towards malware inspired management frameworks
play

Towards malware inspired management frameworks J er ome Fran - PowerPoint PPT Presentation

Aug 05, 2023 •160 likes •513 views

April, 8 2008 http://madynes.loria.fr/ Towards malware inspired management frameworks J er ome Fran cois, Radu State and Olivier Festor Introduction Malware for management Models Results Conclusion Outline 1 Introduction 2

  1. April, 8 2008 http://madynes.loria.fr/ Towards malware inspired management frameworks J´ erˆ ome Fran¸ cois, Radu State and Olivier Festor

  2. Introduction Malware for management Models Results Conclusion Outline 1 Introduction 2 Malware for management 3 Models 4 Results 5 Conclusion 2 / 29

  3. Introduction Malware for management Models Results Conclusion Outline 1 Introduction 2 Malware for management 3 Models 4 Results 5 Conclusion 3 / 29

  4. Introduction Malware for management Models Results Conclusion Motivation ◮ scalable management ◮ mass configuration ◮ distributed honeypots for tracking cyber-predators ◮ announce specific-keywords on P2P file sharing system 4 / 29

  5. Introduction Malware for management Models Results Conclusion Research challenges ◮ scalability: open participation to honeypot ◮ efficiency: keywords changes → fast keywords updates ◮ tracking prevention: controller and honeypots anonymity ◮ security: false keywords list updates ◮ reachability guarentees: knowing the impact of a request is needed provide additional operations 5 / 29

  6. Introduction Malware for management Models Results Conclusion Outline 1 Introduction 2 Malware for management 3 Models 4 Results 5 Conclusion 6 / 29

  7. Introduction Malware for management Models Results Conclusion Malware communication paradigms ◮ attackers faced the same problems ◮ control multiple machines through the Internet ◮ goals: distributed denial of service attacks, mass collecting of sensitive data ◮ construction of a botnet ◮ control mechanism to send orders to the bots and get the responses ◮ decentralized and scalable: example of 400 000 zombies in one botnet 7 / 29

  8. Introduction Malware for management Models Results Conclusion Botnet based network management ◮ use a botnet to perform management operations ◮ different types of botnet ◮ IRC model 1 ◮ P2P models : unstructered (Slapper) and structured (Chord) → study of performances of these types of botnets once they are deployed 1 J. Francois, R. State, and O. Festor, ’Botnet based scalable network management’, DSOM 2007 8 / 29

  9. Introduction Malware for management Models Results Conclusion Outline 1 Introduction 2 Malware for management 3 Models 4 Results 5 Conclusion 9 / 29

  10. Introduction Malware for management Models Results Conclusion Parameters ◮ N : total number of devices/peers ◮ m is the maximal branching factor = the maximal number message sent by a peer at the same time (message forwarding) 10 / 29

  11. Introduction Malware for management Models Results Conclusion Parameters ◮ a peer can crash if it has to maintain too many connections → α ( m ) is the probability for a peer to be able to forward the messages, decreasing function ◮ the risk to be compromised by an attacker and to be attacked (network communication monitoring): β 11 / 29

  12. Introduction Malware for management Models Results Conclusion Goal: determine the reachability = the number of peers reached at a certain distance 12 / 29

  13. Introduction Malware for management Models Results Conclusion Slapper model ◮ a sophisticated worm ◮ infected computers form a botnet ◮ full-meshed network ◮ controller tracking prevention: the message is transmitted through several peers ◮ broadcast segmentation ◮ the initiator (the controller) sends the messages to m random peers ◮ when a peer receives a message, it sends the messages to m random peers ◮ a maximal number of hops is fixed ◮ original m = 2 13 / 29

  14. Introduction Malware for management Models Results Conclusion Slapper model 14 / 29

  15. Introduction Malware for management Models Results Conclusion Slapper model 14 / 29

  16. Introduction Malware for management Models Results Conclusion Slapper model 14 / 29

  17. Introduction Malware for management Models Results Conclusion Slapper model ◮ the same message can be sent to the same peers two times ◮ no guarentee to reach all peers 14 / 29

