Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
MODELING & AUTOMATED CONTAINMENT OF WORMS-DEPENDABLE AND SECURE COMPUTING
Post: #1

MODELING & AUTOMATED CONTAINMENT OF WORMS-DEPENDABLE AND SECURE COMPUTING

Abstract: Self-propagating codes, called worms, such as Code Red, Nimda, and Slammer, have drawn significant attention due to their enormously adverse impact on the Internet. Thus, there is great interest in the research community in modeling the spread of worms and in providing adequate defense mechanisms against them. In this paper, we present a (stochastic) branching process model for characterizing the propagation of Internet worms. The model is developed for uniform scanning worms and then extended to preference scanning worms. This model leads to the development of an automatic worm containment strategy that prevents the spread of a worm beyond its early stage. Specifically, for uniform scanning worms, we are able to determine whether the worm spread will eventually stop. We then extend our results to contain uniform scanning worms. Our automatic worm containment schemes effectively contain both uniform scanning worms and local preference scanning worms, and it is validated through simulations and real trace data to be non intrusive.
Technology to use:JAVA
Post: #2
Presented by:
R.Arthi
R.suganya
R.Punitha Priyadarshini

[attachment=11249]
Abstract
Self-propagating codes, called worms, such as Code Red, Nimda, and Slammer, have drawn significant attention due to their enormously adverse impact on the Internet. Thus, there is great interest in the research community in modeling the spread of worms and in providing adequate defense mechanisms against them. In this paper, we present a (stochastic) branching process model for characterizing the propagation of Internet worms. The model is developed for uniform scanning worms and then extended to preference scanning worms. This model leads to the development of an automatic worm containment strategy that prevents the spread of a worm beyond its early stage. Specifically, for uniform scanning worms, we are able to determine whether the worm spread will eventually stop. We then extend our results to contain preference scanning worms. Our automatic worm containment schemes effectively contain both uniform scanning worms and local preference scanning worms, and it is validated through simulations and real trace data to be non intrusive.
Introduction
The goal of our research is to provide a model for the propagation of random scanning worms and the corresponding development of automatic containment mechanisms that prevent the spread of worms beyond their early stages. This containment scheme is then extended to protect an enterprise network from a preference scanning worm. A host infected with random scanning worms finds and infects other vulnerable hosts by scanning a list of randomly generated IP addresses. Worms using other strategies to find vulnerable hosts to infect are not within the scope of this work. Some examples of nonrandom-scanning worms are e-mail worms, peer-to-peer worms, and worms that search the local host for addresses to scan.
In this paper, we propose a stochastic branching process model for the early phase of worm propagation.1Weconsider the generation-wise evolution of worms, with the hosts that are infected at the beginning of the propagation forming generation zero. The hosts that are directly infected by hosts in generation n are said to belong to generation n þ 1. Our model captures the worm spreading dynamics for worms of arbitrary scanning rate, including stealth worms that may turn themselves off at times.
 Data Flow Diagram
 Modules of the Project
Module Description
Branching Process Model

To the problem of combating worms, we have developed a branching process model to characterize the propagation of Internet worms. Unlike deterministic epidemic models studied in the literature, this model allows us to characterize the early phase of worm propagation.
Scanning for worms
Our strategy is based on limiting the number of scans to dark-address space. The limiting value is determined by our analysis. Our automatic worm containment schemes effectively contain both uniform scanning worms and local preference scanning worms, and it is validated through simulations and real trace data to be non-intrusive.
Module Description
Detecting and categorizing worms
The model is developed for uniform scanning worms and then extended to preference scanning worms. We detect these two worms and categorize it in this module.
Containment of worms
This model leads to the development of an automatic worm containment strategy that prevents the spread of a worm beyond its early stage. Specifically, for uniform scanning worms, we are able to 1) provide a precise condition that determines whether the worm spread will eventually stop and 2) obtain the distribution of the total number of hosts that the worm infects.
Existing System
• In an Existing system the complexity of the general stochastic epidemic model makes it difficult to derive insightful results that could be used to contain the worm.
• In a previous study it is used to detect the presence of a worm by detecting the trend, not the rate, of the observed illegitimate scan traffic.
• The filter is used to separate worm traffic from background non worm scan traffic.
Proposed System
System Requirement Specification
Hardware:

