nach oben

Erschienen in:

2013 | OriginalPaper | Buchkapitel

Modeling Internet-Scale Policies for Cleaning up Malware

verfasst von : Steven Hofmeyr, Tyler Moore, Stephanie Forrest, Benjamin Edwards, George Stelle

Erschienen in: Economics of Information Security and Privacy III

Verlag: Springer New York

Einloggen

Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.

search-config

KI-gestützte Suche

Aus

Abstract

An emerging consensus among policy makers is that interventions undertaken by Internet Service Providers are the best way to counter the rising incidence of malware. However, assessing the suitability of countermeasures at this scale is hard. In this paper, we use an agent-based model, called ASIM, to investigate the impact of policy interventions at the Autonomous System level of the Internet. For instance, we find that coordinated intervention by the 0.2%-biggest ASes is more effective than uncoordinated efforts adopted by 30% of all ASes. Furthermore, countermeasures that block malicious transit traffic appear more effective than ones that block outgoing traffic. The model allows us to quantify and compare positive externalities created by different countermeasures. Our results give an initial indication of the types and levels of intervention that are most cost-effective at large scale.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Vorheriges Kapitel Resilience of the Internet Interconnection Ecosystem

Nächstes Kapitel Fixed Costs, Investment Rigidities, and Risk Aversion in Information Security: A Utility-theoretic Approach

Code available at http://ftg.lbl.gov/projects/asim.

Except for the very first agent, of course.

The population of the location, divided by the number of agents with presence at that location.

www.routeviews.org.

www.ripe.net.

Data and tools available at http://ftg.lbl.gov/projects/asim.

www.maxmind.com.

http://isc.sans.edu/feeds/daily_sources.

av_degree = 4.2, extent_cost = 1.5, base_income = 5, pop_distr_exp = -1, wickedness = 0.1.

As of May 2010.

Ajelli M, Lo Cigno R, Montresor A (2010) Modeling botnets and epidemic malware. In: 2010 IEEE international conference on communications (ICC), pp 1–5

Anderson R, Böhme R, Clayton R, Moore T (2008) Security economics and European policy. In: Johnson ME (ed) Managing information risk and the economics of security, Springer, Berlin, pp 55–80

Anderson R, Moore T (2006) The economics of information security. Science 314(5799):610–613CrossRef

Anderson RM, May RM (1992) Infectious diseases of humans dynamics and control. Oxford University Press, Oxford

Aspnes J, Rustagi N, Saia J (2007) Worm versus alert: who wins in a battle for control of a large-scale network? In: Proceedings of the 11th international conference on principles of distributed systems, OPODIS’07, Springer, Berlin, pp 443–456

Association II (2010) Internet service providers voluntary code of practice for industry self-regulation in the area of cyber security. http://iia.net.au/images/resources/pdf/iiacybersecuritycode_implementation_dec2010.pdf

Chang H, Jamin S, Willinger W (2003) Internet connectivity at the AS-level: an optimization-driven modeling approach. In: MoMeTools ’03: Proceedings of the ACM SIGCOMM workshop on models, methods and tools for reproducible network research, ACM, New York, NY, USA, pp 33–46. DOI 10.1145/944773.944780

Chang H, Jamin S, Willinger W (2006) To peer or not to peer: modeling the evolution of the Internet’s AS-level topology. In: Proc. IEEE INFOCOM

Clayton R (2010) Might governments clean up malware? In: Workshop on the economics of information security. http://weis2010.econinfosec.org/papers/session4/weis2010_clayton.pdf

10.

Comcast: Comcast.net security—constant guard. http://security.comcast.net/constantguard/

11.

Coull SE, Szymanski BK (2005) A reputation-based system for the quarantine of random scanning worms

12.

Dagon D, Zou C, Lee W (2006) Modeling botnet propagation using time zones. In: In Proceedings of the 13th network and distributed system security symposium NDSS

13.

van Eeten M, Asghari H, Bauer JM, Tabatabaie S (2011) Internet service providers and botnet mitigation: a fact-finding study on the Dutch market. Technical report, Netherlands Ministry of Economic Affairs, Agriculture and Innovation, The Hague. http://rijksoverheid.nl/ministeries/eleni/documenten-en-publicaties/rapporten/2011/01/13/internet-service-providers-and-botnet-mitigation.html

14.

van Eeten M, Bauer JM (2008) Economics of malware: security decisions, incentives and externalities. Technical report, OECD STI Working paper 2008/1. http://www.oecd.org/dataoecd/53/17/40722462.pdf

15.

van Eeten M, Bauer JM, Asghari H, Tabatabaie S (2010) The role of internet service providers in botnet mitigation: an empirical analysis based on spam data. Technical report, OECD STI Working Paper 2010/5. http://www.oecd.org/officialdocuments/publicdisplaydocumentpdf/?cote=dsti/doc(2010)5&docLanguage=En

16.