  18. Introduction Malware for management Models Results Conclusion Chord model ◮ each peer has an id: 0 ≤ id < N MAX ◮ routing table of each node p : ◮ log ( N MAX ) entries ◮ ith entry: first id at a distance from p at least 2 i − 1 15 / 29

  19. Introduction Malware for management Models Results Conclusion Chord model ◮ broadcast 2 : ◮ forward the messages to each peers of the routing table ◮ each peer has an exploration limit = min(the next peers in the routing table of the message sender, sender exploration limit) 2 S. El-Ansary et-al, ’Efficient broadcast in structured p2p networks’ IPTPS 03 16 / 29

  20. Introduction Malware for management Models Results Conclusion Chord model ◮ broadcast 2 : ◮ forward the messages to each peers of the routing table ◮ each peer has an exploration limit = min(the next peers in the routing table of the message sender, sender exploration limit) 2 S. El-Ansary et-al, ’Efficient broadcast in structured p2p networks’ IPTPS 03 16 / 29

  21. Introduction Malware for management Models Results Conclusion Chord model ◮ broadcast 2 : ◮ forward the messages to each peers of the routing table ◮ each peer has an exploration limit = min(the next peers in the routing table of the message sender, sender exploration limit) 2 S. El-Ansary et-al, ’Efficient broadcast in structured p2p networks’ IPTPS 03 16 / 29

  22. Introduction Malware for management Models Results Conclusion Outline 1 Introduction 2 Malware for management 3 Models 4 Results 5 Conclusion 17 / 29

  23. Introduction Malware for management Models Results Conclusion Slapper ◮ N = 2000 peers ◮ i varies from 1 to 14 hops ◮ maximal value = reach all peers except discovered peers ◮ → limited by β (probability for each node to be compromised) ◮ higher branching factor → higher reachability 18 / 29

  24. Introduction Malware for management Models Results Conclusion Slapper ◮ N = 5000 peers ◮ i varies from 1 to 14 hops ◮ compromised probability β has a higher impact when the number of peers increases ◮ N increases → curves increase less at the begin and more at the end ◮ same number of hops to reach the maximal value 19 / 29

  25. Introduction Malware for management Models Results Conclusion Slapper ◮ N varies from 100 to ◮ number of hops = 8 5000 ◮ curves converge to a fixed limit depending on β and N ◮ very bad performances for m = 2 (not suitable) ◮ high distance → no impact of the branching factor 20 / 29

  26. Introduction Malware for management Models Results Conclusion Chord ◮ number of hops varies ◮ N = 5000 peers from 1 to 13 ◮ very close curve → limited impact of the average distance between two node ◮ Slapper is about equivalent until a certain distance ◮ Chord → all the peers can be reached ◮ Chord has a better reachability 21 / 29

  27. Introduction Malware for management Models Results Conclusion Impact of attacks ◮ rat ( n ) = # discovered peers Slapper # discovered peers Chord ◮ independant from the distance d ◮ important benefit of Chord ◮ ratio decreases at the end ◮ ratio is still 20 for 2 512 peers 22 / 29

  28. Introduction Malware for management Models Results Conclusion Chord ◮ number of hops = 6 ◮ N varies from 1 to 2 16 ◮ Slapper: limitation by beta (best case) ◮ 6 hops = number of hops to have a reachability equivalent to Slapper ◮ increasing distance → better results for Chord ◮ Slapper is better between 2 10 and 2 12 peers ◮ Chord can be better from 2 12 peers 23 / 29

  29. Introduction Malware for management Models Results Conclusion Outline 1 Introduction 2 Malware for management 3 Models 4 Results 5 Conclusion 24 / 29

  30. Introduction Malware for management Models Results Conclusion What to choose ? IRC Slapper Chord The lowest num- Efficiency The lowest delays ber of hops very constrained very constrained high resiliency, (unavaibility, at- by attacks, few few connections, Resiliency tacks) connections partial view #devices < 2 12 #devices ≥ 2 12 Scalability The manager Tracking the manager is very dif- Security can be tracked ficult (the intermediary nodes) Large networks Huge and public Large and closed of checked part- networks (honey- networks + cen- ners (research pot where every- Interest tral authority distributed one can partici- honeypot) pate) 25 / 29 Table: Comparison of the different frameworks