PROCESSOR : PENTIUM IV 2.6 GHz
RAM : 512 MB
MONITOR : 15”
HARD DISK : 20 GB
CDDRIVE : 52X
KEYBOARD : STANDARD 102 KEYS
MOUSE : 3 BUTTONS
Software:
FRONT END : JAVA, SWING
BACK END : SQL SERVER
TOOLS USED : JFRAME BUILDER
OPERATING SYSTEM: WINDOWS XP
Conclusion
In this paper, we have studied the problem of combating Internet worms. To that end, we have developed a branching process model to characterize the propagation of Internet worms. Unlike deterministic epidemic models studied in the literature, this model allows us to characterize the early phase of worm propagation. Using the branching process model, we are able to provide a precise bound M on the total number of scans that ensure that the worm will eventually die out. Further, from our model, we also obtain the probability that the total number of hosts that the worm infects is below a certain level, as a function of the scan limit . The insights gained from analyzing this model also allow us to develop an effective and automatic worm containment strategy that does not let the worm propagate beyond the early stages of infection. Our strategy can effectively contain both fast scan worms and slow scan worms without knowing the worm signature in advance or needing to explicitly detect the worm. We show via simulations and real trace data that the containment strategy is both effective and non-intrusive.
Post: #3
[attachment=11713]
Modeling and Automated Containment of Worms
Abstract