Evron G (2009) Dutch isps sign anti-botnet treaty. Dark Reading. http://www.darkreading.com/blog/archives/2009/09/dutch_isps_sign.html

17.

Fei S, Zhaowen L, Yan M (2009) A survey of internet worm propagation models. In: Broadband network multimedia technology, 2nd IEEE International Conference on IC-BNMT ’09, pp 453–457

18.

Ganesh A, Massouli L, Towsley D (2005) The effect of network topology on the spread of epidemics. In: IEEE INFOCOM, pp 1455–1466

19.

Haynes KE, Fotheringham A (1984) Gravity and spatial interaction models. Sage Publications, Beverley Hills, CA

20.

Holme P, Karlin J, Forrest S (2008) An integrated model of traffic, geography and economy in the internet. ACM SIGCOMM Computer Commun Rev 38(3):7–15CrossRef

21.

Karge S (2010) The german anti-botnet initiative. In: OECD workshop on the role of internet intermediaries in advancing public policy objectives. http://www.oecd.org/dataoecd/42/50/45509383.pdf

22.

Lelarge M (2009) Economics of malware: epidemic risks model, network externalities and incentives. In: Proceedings of the 47th annual allerton conference on communication, control, and computing, pp 1353–1360

23.

Lelarge M, Bolot J (2009) Economic incentives to increase security in the internet: the case for insurance. In: INFOCOM 2009, IEEE, pp 1494–1502

24.

Mody N, O’Reirdan M, Masiello S, Zebek J (2009) Messaging Anti-abuse working group common best practices for mitigating large scale bot infections in residential networks. http://www.maawg.org/system/files/news/MAAWG_Bot_Mitigation_BP_2009-07.pdf

25.

Moore D, Shannon C, Voelker G, Savage S (2003) Internet quarantine: requirements for containing self-propagating code. In: INFOCOM 2003. Twenty-second annual joint conference of the IEEE computer and communications. IEEE societies, vol 3, pp 1901–1910

26.

Moore T, Clayton R (2008) The consequence of non-cooperation in the fight against phishing. In: Anti-phishing working group eCrime researchers summit (APWG eCrime), pp 1–14. URL http://people.seas.harvard.edu/~tmoore/ecrime08.pdf

27.

Moore T, Clayton R, Anderson R (2009) The economics of online crime. J Economic Perspect 23(3):3–20CrossRef

28.

Newman MEJ (2002) Spread of epidemic disease on networks. Phys Rev E 66(1)

29.

Omic J, Orda A, Van Mieghem P (2009) Protecting against network infections: a game theoretic perspective. In: INFOCOM, IEEE, pp 1485–1493

30.

Palmieri F, Fiore U (2008) Containing large-scale worm spreading in the internet by cooperative distribution of traffic filtering policies. Comput Secur 27(1–2):48–62CrossRef

31.

Porras P, Saidi H, Yegneswaran V (2009) An analysis of conficker’s logic and rendezvous points. Technical report, SRI International. http://mtc.sri.com/Conficker/

32.

Schafer J, Malinka K, Hanacek P (2008) Malware spreading models in peer-to-peer networks. In: Security technology, 42nd annual IEEE international Carnahan conference on ICCST 2008, pp 339–345

33.

Stone-Gross B, Moser A, Kruegel C, Kirda E, Almeroth K (2009) FIRE: FInding Rogue nEtworks. In: Proceedings of the annual computer security applications conference (ACSAC). Honolulu, HI

34.

Varian HR (2004) System reliability and free riding. In: Economics of information security, Kluwer Academic Publishers, Dordrecht, pp 1–15

35.

Wei S, Mirkovic J, Swany M (2005) Distributed worm simulation with a realistic internet model. In: Principles of advanced and distributed simulation, Workshop on PADS 2005, pp 71–79

Titel: Modeling Internet-Scale Policies for Cleaning up Malware
verfasst von: Steven Hofmeyr
Tyler Moore
Stephanie Forrest
Benjamin Edwards
George Stelle
Verlag: Springer New York
Buch: Economics of Information Security and Privacy III
Print ISBN: 978-1-4614-1980-8

Electronic ISBN: 978-1-4614-1981-5

Copyright-Jahr: 2013
DOI: https://doi.org/10.1007/978-1-4614-1981-5_7

Springer Professional

Abstract

Bitte loggen Sie sich ein, um Zugang zu Ihrer Lizenz zu erhalten.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Springer Professional "Technik"

Springer Professional "Wirtschaft"

Premium Partner