towards malware inspired management frameworks
play

Towards malware inspired management frameworks J er ome Fran - PowerPoint PPT Presentation

Aug 05, 2023 •160 likes •513 views

April, 8 2008 http://madynes.loria.fr/ Towards malware inspired management frameworks J er ome Fran cois, Radu State and Olivier Festor Introduction Malware for management Models Results Conclusion Outline 1 Introduction 2

  1. April, 8 2008 http://madynes.loria.fr/ Towards malware inspired management frameworks J´ erˆ ome Fran¸ cois, Radu State and Olivier Festor

  2. Introduction Malware for management Models Results Conclusion Outline 1 Introduction 2 Malware for management 3 Models 4 Results 5 Conclusion 2 / 29

  3. Introduction Malware for management Models Results Conclusion Outline 1 Introduction 2 Malware for management 3 Models 4 Results 5 Conclusion 3 / 29

  4. Introduction Malware for management Models Results Conclusion Motivation ◮ scalable management ◮ mass configuration ◮ distributed honeypots for tracking cyber-predators ◮ announce specific-keywords on P2P file sharing system 4 / 29

  5. Introduction Malware for management Models Results Conclusion Research challenges ◮ scalability: open participation to honeypot ◮ efficiency: keywords changes → fast keywords updates ◮ tracking prevention: controller and honeypots anonymity ◮ security: false keywords list updates ◮ reachability guarentees: knowing the impact of a request is needed provide additional operations 5 / 29

  6. Introduction Malware for management Models Results Conclusion Outline 1 Introduction 2 Malware for management 3 Models 4 Results 5 Conclusion 6 / 29

  7. Introduction Malware for management Models Results Conclusion Malware communication paradigms ◮ attackers faced the same problems ◮ control multiple machines through the Internet ◮ goals: distributed denial of service attacks, mass collecting of sensitive data ◮ construction of a botnet ◮ control mechanism to send orders to the bots and get the responses ◮ decentralized and scalable: example of 400 000 zombies in one botnet 7 / 29

  8. Introduction Malware for management Models Results Conclusion Botnet based network management ◮ use a botnet to perform management operations ◮ different types of botnet ◮ IRC model 1 ◮ P2P models : unstructered (Slapper) and structured (Chord) → study of performances of these types of botnets once they are deployed 1 J. Francois, R. State, and O. Festor, ’Botnet based scalable network management’, DSOM 2007 8 / 29

  9. Introduction Malware for management Models Results Conclusion Outline 1 Introduction 2 Malware for management 3 Models 4 Results 5 Conclusion 9 / 29

  10. Introduction Malware for management Models Results Conclusion Parameters ◮ N : total number of devices/peers ◮ m is the maximal branching factor = the maximal number message sent by a peer at the same time (message forwarding) 10 / 29

  11. Introduction Malware for management Models Results Conclusion Parameters ◮ a peer can crash if it has to maintain too many connections → α ( m ) is the probability for a peer to be able to forward the messages, decreasing function ◮ the risk to be compromised by an attacker and to be attacked (network communication monitoring): β 11 / 29

  12. Introduction Malware for management Models Results Conclusion Goal: determine the reachability = the number of peers reached at a certain distance 12 / 29

  13. Introduction Malware for management Models Results Conclusion Slapper model ◮ a sophisticated worm ◮ infected computers form a botnet ◮ full-meshed network ◮ controller tracking prevention: the message is transmitted through several peers ◮ broadcast segmentation ◮ the initiator (the controller) sends the messages to m random peers ◮ when a peer receives a message, it sends the messages to m random peers ◮ a maximal number of hops is fixed ◮ original m = 2 13 / 29

  14. Introduction Malware for management Models Results Conclusion Slapper model 14 / 29

  15. Introduction Malware for management Models Results Conclusion Slapper model 14 / 29

  16. Introduction Malware for management Models Results Conclusion Slapper model 14 / 29

  17. Introduction Malware for management Models Results Conclusion Slapper model ◮ the same message can be sent to the same peers two times ◮ no guarentee to reach all peers 14 / 29

