1,883 research outputs found
Epidemic Thresholds with External Agents
We study the effect of external infection sources on phase transitions in
epidemic processes. In particular, we consider an epidemic spreading on a
network via the SIS/SIR dynamics, which in addition is aided by external agents
- sources unconstrained by the graph, but possessing a limited infection rate
or virulence. Such a model captures many existing models of externally aided
epidemics, and finds use in many settings - epidemiology, marketing and
advertising, network robustness, etc. We provide a detailed characterization of
the impact of external agents on epidemic thresholds. In particular, for the
SIS model, we show that any external infection strategy with constant virulence
either fails to significantly affect the lifetime of an epidemic, or at best,
sustains the epidemic for a lifetime which is polynomial in the number of
nodes. On the other hand, a random external-infection strategy, with rate
increasing linearly in the number of infected nodes, succeeds under some
conditions to sustain an exponential epidemic lifetime. We obtain similar sharp
thresholds for the SIR model, and discuss the relevance of our results in a
variety of settings.Comment: 12 pages, 2 figures (to appear in INFOCOM 2014
Polygraph: Automatically generating signatures for polymorphic worms
It is widely believed that content-signature-based intrusion detection systems (IDSes) are easily evaded by polymorphic worms, which vary their payload on every infection attempt. In this paper, we present Polygraph, a signature generation system that successfully produces signatures that match polymorphic worms. Polygraph generates signatures that consist of multiple disjoint content sub-strings. In doing so, Polygraph leverages our insight that for a real-world exploit to function properly, multiple invariant substrings must often be present in all variants of a payload; these substrings typically correspond to protocol framing, return addresses, and in some cases, poorly obfuscated code. We contribute a definition of the polymorphic signature generation problem; propose classes of signature suited for matching polymorphic worm payloads; and present algorithms for automatic generation of signatures in these classes. Our evaluation of these algorithms on a range of polymorphic worms demonstrates that Polygraph produces signatures for polymorphic worms that exhibit low false negatives and false positives. Ā© 2005 IEEE
Command & Control: Understanding, Denying and Detecting - A review of malware C2 techniques, detection and defences
In this survey, we first briefly review the current state of cyber attacks,
highlighting significant recent changes in how and why such attacks are
performed. We then investigate the mechanics of malware command and control
(C2) establishment: we provide a comprehensive review of the techniques used by
attackers to set up such a channel and to hide its presence from the attacked
parties and the security tools they use. We then switch to the defensive side
of the problem, and review approaches that have been proposed for the detection
and disruption of C2 channels. We also map such techniques to widely-adopted
security controls, emphasizing gaps or limitations (and success stories) in
current best practices.Comment: Work commissioned by CPNI, available at c2report.org. 38 pages.
Listing abstract compressed from version appearing in repor
- ā¦