274 research outputs found
MPeersim: Simulation Environment for Mobile P2P Networks
Abstract: In understanding technical aspects of technology, simulation environments play a very important role. Emergence of mobile P2P networks and their widespread adoption has accentuated the need for development of a simulation platform for modeling and analysis of these networks. This paper presents MPeersim, a simulation environment capable of modeling mobile P2P networks by incorporating configurable node and network related parameters to attain various statistics for subsequent analysis. MPeersim presents a novel concept of mobile P2P network monitoring. It not only provides with a pivotal platform for conducting propagation analysis of legitimate mobile P2P traffic but also of 13 mobile P2P malware families that encompass around 25% of the total discovered mobile malware. 3-tier statistics collection model of MPeersim enables it to collect generic mobile and network statistics on network and community levels while behaviour statistics on agent nodes. These statistics help detect network and community based mobile P2P threats and malware families
Agentâbased modeling of malware dynamics in heterogeneous environments
The increasing convergence of powerâlaw networks such as social networking and peerâtoâpeer applications, webâdelivered applications, and mobile platforms makes today's users highly vulnerable to entirely new generations of malware that exploit vulnerabilities in web applications and mobile platforms for new infections, while using the powerâlaw connectivity for finding new victims. The traditional epidemic models based on assumptions of homogeneity, averageâdegree distributions, and perfectâmixing are inadequate to model this type of malware propagation. In this paper, we study four aspects crucial to modeling malware propagation: applicationâlevel interactions among users of such networks , local network structure , user mobility , and network coordination of malware such as botnets . Since closedâform solutions of malware propagation considering these aspects are difficult to obtain, we describe an openâsource, flexible agentâbased emulation framework that can be used by malware researchers for studying today's complex malware. The framework, called AgentâBased Malware Modeling (AMM), allows different applications, network structure, network coordination, and user mobility in either a geographic or a logical domain to study various infection and propagation scenarios. In addition to traditional worms and viruses, the framework also allows modeling network coordination of malware such as botnets. The majority of the parameters used in the framework can be derived from realâlife network traces collected from a network, and therefore, represent realistic malware propagation and infection scenarios. As representative examples, we examine two wellâknown malware spreading mechanisms: (i) a malicious virus such as Cabir spreading among the subscribers of a cellular network using Bluetooth and (ii) a hybrid worm that exploit email and fileâsharing to infect users of a social network. In both cases, we identify the parameters most important to the spread of the epidemic based upon our extensive simulation results. Copyright © 2011 John Wiley & Sons, Ltd. This paper presents a novel agentâbased framework for realistic modeling of malware propagation in heterogeneous networks, applications and platforms. The majority of the parameters used in the framework can be derived from realâlife network traces collected from a network, and therefore, represent realistic malware propagation and infection scenarios for the given network. Two wellâknown malware spreading mechanisms in traditional as well as mobile environments were studied using extensive simulations within the framework and the most important spreading parameters were identified.Peer Reviewedhttp://deepblue.lib.umich.edu/bitstream/2027.42/101832/1/sec298.pd
Command & Control: Understanding, Denying and Detecting - A review of malware C2 techniques, detection and defences
In this survey, we first briefly review the current state of cyber attacks,
highlighting significant recent changes in how and why such attacks are
performed. We then investigate the mechanics of malware command and control
(C2) establishment: we provide a comprehensive review of the techniques used by
attackers to set up such a channel and to hide its presence from the attacked
parties and the security tools they use. We then switch to the defensive side
of the problem, and review approaches that have been proposed for the detection
and disruption of C2 channels. We also map such techniques to widely-adopted
security controls, emphasizing gaps or limitations (and success stories) in
current best practices.Comment: Work commissioned by CPNI, available at c2report.org. 38 pages.
Listing abstract compressed from version appearing in repor
OnionBots: Subverting Privacy Infrastructure for Cyber Attacks
Over the last decade botnets survived by adopting a sequence of increasingly
sophisticated strategies to evade detection and take overs, and to monetize
their infrastructure. At the same time, the success of privacy infrastructures
such as Tor opened the door to illegal activities, including botnets,
ransomware, and a marketplace for drugs and contraband. We contend that the
next waves of botnets will extensively subvert privacy infrastructure and
cryptographic mechanisms. In this work we propose to preemptively investigate
the design and mitigation of such botnets. We first, introduce OnionBots, what
we believe will be the next generation of resilient, stealthy botnets.