  18. Introduction Malware for management Models Results Conclusion Chord model ◮ each peer has an id: 0 ≤ id < N MAX ◮ routing table of each node p : ◮ log ( N MAX ) entries ◮ ith entry: first id at a distance from p at least 2 i − 1 15 / 29

  19. Introduction Malware for management Models Results Conclusion Chord model ◮ broadcast 2 : ◮ forward the messages to each peers of the routing table ◮ each peer has an exploration limit = min(the next peers in the routing table of the message sender, sender exploration limit) 2 S. El-Ansary et-al, ’Efficient broadcast in structured p2p networks’ IPTPS 03 16 / 29

  20. Introduction Malware for management Models Results Conclusion Chord model ◮ broadcast 2 : ◮ forward the messages to each peers of the routing table ◮ each peer has an exploration limit = min(the next peers in the routing table of the message sender, sender exploration limit) 2 S. El-Ansary et-al, ’Efficient broadcast in structured p2p networks’ IPTPS 03 16 / 29

  21. Introduction Malware for management Models Results Conclusion Chord model ◮ broadcast 2 : ◮ forward the messages to each peers of the routing table ◮ each peer has an exploration limit = min(the next peers in the routing table of the message sender, sender exploration limit) 2 S. El-Ansary et-al, ’Efficient broadcast in structured p2p networks’ IPTPS 03 16 / 29

  22. Introduction Malware for management Models Results Conclusion Outline 1 Introduction 2 Malware for management 3 Models 4 Results 5 Conclusion 17 / 29

  23. Introduction Malware for management Models Results Conclusion Slapper ◮ N = 2000 peers ◮ i varies from 1 to 14 hops ◮ maximal value = reach all peers except discovered peers ◮ → limited by β (probability for each node to be compromised) ◮ higher branching factor → higher reachability 18 / 29

  24. Introduction Malware for management Models Results Conclusion Slapper ◮ N = 5000 peers ◮ i varies from 1 to 14 hops ◮ compromised probability β has a higher impact when the number of peers increases ◮ N increases → curves increase less at the begin and more at the end ◮ same number of hops to reach the maximal value 19 / 29

  25. Introduction Malware for management Models Results Conclusion Slapper ◮ N varies from 100 to ◮ number of hops = 8 5000 ◮ curves converge to a fixed limit depending on β and N ◮ very bad performances for m = 2 (not suitable) ◮ high distance → no impact of the branching factor 20 / 29

  26. Introduction Malware for management Models Results Conclusion Chord ◮ number of hops varies ◮ N = 5000 peers from 1 to 13 ◮ very close curve → limited impact of the average distance between two node ◮ Slapper is about equivalent until a certain distance ◮ Chord → all the peers can be reached ◮ Chord has a better reachability 21 / 29

  27. Introduction Malware for management Models Results Conclusion Impact of attacks ◮ rat ( n ) = # discovered peers Slapper # discovered peers Chord ◮ independant from the distance d ◮ important benefit of Chord ◮ ratio decreases at the end ◮ ratio is still 20 for 2 512 peers 22 / 29

  28. Introduction Malware for management Models Results Conclusion Chord ◮ number of hops = 6 ◮ N varies from 1 to 2 16 ◮ Slapper: limitation by beta (best case) ◮ 6 hops = number of hops to have a reachability equivalent to Slapper ◮ increasing distance → better results for Chord ◮ Slapper is better between 2 10 and 2 12 peers ◮ Chord can be better from 2 12 peers 23 / 29

  29. Introduction Malware for management Models Results Conclusion Outline 1 Introduction 2 Malware for management 3 Models 4 Results 5 Conclusion 24 / 29

  30. Introduction Malware for management Models Results Conclusion What to choose ? IRC Slapper Chord The lowest num- Efficiency The lowest delays ber of hops very constrained very constrained high resiliency, (unavaibility, at- by attacks, few few connections, Resiliency tacks) connections partial view #devices < 2 12 #devices ≥ 2 12 Scalability The manager Tracking the manager is very dif- Security can be tracked ficult (the intermediary nodes) Large networks Huge and public Large and closed of checked part- networks (honey- networks + cen- ners (research pot where every- Interest tral authority distributed one can partici- honeypot) pate) 25 / 29 Table: Comparison of the different frameworks