  31. Introduction Malware for management Models Results Conclusion Questions ? 26 / 29

  32. Introduction Malware for management Models Results Conclusion Slapper model ◮ assumptions: ◮ reach i − 1 total number of reached peers at a maximal distance i − 1 ◮ p ( t , c , j ): probability to contact j not yet reached peers from already contacted c peers and with c messages to sent ◮ maximal number of messages sent at the ith hop : ◮ 1st hop: m , 2nd hop: m × m → m i ◮ limited by avability factor: msg = ( m × α ( m )) i ◮ maximum number of new reached peers at the ith hop: max = min (( m × α ( m )) i , N − reach i − 1 ) ◮ average number of reached peers at an exact distance of i = � max k =0 p ( reach i − 1 , msg , k ) × k 27 / 29

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

SATTVA: SpArsiTy inspired classificaTion of malware VAriants Lakshmanan Nataraj, S. Karthikeyan,

SATTVA: SpArsiTy inspired classificaTion of malware VAriants Lakshmanan Nataraj, S. Karthikeyan,

SATTVA: SpArsiTy inspired classificaTion of malware VAriants Lakshmanan Nataraj, S. Karthikeyan, B.S. Manjunath Vision Research Lab University of California, Santa Barbara Sattva ( ) means Purity 1 Introduction

713 views • 43 slides
Environmental Management Frameworks The purpose of an EMF (2) This does not affect the powers of

Environmental Management Frameworks The purpose of an EMF (2) This does not affect the powers of

Environmental Management Frameworks The purpose of an EMF (2) This does not affect the powers of the Minister or MEC ENVIRONMENTAL MANAGEMENT to compile information and maps that specify the FRAMEWORKS attributes of the environment in specific

370 views • 6 slides
Malware What is malware? Malware: malicious software worm ransomware adware

Malware What is malware? Malware: malicious software worm ransomware adware

Malware What is malware? Malware: malicious software worm ransomware adware virus trojan horse etc. and how do we fight it? AV software Firewalls Filtering Patching Writing more secure software

568 views • 22 slides
Malware What is malware? Malware: malicious software worm ransomware adware

Malware What is malware? Malware: malicious software worm ransomware adware

Malware What is malware? Malware: malicious software worm ransomware adware virus trojan horse etc. and how do we fight it? AV software Firewalls Filtering Patching Writing more secure software

540 views • 42 slides
Android Malware Analysis on Attacks and Defense Android malware Android malware With the

Android Malware Analysis on Attacks and Defense Android malware Android malware With the

Android Malware Analysis on Attacks and Defense Android malware Android malware With the explosive growth of mobile device market and usage, there is an increasing number of malicious mobile applications targeting these devices and

819 views • 44 slides
Entrapment: Tricking Malware with Transparent, Scalable Malware Analysis Paul Royal

Entrapment: Tricking Malware with Transparent, Scalable Malware Analysis Paul Royal

Entrapment: Tricking Malware with Transparent, Scalable Malware Analysis Paul Royal paul@gtisc.gatech.edu Agenda Modern Malware Obfuscations, Server-side Polymorphism, Collection Volume Malware Analysis Detection

504 views • 27 slides
Getting started with malware analysis Judith van Stegeren Definitions Malware : any software that

Getting started with malware analysis Judith van Stegeren Definitions Malware : any software that

Getting started with malware analysis Judith van Stegeren Definitions Malware : any software that does something that causes harm to a user, computer or network, including viruses, trojan horses, worms, rootkits, scareware and spyware. Malware

