10 research outputs found
Adaptive Epidemic Dynamics in Networks: Thresholds and Control
Theoretical modeling of computer virus/worm epidemic dynamics is an important
problem that has attracted many studies. However, most existing models are
adapted from biological epidemic ones. Although biological epidemic models can
certainly be adapted to capture some computer virus spreading scenarios
(especially when the so-called homogeneity assumption holds), the problem of
computer virus spreading is not well understood because it has many important
perspectives that are not necessarily accommodated in the biological epidemic
models. In this paper we initiate the study of such a perspective, namely that
of adaptive defense against epidemic spreading in arbitrary networks. More
specifically, we investigate a non-homogeneous
Susceptible-Infectious-Susceptible (SIS) model where the model parameters may
vary with respect to time. In particular, we focus on two scenarios we call
semi-adaptive defense and fully-adaptive} defense, which accommodate implicit
and explicit dependency relationships between the model parameters,
respectively. In the semi-adaptive defense scenario, the model's input
parameters are given; the defense is semi-adaptive because the adjustment is
implicitly dependent upon the outcome of virus spreading. For this scenario, we
present a set of sufficient conditions (some are more general or succinct than
others) under which the virus spreading will die out; such sufficient
conditions are also known as epidemic thresholds in the literature. In the
fully-adaptive defense scenario, some input parameters are not known (i.e., the
aforementioned sufficient conditions are not applicable) but the defender can
observe the outcome of virus spreading. For this scenario, we present adaptive
control strategies under which the virus spreading will die out or will be
contained to a desired level.Comment: 20 pages, 8 figures. This paper was submitted in March 2009, revised
in August 2009, and accepted in December 2009. However, the paper was not
officially published until 2014 due to non-technical reason
Mathematical and Statistical Opportunities in Cyber Security
The role of mathematics in a complex system such as the Internet has yet to
be deeply explored. In this paper, we summarize some of the important and
pressing problems in cyber security from the viewpoint of open science
environments. We start by posing the question "What fundamental problems exist
within cyber security research that can be helped by advanced mathematics and
statistics?" Our first and most important assumption is that access to
real-world data is necessary to understand large and complex systems like the
Internet. Our second assumption is that many proposed cyber security solutions
could critically damage both the openness and the productivity of scientific
research. After examining a range of cyber security problems, we come to the
conclusion that the field of cyber security poses a rich set of new and
exciting research opportunities for the mathematical and statistical sciences
A Robust Mechanism for Defending Distributed Denial OF Service Attacks on Web Servers
Distributed Denial of Service (DDoS) attacks have emerged as a popular means
of causing mass targeted service disruptions, often for extended periods of
time. The relative ease and low costs of launching such attacks, supplemented
by the current inadequate sate of any viable defense mechanism, have made them
one of the top threats to the Internet community today. Since the increasing
popularity of web-based applications has led to several critical services being
provided over the Internet, it is imperative to monitor the network traffic so
as to prevent malicious attackers from depleting the resources of the network
and denying services to legitimate users. This paper first presents a brief
discussion on some of the important types of DDoS attacks that currently exist
and some existing mechanisms to combat these attacks. It then points out the
major drawbacks of the currently existing defense mechanisms and proposes a new
mechanism for protecting a web-server against a DDoS attack. In the proposed
mechanism, incoming traffic to the server is continuously monitored and any
abnormal rise in the inbound traffic is immediately detected. The detection
algorithm is based on a statistical analysis of the inbound traffic on the
server and a robust hypothesis testing framework. Simulations carried out on
the proposed mechanism have produced results that demonstrate effectiveness of
the proposed defense mechanism against DDoS attacks.Comment: 18 pages, 3 figures, 5 table
Protection contre les attaques de déni de service par gestion dynamique de délai d'inactivité
Modélisation et protection contre le déni de service -- Modélisation et mesure de performance -- Mécanisme de protection -- Démarche du travail de recherche -- An Exhaustive of Queue Management as a DoS Counter-Measure -- Dynamic timeout strategies -- Mathematical model -- Model validation -- Perfomance evaluation
Adaptive defense against various network attacks
In defending against various network attacks, such as Distributed Denial-of-Service (DDoS) attacks or worm attacks, a defense system needs to deal with various network conditions and dynamically changing attacks. In this paper, we introduce an "adaptive defense" principle based on cost minimization --- a defense system adaptively adjusts its configurations according to the network condition and attack severity in order to minimize the combined cost introduced by false positives (misidentify normal traffic as attack) and false negatives (misidentify attack traffic as normal) at any time. In this way, the adaptive defense system generates fewer false alarms in normal situations (or under light attacks) with relaxed defense configurations, while protecting a network or a server more vigorously under severe attacks. Specifically, we present detailed adaptive defense system designs for defending against two major network attacks: SYN flood DDoS attack and Internet worm infection. The adaptive defense is a high-level system design that can be built on top of various non-adaptive detection and filtering algorithms, which makes it applicable for a wide range of security defenses
Adaptive Defense Against Various Network Attacks
In defending against various network attacks, such as distributed denial-of-service (DDoS) attacks or worm attacks, a defense system needs to deal with various network conditions and dynamically changing attacks. Therefore, a good defense system needs to have a built-in adaptive defense functionality based on cost minimization - adaptively adjusting its configurations according to the network condition and attack severity in order to minimize the combined cost introduced by false positives (misidentify normal traffic as attack) and false negatives (misidentify attack traffic as normal) at any time. In this way, the adaptive defense system can generate fewer false alarms in normal situations or under light attacks with relaxed defense configurations, while protecting a network or a server more vigorously under severe attacks. In this paper, we present concrete adaptive defense system designs for defending against two major network attacks: SYN flood DDoS attack and Internet worm infection. The adaptive defense is a high-level system design that can be built on various underlying nonadaptive detection and filtering algorithms, which makes it applicable for a wide range of security defenses. © 2006 IEEE
Adaptive defense against various network attacks
In defending against various network attacks, such as distributed denial-of-service (DDoS) attacks or worm attacks, a defense system needs to deal with various network conditions and dynamically changing attacks. Therefore, a good defense system needs to have a built-in adaptive defense functionality based on cost minimization-adaptively adjusting its configurations according to the network condition and attack severity in order to minimize the combined cost introduced by false positives (misidentify normal traffic as attack) and false negatives (misidentify attack traffic as normal) at any time. In this way, the adaptive defense system can generate fewer false alarms in normal situations or under light attacks with relaxed defense configurations, while protecting a network or a server more vigorously under severe attacks. In this paper, we present concrete adaptive defense system designs for defending against two major network attacks: SYN flood DDoS attack and Internet worm infection. The adaptive defense is a high-level system design that can be built on various underlying nonadaptive detection and filtering algorithms, which makes it applicable for a wide range of security defenses