Modeling the propagation and defense study of internet malicious information

 Dr. Wen\u27s research includes modelling the propagation dynamics of malicious information, exposing the most influential people and source identification of epidemics in social networks. His research is beneficial to both academia and industry in the field of Internet social networks

Modeling and defense against propagation of worms in networks

Worms are widely believed to be one of the most serious challenges in network security research. In order to prevent worms from propagating, we present a microcosmic model, which can benefit the security industry by allowing them to save significant money in the deployment of their security patching schemes

Analytical Lifecycle Modeling and Threat Analysis of Botnets

Botnet, which is an overlay network of compromised computers built by cybercriminals known as botmasters, is the new phenomenon that has caused deep concerns to the security professionals responsible for governmental, academic, and private sector networks. Botmasters use a plethora of methods to infect network-accessible devices (nodes). The initial malware residing on these nodes then either connects to a central Command & Control (C&C) server or joins a Peer-to-Peer (P2P) botnet. At this point, the nodes can receive the commands of the botmaster and proceed to engage in illicit activities such as Distributed Denial-of-Service (DDoS) attacks and massive e-mail spam campaigns. Being able to reliably estimate the size of a botnet is an important task which allows the adequate deployment of mitigation strategies against the botnet. In this thesis, we develop analytical models that capture the botnet expansion and size evolution behaviors in sufficient details so as to accomplish this crucial estimation/analysis task. We develop four Continuous-Time Markov Chain (CTMC) botnet models: the first two, SComI and SComF, allow the prediction of initial unhindered botnet expansion in the case of infinite and finite population sizes, respectively. The third model, the SIC model, is a botnet lifecycle model which accounts for all important node stages and allows botnet size estimates as well as evaluation of botnet mitigation strategies such as disinfections of nodes and attacks on botnet's C&C mechanism. Finally, the fourth model, the SIC-P2P model, is an extension of the SIC model suitable for P2P botnets, allowing fine-grained analysis of mitigation strategies such as index poisoning and sybil attack. As the convergence of Internet and traditional telecommunication services is underway, the threat of botnets is looming over essential basic communication services. As the last contribution presented in this thesis, we analyze the threat of botnets in the 4G cellular wireless networks. We identify the vulnerability of the air interface, i.e. the Long Term Evolution (LTE), which allows a successful botnet-launched DDoS attack against it. Through simulation using an LTE simulator, we determine the number of botnet nodes per cell that can significantly degrade the service availability of such cellular networks

The probability model of peer-to-peer botnet propagation

Active Peer-to-Peer worms are great threat to the network security since they can propagate in automated ways and flood the Internet within a very short duration. Modeling a propagation process can help us to devise effective strategies against a worm\u27s spread. This paper presents a study on modeling a worm\u27s propagation probability in a P2P overlay network and proposes an optimized patch strategy for defenders. Firstly, we present a probability matrix model to construct the propagation of P2P worms. Our model involves three indispensible aspects for propagation: infected state, vulnerability distribution and patch strategy. Based on a fully connected graph, our comprehensive model is highly suited for real world cases like Code Red II. Finally, by inspecting the propagation procedure, we propose four basic tactics for defense of P2P botnets. The rationale is exposed by our simulated experiments and the results show these tactics are of effective and have considerable worth in being applied in real-world networks