119 views • 9 slides
GOODWARE DRUGS FOR MALWARE: ON-THE-FLY MALWARE ANALYSIS AND CONTAINMENT DAMIANO BOLZONI

GOODWARE DRUGS FOR MALWARE: ON-THE-FLY MALWARE ANALYSIS AND CONTAINMENT DAMIANO BOLZONI

GOODWARE DRUGS FOR MALWARE: ON-THE-FLY MALWARE ANALYSIS AND CONTAINMENT DAMIANO BOLZONI CHRISTIAAN SCHADE TWENTE SECURITY LAB UNIVERSITY OF TWENTE THE NETHERLANDS AGENDA Something about malware Malware internals Current analysis

398 views • 27 slides
A CUCKOOS EGG IN THE MALWARE NEST ON-THE-FLY SIGNATURE-LESS MALWARE ANALYSIS, DETECTION AND

A CUCKOOS EGG IN THE MALWARE NEST ON-THE-FLY SIGNATURE-LESS MALWARE ANALYSIS, DETECTION AND

A CUCKOOS EGG IN THE MALWARE NEST ON-THE-FLY SIGNATURE-LESS MALWARE ANALYSIS, DETECTION AND CONTAINMENT FOR LARGE NETWORKS CHRISTIAAN SCHADE TWENTE SECURITY LAB UNIVERSITY OF TWENTE THE NETHERLANDS MALWARE WARS In the last

313 views • 14 slides
Malware Halting 1. Malware 2. Software diversity Part I: Method Development 3. Computer

Malware Halting 1. Malware 2. Software diversity Part I: Method Development 3. Computer

Overview Malware Halting 1. Malware 2. Software diversity Part I: Method Development 3. Computer immunization Kjell Jrgen Hole Simula@UiB 4. Epidemiological model 5. Malware halting analysis 6. Malware halting method Last updated

672 views • 29 slides
How does Malware Use RDTSC? A Study on Operations Executed by Malware with CPU Cycle Measurement

How does Malware Use RDTSC? A Study on Operations Executed by Malware with CPU Cycle Measurement

How does Malware Use RDTSC? A Study on Operations Executed by Malware with CPU Cycle Measurement Yoshihiro Oyama University of Tsukuba 1 Background Many malware programs execute operations for analysis evasion Detection of

346 views • 31 slides
Web Frameworks Web Frameworks Banned for homework assignments Now that you're starting

Web Frameworks Web Frameworks Banned for homework assignments Now that you're starting

Web Frameworks Web Frameworks Banned for homework assignments Now that you're starting your project where you can use these Let's talk about it Web Frameworks There are many common tasks that every web developer must accomplish on

632 views • 22 slides
Anti-anti-malware (part 3) / Stack Smashing 1 last time various kinds of armored malware

Anti-anti-malware (part 3) / Stack Smashing 1 last time various kinds of armored malware

Anti-anti-malware (part 3) / Stack Smashing 1 last time various kinds of armored malware malware that evades analysis 2 logistics: LEX homework detect push ret pattern using fmex probably easier than TRICKY 3 upcoming exam next Wednesday

496 views • 48 slides
Android Malware Adventures Mert Can Cokuner Krat Ouzhan Aknc Android Malware

Android Malware Adventures Mert Can Cokuner Krat Ouzhan Aknc Android Malware

DeepSec IDSC Android Malware Adventures Mert Can Cokuner Krat Ouzhan Aknc Android Malware Adventures Agenda INTRODUCTION ANDROID MALWARE COMMAND &amp; CONTROL QUESTIONS &amp; ANSWERS 2 1 2 3 4 Android Malware

1.01k views • 64 slides
Malware Defense I TDDD17 Information Security, Second Course Ulf Kargn Department of

Malware Defense I TDDD17 Information Security, Second Course Ulf Kargn Department of

Malware Defense I TDDD17 Information Security, Second Course Ulf Kargn Department of Computer and Information Science Linkping University Malware Defense Agenda 2 Two lectures Lecture I : Malware basics, malware on the PC,

621 views • 40 slides
Z A INSPIRED BY VARIOUS LANGUAGES &amp; CULTURES VISUALS FOR EACH TERM INSPIRED BY ANOTHER

Z A INSPIRED BY VARIOUS LANGUAGES &amp; CULTURES VISUALS FOR EACH TERM INSPIRED BY ANOTHER

Z A INSPIRED BY VARIOUS LANGUAGES &amp; CULTURES VISUALS FOR EACH TERM INSPIRED BY ANOTHER LANGUAGE OR CULTURE ORGANISED SEQUENCE, NOT RANDOM ZASLONKA APERTURE diameterof200mmcircle dividedbythef/number DECIDED ON AN

440 views • 16 slides
NCSC One: IoT Honeypot Pieter Jansen &amp; Jurriaan Bremer On the agenda: 1. Introduction 2.

