTRUCTURE AND PROPERTIES OF NON- FERROUS ALLOYS FOR WORM GEAR APPLICATION &amp; ADVANTAGES OF CENTRIFUGALLY CAST GEARS GIRI RAJENDRAN JASON HASSEN MCC INTERNATIONAL INC OVERVIEW OF NON-FERROUS (BRONZE) MATERIAL FOR WORM

628 views • 38 slides
Space McGill COMP 765 Sept 7 th , 2017 * The topology of quantum worm- holes will be left for

Space McGill COMP 765 Sept 7 th , 2017 * The topology of quantum worm- holes will be left for

Representing and Modeling Space McGill COMP 765 Sept 7 th , 2017 * The topology of quantum worm- holes will be left for self-study. Goals today Introduce models of a robots movements in space Introduce models to represent the space

900 views • 67 slides
MAT137 - Calculus with proofs Assignment #3 due on November 5 Assignment #4 due on November 26

MAT137 - Calculus with proofs Assignment #3 due on November 5 Assignment #4 due on November 26

MAT137 - Calculus with proofs Assignment #3 due on November 5 Assignment #4 due on November 26 TODAY: Functions and inverse functions Watch videos 4.3, 4.3 by Wednesday Worm up A worm is crawling across a table. The path of the worm looks

399 views • 6 slides
Some curves are flattening whilst others are steepening 60 90 40 10s 30s spread 2s 5s spread

Some curves are flattening whilst others are steepening 60 90 40 10s 30s spread 2s 5s spread

Some curves are flattening whilst others are steepening 60 90 40 10s 30s spread 2s 5s spread 2s 10s spread 80 35 50 70 30 40 60 25 50 30 20 40 15 20 30 10 20 10 5 10 0 0 0 -10 Source: M&amp;G, Bloomberg, 6 December

513 views • 4 slides
Dawn Song dawnsong@cs.berkeley.edu 1 Primer on Internet Worms (I) First Instance: Morris

Dawn Song dawnsong@cs.berkeley.edu 1 Primer on Internet Worms (I) First Instance: Morris

Automatic Worm Defense (I) Dawn Song dawnsong@cs.berkeley.edu 1 Primer on Internet Worms (I) First Instance: Morris worm (1988) Infected 6000 machines (10% of Internet) $10M for downtime &amp; cleanup Whats a worm?

512 views • 13 slides
Lay Them Down Chorus: Lay them down, Lay them down, Lay your branches down for Him Spread them

Lay Them Down Chorus: Lay them down, Lay them down, Lay your branches down for Him Spread them

Lay Them Down Chorus: Lay them down, Lay them down, Lay your branches down for Him Spread them out, Spread them out, Spread your garments out for Him 1. Who is this man? Where does he come from? He is Jesus Christ! The Son of God from

244 views • 3 slides
6 Perceptual issues Thanks to Colin Ware, John Stasko, Robert Spence, Ross Ihaka, Marti

6 Perceptual issues Thanks to Colin Ware, John Stasko, Robert Spence, Ross Ihaka, Marti

Elective in Software and Services (Complementi di software e servizi per la societ dell'informazione) Section Inf nfor ormat ation V on Visual sualizat ation on Numbers of credit : 3 Gius usep eppe pe S Sant antucci 6

997 views • 86 slides
I am thankful for my eyes. Image: Cris Watk What color is INSTRUCTIONS: the water? 1) Fill 4

I am thankful for my eyes. Image: Cris Watk What color is INSTRUCTIONS: the water? 1) Fill 4

I am thankful for my eyes. Image: Cris Watk What color is INSTRUCTIONS: the water? 1) Fill 4 clear, plastic cups with water. 2) Stir Jello into each cup. (Do 1 red, 1 blue, and 2 yellow.) 3) Ask children, What color is the water?

808 views • 49 slides
Remote Mine Identification from Man-Portable UUVs Chris Gilson 1 1 Product Development Manager,

Remote Mine Identification from Man-Portable UUVs Chris Gilson 1 1 Product Development Manager,

UDT 2020 Remote Mine Identification from Man-Portable UUVs 2G Robotics Remote Mine Identification from Man-Portable UUVs Chris Gilson 1 1 Product Development Manager, 2G Robotics, Waterloo Canada cgilson@2grobotics.com Abstract

529 views • 8 slides
3/31/2016 Home Interdisciplinary TeleRehabilitation Team (HITT) Join by Adobe Connect:

3/31/2016 Home Interdisciplinary TeleRehabilitation Team (HITT) Join by Adobe Connect:

3/31/2016 Home Interdisciplinary TeleRehabilitation Team (HITT) Join by Adobe Connect: https://pittrstce.adobeconnect.com/varhhameet/ Please listen to the presentation from your computer speakers. Home Interdisciplinary TeleRehabilitation Team

325 views • 9 slides
Oral Anticoagulation: 65 Years of Achievement Freek W.A. Verheugt Department of Cardiology, Onze

Oral Anticoagulation: 65 Years of Achievement Freek W.A. Verheugt Department of Cardiology, Onze

Oral Anticoagulation: 65 Years of Achievement Freek W.A. Verheugt Department of Cardiology, Onze Lieve Vrouwe Gasthuis (OLVG) Amsterdam, The Netherlands D ISCLOSURES FOR F REEK W. A. V ERHEUGT Research support/ Bayer HealthCare, Boehringer

503 views • 34 slides
Case Vignette in the Primary Care Setting: A 50-year-old man with a DSM5 and Beyond history of

Case Vignette in the Primary Care Setting: A 50-year-old man with a DSM5 and Beyond history of

8/6/2014 Assessment of Psychiatric Disorders Case Vignette in the Primary Care Setting: A 50-year-old man with a DSM5 and Beyond history of 3 MDEs, but excellent response to paroxetine, and stable for Descartes Li, M.D. the past year.

370 views • 16 slides
Jeff Dunn, MD UNM Center for Rural and Community Behavioral Health Criticisms/Controversies

Jeff Dunn, MD UNM Center for Rural and Community Behavioral Health Criticisms/Controversies

Working with DSM 5 Jeff Dunn, MD UNM Center for Rural and Community Behavioral Health Criticisms/Controversies Lack of transparency? (non-disclosure agreements) Low reliability (kappa) in field trials Ties to pharmaceutical industry?

533 views • 39 slides
DSM 5 for Kids Jeff Dunn, MD UNM Center for Rural and Community Behavioral Health

DSM 5 for Kids Jeff Dunn, MD UNM Center for Rural and Community Behavioral Health

DSM 5 for Kids Jeff Dunn, MD UNM Center for Rural and Community Behavioral Health Criticisms/Controversies Lack of transparency? (non-disclosure agreements) Low reliability (kappa) in field trials Ties to pharmaceutical industry? (70

497 views • 31 slides

More recommend