  31. Introduction Malware for management Models Results Conclusion Questions ? 26 / 29

  32. Introduction Malware for management Models Results Conclusion Slapper model ◮ assumptions: ◮ reach i − 1 total number of reached peers at a maximal distance i − 1 ◮ p ( t , c , j ): probability to contact j not yet reached peers from already contacted c peers and with c messages to sent ◮ maximal number of messages sent at the ith hop : ◮ 1st hop: m , 2nd hop: m × m → m i ◮ limited by avability factor: msg = ( m × α ( m )) i ◮ maximum number of new reached peers at the ith hop: max = min (( m × α ( m )) i , N − reach i − 1 ) ◮ average number of reached peers at an exact distance of i = � max k =0 p ( reach i − 1 , msg , k ) × k 27 / 29

Recommend

SATTVA: SpArsiTy inspired classificaTion of malware VAriants Lakshmanan Nataraj, S. Karthikeyan,

SATTVA: SpArsiTy inspired classificaTion of malware VAriants Lakshmanan Nataraj, S. Karthikeyan,

SATTVA: SpArsiTy inspired classificaTion of malware VAriants Lakshmanan Nataraj, S. Karthikeyan, B.S. Manjunath Vision Research Lab University of California, Santa Barbara Sattva ( ) means Purity 1 Introduction

713 views • 43 slides
Environmental Management Frameworks The purpose of an EMF (2) This does not affect the powers of

Environmental Management Frameworks The purpose of an EMF (2) This does not affect the powers of

Environmental Management Frameworks The purpose of an EMF (2) This does not affect the powers of the Minister or MEC ENVIRONMENTAL MANAGEMENT to compile information and maps that specify the FRAMEWORKS attributes of the environment in specific

370 views • 6 slides
Malware What is malware? Malware: malicious software worm ransomware adware

Malware What is malware? Malware: malicious software worm ransomware adware

Malware What is malware? Malware: malicious software worm ransomware adware virus trojan horse etc. and how do we fight it? AV software Firewalls Filtering Patching Writing more secure software

570 views • 22 slides
Malware What is malware? Malware: malicious software worm ransomware adware

Malware What is malware? Malware: malicious software worm ransomware adware

Malware What is malware? Malware: malicious software worm ransomware adware virus trojan horse etc. and how do we fight it? AV software Firewalls Filtering Patching Writing more secure software

540 views • 42 slides
Android Malware Analysis on Attacks and Defense Android malware Android malware With the

Android Malware Analysis on Attacks and Defense Android malware Android malware With the

Android Malware Analysis on Attacks and Defense Android malware Android malware With the explosive growth of mobile device market and usage, there is an increasing number of malicious mobile applications targeting these devices and

819 views • 44 slides
Entrapment: Tricking Malware with Transparent, Scalable Malware Analysis Paul Royal

Entrapment: Tricking Malware with Transparent, Scalable Malware Analysis Paul Royal

Entrapment: Tricking Malware with Transparent, Scalable Malware Analysis Paul Royal paul@gtisc.gatech.edu Agenda Modern Malware Obfuscations, Server-side Polymorphism, Collection Volume Malware Analysis Detection

504 views • 27 slides
Getting started with malware analysis Judith van Stegeren Definitions Malware : any software that

Getting started with malware analysis Judith van Stegeren Definitions Malware : any software that

Getting started with malware analysis Judith van Stegeren Definitions Malware : any software that does something that causes harm to a user, computer or network, including viruses, trojan horses, worms, rootkits, scareware and spyware. Malware

119 views • 9 slides
GOODWARE DRUGS FOR MALWARE: ON-THE-FLY MALWARE ANALYSIS AND CONTAINMENT DAMIANO BOLZONI

GOODWARE DRUGS FOR MALWARE: ON-THE-FLY MALWARE ANALYSIS AND CONTAINMENT DAMIANO BOLZONI

GOODWARE DRUGS FOR MALWARE: ON-THE-FLY MALWARE ANALYSIS AND CONTAINMENT DAMIANO BOLZONI CHRISTIAAN SCHADE TWENTE SECURITY LAB UNIVERSITY OF TWENTE THE NETHERLANDS AGENDA Something about malware Malware internals Current analysis