NCSC One: IoT Honeypot Pieter Jansen &amp; Jurriaan Bremer On the agenda: 1. Introduction 2.

NCSC One: IoT Honeypot Pieter Jansen &amp; Jurriaan Bremer On the agenda: 1. Introduction 2. SBIR 3. Cuckoo Sandbox 4. Project 5. Architecture 6. Offline demo 7. Roadmap Introduction Pieter Jansen - CEO @ Cybersprint -

859 views • 42 slides
Industrial Control Systems Honeypot May1601 Aashwatth Agarwal Dan Borgerding Jon Hope Nik

Industrial Control Systems Honeypot May1601 Aashwatth Agarwal Dan Borgerding Jon Hope Nik

Industrial Control Systems Honeypot May1601 Aashwatth Agarwal Dan Borgerding Jon Hope Nik Kinkel Jon Osborne Korbin Stich http://may1601.sd.ece.iastate.edu Client : Alliant Energy Advisor : Dr. Doug Jacobson April 28, 2016 May1601 ICS

384 views • 15 slides
Virtual machine introspection in a hybrid honeypot architecture Tamas K Lengyel &amp; Justin

Virtual machine introspection in a hybrid honeypot architecture Tamas K Lengyel &amp; Justin

Virtual machine introspection in a hybrid honeypot architecture Tamas K Lengyel &amp; Justin Neumann University of Connecticut The role of the honeypot The limitations Low-interaction honeypots: &quot;Artificial&quot; attack surface

846 views • 13 slides
Measuring the Performance and Effectiveness of Critical security controls William Makatiani

Measuring the Performance and Effectiveness of Critical security controls William Makatiani

Measuring the Performance and Effectiveness of Critical security controls William Makatiani Name Here About Serianu Limited Serianu is a Pan Africa based Cyber Security and business consulting firm. We are an award winning company in the

759 views • 46 slides
@lady_nerd laura@safestack.io https://safestack.io In this talk Fear and loathing Examining

@lady_nerd laura@safestack.io https://safestack.io In this talk Fear and loathing Examining

@lady_nerd laura@safestack.io https://safestack.io In this talk Fear and loathing Examining the root of fear and its effects Fear-based architecture and antipatterns Fear leads to anger, anger leads to hatred. Fearless security

765 views • 40 slides
UKinbound and working with the Travel Trade Andrew Macnair Business Development Manager,

UKinbound and working with the Travel Trade Andrew Macnair Business Development Manager,

UKinbound and working with the Travel Trade Andrew Macnair Business Development Manager, Scotland What we will cover today Who UKinbound is and what we do What do we mean by Travel Trade and why is it important ? Scotland from the

381 views • 19 slides
Timeless Testing Skills for Modern Testers Presented by: Gerie

Timeless Testing Skills for Modern Testers Presented by: Gerie

W8 Personal Development 2019-05-01 13:30 Timeless Testing Skills for Modern Testers Presented by: Gerie Owen , Technology Strategy Research Peter Varhol, Exoprise

712 views • 24 slides
Northern Farming Conference 13 th November 2013 Rob Sanderson: Head of Central Store Development

Northern Farming Conference 13 th November 2013 Rob Sanderson: Head of Central Store Development

Northern Farming Conference 13 th November 2013 Rob Sanderson: Head of Central Store Development About Us Openfield markets 4.5m tonnes of grain per annum. This is 20% of UK grain market. This activity generates over 70% of our income.

589 views • 22 slides

More recommend