Type of Document Dissertation Author Hall, Kristopher Joseph Author's Email Address email@example.com URN etd-05152006-121930 Title Thwarting Network Stealth Worms in Computer Networks through Biological Epidemiology Degree PhD Department Electrical and Computer Engineering Advisory Committee
Advisor Name Title Abbott, A. Lynn Committee Co-Chair Davis, Nathaniel J. IV Committee Co-Chair Arthur, James D. Committee Member Bostian, Charles W. Committee Member Hou, Yiwei Thomas Committee Member Park, Jung-Min Jerry Committee Member Keywords
- Network Stealth Worms
- Demographic Analysis
- Bio-mathematical Modeling
- Network Security
Date of Defense 2006-05-11 Availability unrestricted AbstractThis research developed a system, Rx, to provide early identification and effective control of network stealth worms in digital networks through techniques based on biological epidemiology. Network stealth worms comprise a class of surreptitious, self-propagating code that spread over network connections by exploiting security vulnerabilities in hosts. Past outbreaks due to traditional worms subverted hundreds of thousands of machines. Network stealth worms exacerbate that threat by using clandestine methods to maintain a persistent presence in the network.
Biological epidemiology was shown to support the real-time detection, characterization, forecasting, and containment of network stealth worms. Epidemiology describes a scientific methodology in biology that seeks to understand, explain, and control disease. Bio-mathematical modeling led to the development of a mechanism for digital networks to identify worm infection behavior buried in anomaly data, to characterize a worm, and to forecast the temporal spread of a worm. Demographic analysis of the infected hosts revealed the subset of vulnerable machines within the population. The automated response of advanced quarantine used this information to control the spread of an identified worm by isolating both infected and vulnerable machines.
The novel contributions of this research included the identification of a network stealth worm at the network-level based on end-host reports while simultaneously characterizing and forecasting the spread of the worm. Additionally, this task offered the technique of advanced quarantine through demographic analysis of the population. This work resulted in a scalable, fault-tolerant strategy that dramatically enhanced the survival rate of network hosts under attack by a stealth worm. Moreover, this approach did not require new hardware, changes to existing protocols, or participation outside the implementing organization.
This research showed application to a wider range of challenges. The bio-mathematical models are extensible, allowing Rx to respond to variations on the self-propagating code presented here. The approach is applicable to other forms of malware beyond self-propagating code by interchanging the epidemic model with one more appropriate. Lastly, the strategy allowed anomaly detectors to be sensitive to lower reporting thresholds and a variety of often benign yet potentially useful events.
Filename Size Approximate Download Time (Hours:Minutes:Seconds)
28.8 Modem 56K Modem ISDN (64 Kb) ISDN (128 Kb) Higher-speed Access hall_dissertation.pdf 965.60 Kb 00:04:28 00:02:17 00:02:00 00:01:00 00:00:05
If you have questions or technical problems, please Contact DLA.