Self-propagating codes, called worms, such as Code Red, Nimda, and Slammer, have drawn significant attention due to their enormously adverse impact on the Internet. Thus, there is great interest in the research community in modeling the spread of worms and in providing adequate defense mechanisms against them. In this paper, we present a (stochastic) branching process model for characterizing the propagation of Internet worms. The model is developed for uniform scanning worms and then extended to preference scanning worms. This model leads to the development of an automatic worm containment strategy that prevents the spread of a worm beyond its early stage. Specifically, for uniform scanning worms, we are able to determine whether the worm spread will eventually stop. We then extend our results to contain uniform scanning worms. Our automatic worm containment schemes effectively contain both uniform scanning worms and local preference scanning worms, and it is validated through simulations and real trace data to be non intrusive.
Introduction
The Internet has become critically important to the financial viability of the national and the global economy. Meanwhile, we are witnessing an upsurge in the incidents of malicious code in the form of computer viruses and worms. One class of such malicious code, known as random scanning worms, spreads itself without human intervention by using a scanning strategy to find vulnerable hosts to infect. Code Red, SQL Slammer, and Sasser are some of the more famous examples of worms that have caused considerable damage. Network worms have the potential to infect many vulnerable hosts on the Internet before human countermeasures take place. The aggressive scanning traffic generated by the infected hosts has caused network congestion, equipment failure, and blocking of physical facilities such as subway stations, 911 call centers, etc. As a representative example, consider the Code RedwormVersion 2 that exploited buffer overflow vulnerability in the Microsoft IISWebservers. It was released on19 July 2001 Andover a period of less than 14 hours infected more than 359,000 machines. The cost of the epidemic, including subsequent strains of Code Red, has been estimated by Computer Economics to be $2.6 billion.
The goal of our research is to provide a model for the propagation of random scanning worms and the corresponding development of automatic containment mechanisms that prevent the spread of worms beyond their early stages. This containment scheme is then extended to protect an enterprise network from a preference scanning worm. A host infected with random scanning worms finds and infects other vulnerable hosts by scanning a list of randomly generated IP addresses. Worms using other strategies to find vulnerable hosts to infect are not within the scope of this work. Some examples of nonrandom-scanning worms are e-mail worms, peer-to-peer worms, and worms that search the local host for addresses to scan.
Most models of Internet-scale worm propagation are based on deterministic epidemic models. They are acceptable for modeling worm propagation when the number of infected hosts is large. However, it is generally accepted that they are inadequate to model the early phase of worm propagation accurately because the number of infected hosts early on is very small. The reason is that epidemic models capture only expected or means behavior while not being able to capture the variability around this mean, which could be especially dramatic during the early phase of worm propagation. Although stochastic epidemic models can be used to model this early phase, they are generally too complex to provide useful analytical solutions.
In this paper, we propose a stochastic branching process model for the early phase ofwormpropagation.1Weconsider the generation-wise evolution of worms, with the hosts that are infected at the beginning of the propagation forming generation zero. The hosts that are directly infected by hosts in generation n are said to belong to generation n þ 1. Our model captures the worm spreading dynamics for worms of arbitrary scanning rate, including stealth worms that may turn themselves off at times. We show that it is the total number of scans that an infected host attempts, and not the more restrictive scanning rate, which determines whether worms can spread. Moreover, we can probabilistically bound the total number of infected hosts. These insights lead us to develop an automatic worm containment strategy. The main idea is to limit the total number of distinct IP addresses contacted (denote the limit as MC) per host over a period we call the containment cycle, which is of the order of weeks or months. We show that the value of MC does not need to be as carefully tuned as in the traditional rate control mechanisms. Further, we show that this scheme will have only marginal impact on the normal operation of the networks. Our scheme is fundamentally different from rate limiting schemes because we are not bounding instantaneous scanning rates. Preference scanning worms are a common class of worms but have received significantly less attention from the research community. Unlike uniform scanning worms, this type of worm prefers to scan random IP addresses in the local network to the overall Internet. We show that a direct application of the containment strategy for uniform scanning worms to the case of preference scanning worms makes the system too restrictive in terms of the number of allowable scans from a host. We therefore propose a local worm containment system based on restricting a host’s total number of scans to local unused IP addresses (denoted as N). We then use a stochastic branching process model to come up with a bound on the value of N to ensure that the worm spread is stopped.
The main contributions of the paper are summarized as follows: We provide a means to accurately model the early phase of propagation of uniform scanning worms. We also provide an equation that lets a system designer probabilistically bound the total number of infected hosts in a worm epidemic. The parameter that controls the spread is the number of allowable scans for any host. The insight from our model provides us with a mechanism for containing both fast-scanning worms and slow-scanning worms without knowing the worm signature in advance or needing to detect whether a host is infected. This scheme is non-intrusive in terms of its impact on legitimate traffic. Our model and containment scheme is validated through analysis, simulation, and real traffic statistics.
The rest of the paper is organized as follows: In Section 2, we review relevant research on network worms. In Section 3, we present our branching process model with corresponding analytical results on the spread of the infection. In Sections 4 and 5, we describe an automatic worm containment scheme for random scanning worms and adaptation to the case of local preference scanning worms. In Section 6, we provide
numerical results that validate our model and confirm the effectiveness of our containment scheme.
Literature Review
A computer worm is a self-replicating computer program. It uses a network to send copies of itself to other nodes (computer terminals on the network) and it may do so without any user intervention. Unlike a virus, it does not need to attach itself to an existing program. Worms almost always cause harm to the network, if only by consuming bandwidth, whereas viruses almost always corrupt or modify files on a targeted computer.
Naming and history
The name worm comes from The Shockwave Rider, a science fiction novel published in 1975 by John Brunner.
Payloads
Many worms have been created which are only designed to spread, and don't attempt to alter the systems they pass through. However, as the Morris worm and Mydoom showed, the network traffic and other unintended effects can often cause major disruption. A "payload" is code designed to do more than spread the worm - it might delete files on a host system (e.g., the ExploreZip worm), encrypt files in a cryptoviral extortion attack, or send documents via e-mail. A very common payload for worms is to install a backdoor in the infected computer to allow the creation of a "zombie" under control of the worm author - Sobig and Mydoom are examples which created zombies. Networks of such machines are often referred to as botnets and are very commonly used by spam senders for sending junk email or to cloak their website's address. Spammers are therefore thought to be a source of funding for the creation of such worms, and worm writers have been caught selling lists of IP addresses of infected machines. Others try to blackmail companies with threatened DoS attacks.
Backdoors can be exploited by other malware, including worms. Examples include Doomjuice, which spreads better using the backdoor opened by Mydoom, and at least one instance of malware taking advantage of the rootkit and backdoor installed by the Sony/BMG DRM software utilized by millions of music CDs prior to late 2005.
Post: #4
i want the source code of this project please mail me at yadav.akansha01[at]gmail.com.

