Optimization of Blaster worms - PowerPoint PPT Presentation

1 / 15
About This Presentation
Title:

Optimization of Blaster worms

Description:

Modeling a Blaster worm, we investigate influence on a local network. ... Blaster worm exploits a vulnerability of DCOM RPC Service to penetrate. ... – PowerPoint PPT presentation

Number of Views:31
Avg rating:3.0/5.0
Slides: 16
Provided by: kai94
Category:

less

Transcript and Presenter's Notes

Title: Optimization of Blaster worms


1
Optimization of Blaster worms

by Stochastic Modeling
  • Performance Evaluation Laboratory

Supervised by Prof. Hiroshi Toyoizumi
s1080060 Tatehiro Kaiwa
2
Purpose
  • Modeling a Blaster worm, we investigate influence
    on a local network.
  • Optimizing a Blaster worm, we observe and
    investigate the threat.
  • To compare the difference between the existing
    Blaster worms and the optimized ones in local
    network.

3
Target Virus
  • Name W32.Blaster.Worm (Symantec)
  • WORM_MSBLAST.A (Trend Micro)
  • W32/Lovsan.worm.a (McAfee)
  • Type Worm
  • Systems Affected Windows 2000, XP

Blaster worm exploits a vulnerability of DCOM RPC
Service to penetrate.
4
Spread Algorithm (1)
Select an IP address
These methods selected only once when the Blaster
worm is executed.
0.4
0.6
Complete Random
Local
Create malicious Packets
0.8
0.2
For XP
For 2000
Start to send many malicious packets
5
Spread Algorithm (2)
When the worm use own IP address, A.B.C.D,
the worm change D into 0. Then the worm make the
target address increasing monotonically.
Probability a first worm and other worms
attack to the same IP address with is very high.
Infection rate of all worm except a first
worm in the local network become smaller.
6
The Experimental Network
This figure shows a local experimental network to
collect Blaster worm packets data.
To confirm and obtain some information about the
Blaster worm.
7
Worm Data Collection
Systems attacked and infected by Blaster worm may
be instability, then sometimes shutdown.
Target
We cannot capture some packets with a infected PC
and all target PCs installed Sniffer.
Blaster
8
The Infection Model
This figure is the worm infection model.
? Infection rate of a Blaster worm outside of
the local network.
? Infection rate of Blaster worms inside of the
local network.
?
?
?
?
?
?
?
?
?
9
The Model Solution (1)


The process with infection rate ? is Poisson
Process, and the process with infection rate ? is
Yule Process.

n?
n
Each infection activities are independent.
(n-1)?
We obtain the new model to mix a Poisson Process
and a Yule Process.
3
2?
2
?
1
10
The Model Solution (2)
A ratio of each systems having the vulnerability
in a local network.
Windows XP
Windows 2000
11
The Model Solution (3)
Each Infection Rate
12
Graphs of changing a ratio of each systems in the
network
The performance of the Blaster worms can be
improved if the ratio of the Windows XP machines
is high in the local network.
13
The difference between optimized and existing
XP200018
The Optimized Blaster worms prove great
threat. Thus, the existing Blaster worm also has
a potential threat the same.
14
Conclusion
  • A performance of the Blaster worm is great
    influence a ratio of each OS in the target
    network.
  • Optimized Blaster worms is the worm having a
    great threat. Thus, we need to be careful
    individually.

15
Future Works
  • As the stochastic model may be different from
    existing Blaster worms?we need to close to the
    accurate model of the existing Blaster worms in
    the future.
Write a Comment
User Comments (0)
About PowerShow.com
Home About Us Terms and Conditions Privacy Policy Presentation Removal Request Contact Us
Copyright 2024 CrystalGraphics, Inc. — All rights Reserved. PowerShow.com is a trademark of CrystalGraphics, Inc.
The PowerPoint PPT presentation: "Optimization of Blaster worms" is the property of its rightful owner.
Do you have PowerPoint slides to share? If so, share your PPT presentation slides online with PowerShow.com. It's FREE!