398 views • 27 slides
A CUCKOOS EGG IN THE MALWARE NEST ON-THE-FLY SIGNATURE-LESS MALWARE ANALYSIS, DETECTION AND

A CUCKOOS EGG IN THE MALWARE NEST ON-THE-FLY SIGNATURE-LESS MALWARE ANALYSIS, DETECTION AND

A CUCKOOS EGG IN THE MALWARE NEST ON-THE-FLY SIGNATURE-LESS MALWARE ANALYSIS, DETECTION AND CONTAINMENT FOR LARGE NETWORKS CHRISTIAAN SCHADE TWENTE SECURITY LAB UNIVERSITY OF TWENTE THE NETHERLANDS MALWARE WARS In the last

313 views • 14 slides
Malware Halting 1. Malware 2. Software diversity Part I: Method Development 3. Computer

Malware Halting 1. Malware 2. Software diversity Part I: Method Development 3. Computer

Overview Malware Halting 1. Malware 2. Software diversity Part I: Method Development 3. Computer immunization Kjell Jrgen Hole Simula@UiB 4. Epidemiological model 5. Malware halting analysis 6. Malware halting method Last updated

672 views • 29 slides
How does Malware Use RDTSC? A Study on Operations Executed by Malware with CPU Cycle Measurement

How does Malware Use RDTSC? A Study on Operations Executed by Malware with CPU Cycle Measurement

How does Malware Use RDTSC? A Study on Operations Executed by Malware with CPU Cycle Measurement Yoshihiro Oyama University of Tsukuba 1 Background Many malware programs execute operations for analysis evasion Detection of

346 views • 31 slides
Web Frameworks Web Frameworks Banned for homework assignments Now that you're starting

Web Frameworks Web Frameworks Banned for homework assignments Now that you're starting

Web Frameworks Web Frameworks Banned for homework assignments Now that you're starting your project where you can use these Let's talk about it Web Frameworks There are many common tasks that every web developer must accomplish on

632 views • 22 slides
Anti-anti-malware (part 3) / Stack Smashing 1 last time various kinds of armored malware

Anti-anti-malware (part 3) / Stack Smashing 1 last time various kinds of armored malware

Anti-anti-malware (part 3) / Stack Smashing 1 last time various kinds of armored malware malware that evades analysis 2 logistics: LEX homework detect push ret pattern using fmex probably easier than TRICKY 3 upcoming exam next Wednesday

496 views • 48 slides
Android Malware Adventures Mert Can Cokuner Krat Ouzhan Aknc Android Malware

Android Malware Adventures Mert Can Cokuner Krat Ouzhan Aknc Android Malware

DeepSec IDSC Android Malware Adventures Mert Can Cokuner Krat Ouzhan Aknc Android Malware Adventures Agenda INTRODUCTION ANDROID MALWARE COMMAND &amp; CONTROL QUESTIONS &amp; ANSWERS 2 1 2 3 4 Android Malware

1.01k views • 64 slides
Malware Defense I TDDD17 Information Security, Second Course Ulf Kargn Department of

Malware Defense I TDDD17 Information Security, Second Course Ulf Kargn Department of

Malware Defense I TDDD17 Information Security, Second Course Ulf Kargn Department of Computer and Information Science Linkping University Malware Defense Agenda 2 Two lectures Lecture I : Malware basics, malware on the PC,

621 views • 40 slides
Z A INSPIRED BY VARIOUS LANGUAGES &amp; CULTURES VISUALS FOR EACH TERM INSPIRED BY ANOTHER

Z A INSPIRED BY VARIOUS LANGUAGES &amp; CULTURES VISUALS FOR EACH TERM INSPIRED BY ANOTHER

Z A INSPIRED BY VARIOUS LANGUAGES &amp; CULTURES VISUALS FOR EACH TERM INSPIRED BY ANOTHER LANGUAGE OR CULTURE ORGANISED SEQUENCE, NOT RANDOM ZASLONKA APERTURE diameterof200mmcircle dividedbythef/number DECIDED ON AN

