Five-College Speaker Series on Information Assurance
|
Chenxi Wang |
 |
Computer worms and viruses are a prevalent threat to today's systems and networks. The Coral project at CMU aims to develop innovative, network-wide defenses against widespread worm and virus attacks. Our approaches are rooted in one simple principle: understanding the fundamental factors that enable the fast spread of malicious code---these factors include those that are topological and those that are intrinsic to the infection process. We seek to study, model, and analyze these factors, and then to exploit their characteristics to develop original network security technologies. This talk reports the research progress of Coral in its first two year. We started our research asking the following questions: a) How will a virus/worm propagate in a real network?, b) Does an epidemic threshold exist for a finite power-law graph (as most real network topologies follow a power-law structure), or any finite graph?, c) Where are the most effective places in the Internet to engineer containment mechanisms? We answer the first question by providing equations that accurately model malicious propagation in an arbitrary network topology. We propose a general epidemic threshold condition that applies to arbitrary graphs: we prove that, under reasonable approximations, the epidemic threshold for a network is indicated by the inverse of the largest eigenvalue of the adjacency matrix. For the third question, we investigated the effect of containment at individual hosts, edge routers, and backbone routers. Our analysis shows that both host and edge-router based containment result in a slowdown (in the spreading rate of the worm) that is linear to the number of hosts (routers) implementing the containment filter. Containment at the backbone routers, however, achieves near exponential slowdown. We are currently studying various containment mechanisms, including one that is based on DNS traffic characteristics, using traces we obtained from real networks. I will discuss preliminary results from our empirical study and attempt to extrapolate from these results some general insights on worm containment. Biography: Dr. Chenxi Wang is a member of the research faculty at Carnegie Mellon University. She received her Ph.D. from the University of Virginia in 2001. Her research interests lie in security issues in large networks, privacy, and large scale information dissemination. Chenxi is the principal investigator of an NSF ITR award to investigate network defenses against Internet worms. She also servers as Co-PI on various other NSF and DARPA awards. She is the recipient of a faculty fellowship from the Army Research Office. Chenxi is the author of numerous technical publications and served on program committees for ESORICS, WORM, and ACSAC. | |