Survey
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
Self-Stopping Worms Justin Ma, Geoffrey M. Voelker, and Stefan Savage Presented: Khanh Nguyen Self-Stopping Worms Another type of spreading worm The goal is to infected as many hosts as possible until it reach a target population then stop. This would make it harder to identify the presence of infected hosts. PROBLEM: how do these independent worms know when to stop? Overview Self-Stopping Worms Algorithms Random Scanning Strategy Permutation Scanning Strategy Evaluation Self-Stopping Worms Algorithms (Random scanning) Greedy: An infected node infects as many hosts as possible without stopping Blind-k: An infected node deactivates w/ probability 1/k at the end of each timestep Non-Exchange, Non-Estimating Strategies Based on The Distributed systems literature dI/dt = γ/A(N-I)a and da/dt = γ/A(N-I)a – (1/k)a a(I) = I + (1/k)(A/γ)log(1-I/N), ex: A=232, N= 217, γ=4,000, resulted: 97.8% infected PROBLEM: known A, N, γ prior to infection to get a good k value Self-Stopping Worms Algo. (cont.) (Random scanning) Stop-k: Stop with probability 1/k after redundant hit. Infection-status feedback da/dt = γ/A(N-I)a – (1/k)(γI/A)a A(I) = (k+1)/k*I + (N/k)log(1-I/N). Ex: k=3, N=2^17, infected population = 98% Tree: Stop after infecting k new hits on vulnerable Self-Stopping Worms Algo. (cont.) (Random Scanning) Sum-Count: An infected host keeps 2 counters: one for the number of vulnerable hosts it has contacted H, one for the number of scans it has produced S. Nest = HA/S Self-Stopping Algorithms (cont.) (Random Scanning) Bitmap: Uses 2 bitmaps, each w/ size of A bits Bitv records the vulnerable hosts it has attempted to infect. Bits records the hosts it has scanned. Nest = bitsset(Bitv)*A/bitsset(Bits) Disadvantage: large amount of memory required Self-Stopping Algorithms (cont.) (Random Scanning) Sum-Count-X: Operates like Sum-Count, except that when node A contacts w/ node B, then the HA + HB and SA + SB Bitmap-X: Operates like Bitmap, except that when node A contacts w/ node B, Bitsv,A U Bitsv,B and Bitss,A U Bitss,B Self-Stopping Worms Algor. (cont.) (Permutation scanning) Greedy Permutation: If the host achieves a redundant hit, it will randomly choose a new seed and continue. Stop-k Permutation: same as Stop-k Sum-Count-X Permutation: Same as Sum-Count-X, except with the reseed-upon-redundant-hit policy Partitioned Permutation: Kind of like divide and conquer. Give up half of the unscanned spaces to the newly infected descendant. Stops when reaching its interval (found a redundant hit) Self-stopping Worms Summary Evaluation Basic Heuristics Blind-k (k=32), Stop-k (k=3) and Tree (k=50) A=2^32, N=2^17, γ =4,000 Would infect about 98% of the vulnerable hosts Dynamic Heuristics Sum-Count and Sum-Count-X Compared them against Greedy, Blind-32, and the ideal heuristics: Know-NI, Know-N, and Know-I Basic Heuristics Dynamic Heuristics Scan Rates Important-Scanning Worm IANA Assignments Web Servers Distribution CodeRed With IS Slammer With IS