« Protocol-Independent Adaptive Replay of Application Dialog | Main | Malware Defense Using Network Security Authentication »
Analytically Modeling Worm Attacks in Internet Protocol Networks
What I like about this model and this work is that it attempts to take real world scenarios into account, namely bandwidth and packet characteristic distributions. I also appreciate how the author's slides are informative even without the talk available.Network attacks are a growing national concern in both the government and private sector. This presentation focuses on analytic queueing and simulation capabilities that have been developed to analyze the performance of Federal Private IP Networks, especially in the presence of worm attacks.Source: Masi, D.M., and M.J. Fischer. Analytically Modeling Worm Attacks in Internet Protocol Networks, Ninth INFORMS Computing Society (ICS) Conference. Annapolis, Md. January 5-7, 2005. [PDF slides]We have developed an analytical queueing model called the IP Network Performance and Analysis Tool. The assumptions made and methodology used to analyze network performance using analytical queueing and numerical approaches will be presented. Worms typically propagate by first infecting a single node; infected node(s) then scan other network nodes and infect those that are vulnerable. Thus propagation of the worm occurs in stages as more and more nodes are infected. The impact of the scanning traffic during worm propagation on network performance will be examined. The relationship between our approach and to epidemic models discussed in the literature will be discussed. The problems with incorporating the different approaches into analytic performance models, the use of stages in modeling, and the relationship of stages to continual time will be discussed. The mitigating effect of worm deactivation is also modeled. Numerical results and validation will be presented.
November 30, 2005 in modeling, slides | Permalink
Tell others: digg submit
|
del.icio.us this
|
Reddit
Comments
The comments to this entry are closed.
