Modeling, analysis and defense strategies against Internet attacks.

Third, we have analyzed the tradeoff between delay caused by filtering of worms at routers, and the delay due to worms' excessive amount of network traffic. We have used the optimal control problem, to determine the appropriate tradeoffs between these two delays for a given rate of a worm spreading. Using our technique we can minimize the overall network delay by finding the number of routers that should perform filtering and the time at which they should start the filtering process.Many early Internet protocols were designed without a fundamentally secure infrastructure and hence vulnerable to attacks such as denial of service (DoS) attacks and worms. DoS attacks attempt to consume the resources of a remote host or network, thereby denying or degrading service to legitimate users. Network forensics is an emerging area wherein the source or the cause of the attacker is determined using IDS tools. The problem of finding the source(s) of attack(s) is called the "trace back problem". Lately, Internet worms have become a major problem for the security of computer networks, causing considerable amount of resources and time to be spent recovering from the disruption of systems. In addition to breaking down victims, these worms create large amounts of unnecessary network data traffic that results in network congestion, thereby affecting the entire network.In this dissertation, first we solve the trace back problem more efficiently in terms of the number of routers needed to complete the track back. We provide an efficient algorithm to decompose a network into connected components and construct a terminal network. We show that for a terminal network with n routers, the trace back can be completed in O(log n) steps.Second, we apply two classical epidemic SIS and SIR models to study the spread of Internet Worm. The analytical models that we provide are useful in determining the rate of spread and time required to infect a majority of the nodes in the network. Our simulation results on large Internet like topologies show that in a fairly small amount of time, 80% of the network nodes is infected

The Dynamics of Internet Traffic: Self-Similarity, Self-Organization, and Complex Phenomena

The Internet is the most complex system ever created in human history. Therefore, its dynamics and traffic unsurprisingly take on a rich variety of complex dynamics, self-organization, and other phenomena that have been researched for years. This paper is a review of the complex dynamics of Internet traffic. Departing from normal treatises, we will take a view from both the network engineering and physics perspectives showing the strengths and weaknesses as well as insights of both. In addition, many less covered phenomena such as traffic oscillations, large-scale effects of worm traffic, and comparisons of the Internet and biological models will be covered.Comment: 63 pages, 7 figures, 7 tables, submitted to Advances in Complex System

Flow-Based Network Analysis of the Caenorhabditis elegans Connectome

We exploit flow propagation on the directed neuronal network of the nematode C. elegans to reveal dynamically relevant features of its connectome. We find flow-based groupings of neurons at different levels of granularity, which we relate to functional and anatomical constituents of its nervous system. A systematic in silico evaluation of the full set of single and double neuron ablations is used to identify deletions that induce the most severe disruptions of the multi-resolution flow structure. Such ablations are linked to functionally relevant neurons, and suggest potential candidates for further in vivo investigation. In addition, we use the directional patterns of incoming and outgoing network flows at all scales to identify flow profiles for the neurons in the connectome, without pre-imposing a priori categories. The four flow roles identified are linked to signal propagation motivated by biological input-response scenarios

An Interactive Relaxation Approach for Anomaly Detection and Preventive Measures in Computer Networks

It is proposed to develop a framework of detecting and analyzing small and widespread changes in specific dynamic characteristics of several nodes. The characteristics are locally measured at each node in a large network of computers and analyzed using a computational paradigm known as the Relaxation technique. The goal is to be able to detect the onset of a worm or virus as it originates, spreads-out, attacks and disables the entire network. Currently, selective disabling of one or more features across an entire subnet, e.g. firewalls, provides limited security and keeps us from designing high performance net-centric systems. The most desirable response is to surgically disable one or more nodes, or to isolate one or more subnets.The proposed research seeks to model virus/worm propagation as a spatio-temporal process. Such models have been successfully applied in heat-flow and evidence or gestalt driven perception of images among others. In particular, we develop an iterative technique driven by the self-assessed dynamic status of each node in a network. The status of each node will be updated incrementally in concurrence with its connected neighbors to enable timely identification of compromised nodes and subnets. Several key insights used in image analysis of line-diagrams, through an iterative and relaxation-driven node labeling method, are explored to help develop this new framework

Hybrid spreading mechanisms and T cell activation shape the dynamics of HIV-1 infection

HIV-1 can disseminate between susceptible cells by two mechanisms: cell-free infection following fluid-phase diffusion of virions and by highly-efficient direct cell-to-cell transmission at immune cell contacts. The contribution of this hybrid spreading mechanism, which is also a characteristic of some important computer worm outbreaks, to HIV-1 progression in vivo remains unknown. Here we present a new mathematical model that explicitly incorporates the ability of HIV-1 to use hybrid spreading mechanisms and evaluate the consequences for HIV-1 pathogenenesis. The model captures the major phases of the HIV-1 infection course of a cohort of treatment naive patients and also accurately predicts the results of the Short Pulse Anti-Retroviral Therapy at Seroconversion (SPARTAC) trial. Using this model we find that hybrid spreading is critical to seed and establish infection, and that cell-to-cell spread and increased CD4+ T cell activation are important for HIV-1 progression. Notably, the model predicts that cell-to-cell spread becomes increasingly effective as infection progresses and thus may present a considerable treatment barrier. Deriving predictions of various treatments' influence on HIV-1 progression highlights the importance of earlier intervention and suggests that treatments effectively targeting cell-to-cell HIV-1 spread can delay progression to AIDS. This study suggests that hybrid spreading is a fundamental feature of HIV infection, and provides the mathematical framework incorporating this feature with which to evaluate future therapeutic strategies