worm blog: Formally Specifying Design Goals of Worm Defense Strategies

« The Limits of Global Scanning Worm Detectors in the Presence of Background Noise | Main | Automatically deducing propagation sequences that circumvent a collaborative worm defense »

Formally Specifying Design Goals of Worm Defense Strategies

A formal paper, but this is one of a small set of interesting works I'll post this week. While this is a short work (it's an extended abstract), it provides a nice framework to think about worm defense measures.

There are many key challenges to developing the apparatus and methodologies necessary to evaluate the emerging suite of approaches to large-scale worm defense. Within the DETER/EMIST initiative, challenges that have arisen during the development of our experimental framework include the need to support experiment repeatability, greater scalability in network topology, and greater realism in traffic dynamics. Among these key challenges, we also seek to expand the rigor with which we model the protection claims of the worm defense algorithm, particularly as we design tests that we hope can fully stress and evaluate the protection claims of the algorithm of interest.
To date, most of the work in understanding the behavior of malicious code propagation and defense has centered exclusively on understanding the effects of a proposed malware countermeasure on the global infection growth rate given a specific modeled network and malicious code scenario. In this study we consider how to more rigorously express design goals regarding the local impact of a defensive algorithm from the perspective of those who participate in the defense. We contrast this perspective of local benefit from what we view as the current tradition of evaluating worm defense performance based on assessing growth rate impact on an abstracted topology of global population.

Source: Formally specifying design goals of worm defense strategies. Linda Briesemeister and Phillip A. Porras. Proceedings of DETER Community Workshop on Cyber Security Experimentation and Test, June 2006.

September 5, 2006 in defense, modeling, papers | Permalink
Tell others: digg submit | del.icio.us this | Reddit