its urgent please do reply
Post: #5
Abstract
Self-propagating codes, called worms, such as Code Red, Nimda, and Slammer, have drawn significant attention due to their enormous adverse impact on the Internet. There is a great interest in the research community in modeling the spread of worms and in providing adequate defense mechanisms against them. In this paper, we present a (stochastic) branching process model for characterizing the propagation of Internet worms. This model leads to the development of an automatic worm containment strategy that prevents the spread of worms beyond its early stages. Specifically, using the branching process model, we are able to (1) provide a precise condition that determines whether the worm will eventually die out and (2) provdide the probability that the total number of hosts that the worm infects will be below a certain level. We use these insights to develop a simple automatic worm containment scheme, which is demonstrated, through simulations and real trace data, to be both effective and non-intrusive.
Keywords: Internet scanning worms, stochastic worm modeling, branching process model, early phase propagation, automatic worm containment.
1. Introduction
The Internet has become critically important to the financial viability of the national and global economy. Meanwhile, we are witnessing an upsurge in the incidents of malicious code in the form of computer viruses and worms. One class of such malicious code, known as worms, spreads itself without human intervention by using a scanning strategy to find vulnerable hosts to infect. Code Red, SQL Slammer, and Sasser are some of the more famous examples of worms that have caused considerable damage. Network ∗This work is partially supported by the National Science Foundation grant 0335247-ANI and an NSF Graduate Fellowship. worms have the potential to infect many vulnerable hosts on the Internet before human countermeasures take place. The aggressive scanning traffic generated by the infected hosts have caused network congestion, equipment failure, and blocking of physical facilities such as subway stations, 911 call centers, etc. As a representative example, consider the Code Red worm version 2 that exploited a buffer overflow vulnerability in the Microsoft IIS web servers. It was released on July 19th, 2001 and over a period of less than 14 hours infected more than 359,000 machines. The cost of the epidemic, including subsequent strains of Code Red is estimated by Computer Economics to be $2.6 billion [22]. While Code Red was particularly virulent in its economic impact (e.g., see [2, 11]) it provides an indication of the magnitude of the damage that can be inflicted by such worms. Thus, there is a need to carefully characterize the spread of worms and develop efficient strategies for worm containment. In the current literature, three broad classes of strategies have been identified for mitigating the risks of worms. (i) Prevention: This involves improving the security and heterogeneity of software on the Internet and automatically checking hosts for vulnerabilities worms could exploit, and patching them before a worm incident happens; (ii) Treatment: This involves eliminating the vulnerability exploited by the worm after the incident has become known and removing the worm from the host itself; (iii) Containment: This involves blocking or slowing down the communication between infected and uninfected hosts. These three strategies complement each other and in this paper, our focus will be on developing an effective containment strategy. The goal of our research is to provide a model for the propagation of random scanningworms and the corresponding development of automatic containmentmechanisms that prevent the spread of worms beyond its early stages


Download full report
https://engineering.purdue.edu/dcsl/publ...aready.pdf
Post: #6
to get information about the topic Modeling and automated containment of worms full report ,ppt and related topic refer the link bellow

http://seminarprojectst-modeling-automated-containment-of-worms

http://seminarprojectst-modeling-automated-containment-of-worms-dependable-and-secure-computing

http://seminarprojectst-modeling-and-automated-containment-of-worms--23570

http://seminarprojectst-modeling-automated-containment-of-worms?pid=45824#pid45824
 

Important Note..!

If you are not satisfied with above reply ,..Please

ASK HERE

So that we will collect data for you and will made reply to the request....OR try below "QUICK REPLY" box to add a reply to this page

[-]
Quick Reply
Message
Type your reply to this message here.

Image Verification
Image Verification
(case insensitive)
Please enter the text within the image on the left in to the text box below. This process is used to prevent automated posts.

Possibly Related Threads...
Thread: Author Replies: Views: Last Post
  Fault Secure Encoder and Decoder For NanoMemory Applications computer girl 2 2,105 25-02-2015 07:17 AM
Last Post: Guest
  projects on cloud computing? shakir_ali 0 379 30-10-2014 01:12 AM
Last Post: shakir_ali
  Secure Multipart File Transfer projectsofme 4 3,099 07-03-2013 05:16 PM
Last Post: Guest
  mobile computing project ideas computer science topics 5 5,335 29-01-2013 10:42 AM
Last Post: seminar details
  grid computing project ideas computer science topics 1 2,093 21-12-2012 10:55 AM
Last Post: seminar details
  MOBILE COMPUTING- CDPD TECHNOLOGY seminar class 1 1,711 06-11-2012 02:32 PM
Last Post: seminar details
  Achieving Secure, Scalable, and Fine-grained Data Access Control in Cloud Computing seminar class 1 1,444 29-10-2012 05:31 PM
Last Post: seminar details
  cloud computing Project Idea nura 16 20,872 11-10-2012 03:52 PM
Last Post: seminar details
  Grid Computing Used For Next Generation High Speed Processing Technology seminar class 1 1,498 03-10-2012 12:24 PM
Last Post: seminar details
  CLOUD COMPUTING FOR BANKS computer girl 0 598 06-06-2012 02:53 PM
Last Post: computer girl