440 views • 16 slides
FIGHTING MALWARE WITH MACHINE LEARNING Edward Raff Jared Sylvester Mark McLean Need ML for

FIGHTING MALWARE WITH MACHINE LEARNING Edward Raff Jared Sylvester Mark McLean Need ML for

FIGHTING MALWARE WITH MACHINE LEARNING Edward Raff Jared Sylvester Mark McLean Need ML for Malware Amount of malware is growing exponentially Anti-virus and signature based approaches are reactionary, dont work for novel malware

127 views • 11 slides
CO 445H MALWARE AND VIRUSES Dr. Benjamin Livshits Malware: Different Types 2 Spyware is

CO 445H MALWARE AND VIRUSES Dr. Benjamin Livshits Malware: Different Types 2 Spyware is

CO 445H MALWARE AND VIRUSES Dr. Benjamin Livshits Malware: Different Types 2 Spyware is software that aids in gathering A virus is a computer program that is information about a person or organization capable of making copies of itself

716 views • 56 slides
CS7038 - Malware Analysis - Wk03.1 Malware Taxonomy and Terminology Coleman Kane

CS7038 - Malware Analysis - Wk03.1 Malware Taxonomy and Terminology Coleman Kane

CS7038 - Malware Analysis - Wk03.1 Malware Taxonomy and Terminology Coleman Kane kaneca@mail.uc.edu January 24, 2017 Why Classification is Important Malware classification helps us in multiple ways. Here are a couple key ways:

787 views • 16 slides
On Static Malware Detection Tayssir Touili LIPN, CNRS &amp; Univ. Paris 13 Motivation: Malware

On Static Malware Detection Tayssir Touili LIPN, CNRS &amp; Univ. Paris 13 Motivation: Malware

On Static Malware Detection Tayssir Touili LIPN, CNRS &amp; Univ. Paris 13 Motivation: Malware Detection The number of new malware exceeds 75 million by the end of 2011, and is still increasing. The number of malware that produced

1.34k views • 91 slides
Introduction to Security Malware Ming Chow (mchow@cs.tufts.edu) Twitter: @0xmchow Learning

Introduction to Security Malware Ming Chow (mchow@cs.tufts.edu) Twitter: @0xmchow Learning

Introduction to Security Malware Ming Chow (mchow@cs.tufts.edu) Twitter: @0xmchow Learning Objectives By the end of this week, you will be able to: Describe types of malware See certain malware behaviors Scan and analyze malware

883 views • 25 slides
Knowledge Management KNOWLEDGE INSPIRED INNOVATION An investment in knowledge always pays the

Knowledge Management KNOWLEDGE INSPIRED INNOVATION An investment in knowledge always pays the

KAIETEUR INSTITUTE FOR KNOWLEDGE MANAGEMENT Kaieteur Institute for Knowledge Management KNOWLEDGE INSPIRED INNOVATION An investment in knowledge always pays the best interest. Benjamin Franklin US author, diplomat, inventor, physicist,

1.09k views • 66 slides
Frameworks Concepts set of cooperating classes Frameworks extending some class

Frameworks Concepts set of cooperating classes Frameworks extending some class

Frameworks Concepts set of cooperating classes Frameworks extending some class inversion of control Examples from java API Horstmann ch.8-8.4 swing, applet, collection Constructing a framework graph editor

570 views • 9 slides
Lecture 12 Malware Defenses Stephen Checkoway University of Illinois at Chicago CS 487

Lecture 12 Malware Defenses Stephen Checkoway University of Illinois at Chicago CS 487

Lecture 12 Malware Defenses Stephen Checkoway University of Illinois at Chicago CS 487 Fall 2017 Slides based on Baileys ECE 422 Malware review How does the malware start running? Logic bomb? Trojan horse? Virus?

470 views • 27 slides

More recommend