OnionBots use privacy infrastructures for cyber attacks by completely
decoupling their operation from the infected host IP address and by carrying
traffic that does not leak information about its source, destination, and
nature. Such bots live symbiotically within the privacy infrastructures to
evade detection, measurement, scale estimation, observation, and in general all
IP-based current mitigation techniques. Furthermore, we show that with an
adequate self-healing network maintenance scheme, that is simple to implement,
OnionBots achieve a low diameter and a low degree and are robust to
partitioning under node deletions. We developed a mitigation technique, called
SOAP, that neutralizes the nodes of the basic OnionBots. We also outline and
discuss a set of techniques that can enable subsequent waves of Super
OnionBots. In light of the potential of such botnets, we believe that the
research community should proactively develop detection and mitigation methods
to thwart OnionBots, potentially making adjustments to privacy infrastructure.Comment: 12 pages, 8 figure
Security Engineering of Patient-Centered Health Care Information Systems in Peer-to-Peer Environments: Systematic Review
Background: Patient-centered health care information systems (PHSs) enable patients to take control and become knowledgeable about their own health, preferably in a secure environment. Current and emerging PHSs use either a centralized database, peer-to-peer (P2P) technology, or distributed ledger technology for PHS deployment. The evolving COVID-19 decentralized Bluetooth-based tracing systems are examples of disease-centric P2P PHSs. Although using P2P technology for the provision of PHSs can be flexible, scalable, resilient to a single point of failure, and inexpensive for patients, the use of health information on P2P networks poses major security issues as users must manage information security largely by themselves. Objective: This study aims to identify the inherent security issues for PHS deployment in P2P networks and how they can be overcome. In addition, this study reviews different P2P architectures and proposes a suitable architecture for P2P PHS deployment. Methods: A systematic literature review was conducted following PRISMA (Preferred Reporting Items for Systematic Reviews and Meta-Analyses) reporting guidelines. Thematic analysis was used for data analysis. We searched the following databases: IEEE Digital Library, PubMed, Science Direct, ACM Digital Library, Scopus, and Semantic Scholar. The search was conducted on articles published between 2008 and 2020. The Common Vulnerability Scoring System was used as a guide for rating security issues. Results: Our findings are consolidated into 8 key security issues associated with PHS implementation and deployment on P2P networks and 7 factors promoting them. Moreover, we propose a suitable architecture for P2P PHSs and guidelines for the provision of PHSs while maintaining information security. Conclusions: Despite the clear advantages of P2P PHSs, the absence of centralized controls and inconsistent views of the network on some P2P systems have profound adverse impacts in terms of security. The security issues identified in this study need to be addressed to increase patients\u27 intention to use PHSs on P2P networks by making them safe to use
Network Traffic Measurements, Applications to Internet Services and Security
The Internet has become along the years a pervasive network interconnecting billions of users and is now playing the role of collector for a multitude of tasks, ranging from professional activities to personal interactions. From a technical standpoint, novel architectures, e.g., cloud-based services and content delivery networks, innovative devices, e.g., smartphones and connected wearables, and security threats, e.g., DDoS attacks, are posing new challenges in understanding network dynamics.
In such complex scenario, network measurements play a central role to guide traffic management, improve network design, and evaluate application requirements. In addition, increasing importance is devoted to the quality of experience provided to final users, which requires thorough investigations on both the transport network and the design of Internet services.
In this thesis, we stress the importance of usersâ centrality by focusing on the traffic they exchange with the network. To do so, we design methodologies complementing passive and active measurements, as well as post-processing techniques belonging to the machine learning and statistics domains. Traffic exchanged by Internet users can be classified in three macro-groups: (i) Outbound, produced by usersâ devices and pushed to the network; (ii) unsolicited, part of malicious attacks threatening usersâ security; and (iii) inbound, directed to usersâ devices and retrieved from remote servers. For each of the above categories, we address specific research topics consisting in the benchmarking of personal cloud storage services, the automatic identification of Internet threats, and the assessment of quality of experience in the Web domain, respectively.
Results comprise several contributions in the scope of each research topic. In short, they shed light on (i) the interplay among design choices of cloud storage services, which severely impact the performance provided to end users; (ii) the feasibility of designing a general purpose classifier to detect malicious attacks, without chasing threat specificities; and (iii) the relevance of appropriate means to evaluate the perceived quality of Web pages delivery, strengthening the need of usersâ feedbacks for a factual assessment
Propagation, Detection and Containment of Mobile Malware.
