Malware models for network and service management

International audienceDifferent kinds of malware like the botnets and the worms are a main threat on Internet for the current and future. Their effectiveness to control systems is proved and we are investigating the malware mechanisms that can be adapted to get an efficient and scalable management plane. Our work consists in modelling malware based network management and assessing its performance

A Game Theoretical Method for Cost-Benefit Analysis of Malware Dissemination Prevention

Copyright © Taylor & Francis Group, LLC. Literature in malware proliferation focuses on modeling and analyzing its spread dynamics. Epidemiology models, which are inspired by the characteristics of biological disease spread in human populations, have been used against this threat to analyze the way malware spreads in a network. This work presents a modified version of the commonly used epidemiology models Susceptible Infected Recovered (SIR) and Susceptible Infected Susceptible (SIS), which incorporates the ability to capture the relationships between nodes within a network, along with their effect on malware dissemination process. Drawing upon a model that illustrates the network’s behavior based on the attacker’s and the defender’s choices, we use game theory to compute optimal strategies for the defender to minimize the effect of malware spread, at the same time minimizing the security cost. We consider three defense mechanisms: patch, removal, and patch and removal, which correspond to the defender’s strategy and use probabilistically with a certain rate. The attacker chooses the type of attack according to its effectiveness and cost. Through the interaction between the two opponents we infer the optimal strategy for both players, known as Nash Equilibrium, evaluating the related payoffs. Hence, our model provides a cost-benefit risk management framework for managing malware spread in computer networks

A qualitative study of stakeholders' perspectives on the social network service environment

Over two billion people are using the Internet at present, assisted by the mediating activities of software agents which deal with the diversity and complexity of information. There are, however, ethical issues due to the monitoring-and-surveillance, data mining and autonomous nature of software agents. Considering the context, this study aims to comprehend stakeholders' perspectives on the social network service environment in order to identify the main considerations for the design of software agents in social network services in the near future. Twenty-one stakeholders, belonging to three key stakeholder groups, were recruited using a purposive sampling strategy for unstandardised semi-structured e-mail interviews. The interview data were analysed using a qualitative content analysis method. It was possible to identify three main considerations for the design of software agents in social network services, which were classified into the following categories: comprehensive understanding of users' perception of privacy, user type recognition algorithms for software agent development and existing software agents enhancement

Distinguishing factors that influence attendance and behaviour change in family‐based treatment of childhood obesity: a qualitative study

ObjectivesFor the effective treatment of childhood obesity, intervention attendance and behaviour change at home are both important. The purpose of this study was to qualitatively explore influences on attendance and behaviour change during a family-based intervention to treat childhood obesity in the North West of England (Getting Our Active Lifestyles Started (GOALS)).DesignFocus groups with children and parents/carers as part of a broader mixed-methods evaluation.MethodsEighteen focus groups were conducted with children (n = 39, 19 boys) and parents/carers (n = 34, 5 male) to explore their experiences of GOALS after 6 weeks of attendance (/18 weeks). Data were analysed thematically to identify influences on attendance and behaviour change.ResultsInitial attendance came about through targeted referral (from health care professionals and letters in school) and was influenced by motivations for a brighter future. Once at GOALS, it was the fun, non-judgemental healthy lifestyle approach that encouraged continued attendance. Factors that facilitated behaviour change included participatory learning as a family, being accountable and gradual realistic goal setting, whilst challenges focussed on fears about the intervention ending and a lack of support from non-attending significant others.ConclusionsFactors that influence attendance and behaviour change are distinct and may be important at different stages of the family’s change process. Practitioners are encouraged to tailor strategies to support both attendance and behaviour change, with a focus on whole family participation within and outside the intervention

Analyzing Intensive Intrusion Alerts Via Correlation

Traditional intrusion detection systems (IDSs) focus on low-level attacks or anomalies, and raise alerts independently, though there may be logical connections between them. In situations where there are intensive intrusions, not only will actual alerts be mixed with false alerts, but the amount of alerts will also become unmanageable. As a result, it is difficult for human users or intrusion response systems to understand the alerts and take appropriate actions

Immune System Approaches to Intrusion Detection - A Review

The use of artificial immune systems in intrusion detection is an appealing concept for two reasons. Firstly, the human immune system provides the human body with a high level of protection from invading pathogens, in a robust, self-organised and distributed manner. Secondly, current techniques used in computer security are not able to cope with the dynamic and increasingly complex nature of computer systems and their security. It is hoped that biologically inspired approaches in this area, including the use of immune-based systems will be able to meet this challenge. Here we review the algorithms used, the development of the systems and the outcome of their implementation. We provide an introduction and analysis of the key developments within this field, in addition to making suggestions for future research