Today's enterprise systems and networks are frequent targets of
malicious attacks, such as worms, viruses, spyware and intrusions
that can disrupt, or even disable critical services. Recent trends
suggest that by combining spyware as a malicious payload with worms
as a delivery mechanism, malicious programs can potentially be used
for industrial espionage and identity theft. The problem is
compounded further by the increasing convergence of wired, wireless
and cellular networks, since virus writers can now write malware
that can crossover from one network segment to another,
exploiting services and vulnerabilities specific to each network.
This dissertation makes four primary contributions. First, it builds
more accurate malware propagation models for emerging hybrid malware
(i.e., malware that use multiple propagation vectors such as
Bluetooth, Email, Peer-to-Peer, Instant Messaging, etc.), addressing
key propagation factors such as heterogeneity of nodes, services and
user mobility within the network. Second, it develops a proactive containment framework based on group-behavior of
hosts against such malicious agents in an enterprise setting. The
majority of today's anti-virus solutions are reactive, i.e., these
are activated only after a malicious activity has been detected at a
node in the network. In contrast, proactive containment has the
potential of closing the vulnerable services ahead of infection, and
thereby halting the spread of the malware. Third, we study (1) the
current-generation mobile viruses and worms that target SMS/MMS
messaging and Bluetooth on handsets, and the corresponding exploits,
and (2) their potential impact in a large SMS provider network using
real-life SMS network data. Finally, we propose a new behavioral
approach for detecting emerging malware targeting mobile handsets.
Our approach is based on the concept of generalized behavioral
patterns instead of traditional signature-based detection. The
signature-based methods are not scalable for deployment in mobile
devices due to limited resources available on today's typical
handsets. Further, we demonstrate that the behavioral approach not
only has a compact footprint, but also can detect new classes of
malware that combine some features from existing classes of malware.Ph.D.Computer Science & EngineeringUniversity of Michigan, Horace H. Rackham School of Graduate Studieshttp://deepblue.lib.umich.edu/bitstream/2027.42/60849/1/abose_1.pd
On Detection of Current and Next-Generation Botnets.
Botnets are one of the most serious security threats to the Internet and its end users. A botnet consists of compromised computers that are remotely coordinated by a botmaster under a
Command and Control (C&C) infrastructure. Driven by financial incentives, botmasters leverage botnets to conduct various cybercrimes such as spamming, phishing, identity theft and
Distributed-Denial-of-Service (DDoS) attacks. There are three main challenges facing botnet detection. First, code obfuscation is widely employed by current botnets, so signature-based detection is insufficient. Second, the C&C
infrastructure of botnets has evolved rapidly. Any detection solution targeting one botnet instance can hardly keep up with this change. Third, the proliferation of powerful smartphones presents a new platform for future botnets. Defense
techniques designed for existing botnets may be outsmarted when botnets invade smartphones.
Recognizing these challenges, this dissertation proposes behavior-based botnet detection solutions at three different levels---the end host, the edge network and the Internet infrastructure---from a small scale to a large scale, and investigates the next-generation botnet targeting smartphones.
It (1) addresses the problem of botnet seeding by devising a per-process containment scheme for end-host systems; (2) proposes a hybrid botnet detection framework for edge networks
utilizing combined host- and network-level information; (3) explores the structural properties of botnet topologies and
measures network components' capabilities of large-scale botnet detection at the Internet infrastructure level; and (4)
presents a proof-of-concept mobile botnet employing SMS messages as the C&C and P2P as the topology to facilitate future research on countermeasures against next-generation
botnets.
The dissertation makes three primary contributions. First, the detection solutions proposed utilize intrinsic and fundamental
behavior of botnets and are immune to malware obfuscation and traffic encryption. Second, the solutions are general enough to identify different types of botnets, not a specific botnet
instance. They can also be extended to counter next-generation botnet threats. Third, the detection solutions function at
multiple levels to meet various detection needs. They each take a different perspective but are highly complementary to each other, forming an integrated botnet detection framework.Ph.D.Computer Science & EngineeringUniversity of Michigan, Horace H. Rackham School of Graduate Studieshttp://deepblue.lib.umich.edu/bitstream/2027.42/91382/1/gracez_1.pd
- âŠ