PROMIS - a PROactiveMalware IdentificationSystemVasileios VlachosAlexandros PapanikolaouFotis Liatsis
Crowdsourcingcrowd·sourc·ing:to utilize (labor, information, etc.) contributed by the general publicto (a project), often via the Internet and without compensationCan you guess the exact weight of an ox…orthe exact number of the beans in a jar
Crowdsourcing Probably none of us could do it right ...but all of us together is another story…Crowdsourcing uses the collective wisdom of thecrowds as it collects large amounts of information and aggregates it to gain a complete andaccurate picture of a topic, based on the idea thata group of people is often more intelligent than an individual Photo (CC-BY) James Cridland.
CrowdsourcingC’mon be serious, who cares about oxenand coffee beans in jars ?Apparently the USS Navy (Dr John Craven wasappointed with a group of scientists) to locate themissing USS Scorpion in the Ocean…as well its two nuclear torpedoes. Bow section of the sunken Scorpion containing two nuclear torpedoes on the sea floor. US Navy photo.
CrowdsourcingYeah but that was old time ago๏ DARPA Network Challenge 2009Ten red balloons were released in various places in the US and theparticipants had to get the exact coordinates of the ballons.๏ Tag Challenge, funded by the US State Department 2012Three out 5 individuals in 5 different cities were identifiedand found from volunteers using crowdsourcing New York Washington DC Bratislava Stockholm
The Problem: Computerviruses… and wormsA computer worm is a standalone malware computer program that replicates itselfin order to spread to other computers. Often, it uses a computer network tospread itself Code Red 12h Slammmer 10m
Computer Viruses The lifecycle of an antivirus signature 1. Collect a suspicious file 2. Analyze the suspicious code 3. Create a virus signature 4. Test the signature to avoid identifying legitimate applications as malware 5. Push the update to the software clients How much time do we need to complete the above steps?
PROMIS - a PROactive MalwareIdentification System๏ PROMIS is an Early Warning System for rapidly-spreading computer viruses๏ PROMIS is a small software application which transform a PC in to a sensor๏ PROMIS needs only to have access to the log file of the security applications (Firewall and AntiVirus), no sensitive data are even read๏ PROMIS combines the basic concepts of crowdsourcing, biodiversity with epidemiology and public health (after all computer viruses have striking similarities with biological viruses)๏ PROMIS act preactively in order to protect against unknown threats and buys some time to user and AV vendors to provide signatures, patches and updates
The Question: Biodiversity vsMonocultures๏ Monoculture is the agricultural practice of producing or growing a single crop or plant species over a wide area and for a large number of consecutive years. In the field of computer science, monoculture is a community of computers that all run identical software. All the computer systems in the community have the same vulnerabilities, and, like agricultural monocultures, are subject to catastrophic failure in the event of a successful attack.๏ This concept is significant when discussing computer security and viruses. In particular, Dan Geer has argued that Microsoft is a monoculture, since a majority of the overall number of computers connected to the Internet are workstations and servers running versions of the Microsoft Windows operating system, many of which are vulnerable to the same attacks. Biodiversity on the hand utilizes different software and hardware architectures provides us with significant and useful information๏ Monocultures can lead to the quicker spread of diseases but๏ also keep costs down (economies of scale, standardization etc)
The Problem: ComputerVirusesIf a system isn’t vulnerable then the virus / worm attack isrecorded in the Antivirus / Firewall Log FileAn increase in the rate of attacks might indicate๏ Technical malfunctioning๏ A targeted attack๏ A virus epidemic
PROMIS - a PROactive Malware IdentificationSystem Locally interceptedPROactive malicious activity k åh n iMalware htn - i= t- k ptn = k kIdentification åh n i i= t- k kSystem Estimation of Internet threa level n åP t i pavg = i=1 n
PROMIS - a PROactive MalwareIdentification System
Proof of concept prototypes I Java 1.4 JXTA 1.1NetBiotic Windows XP Linux Outwit tools
Proof of concept prototypes II Windows XP SP1 MSP2P API C#, C++MSPROMIS ICF Outwit tools
SimulationThe simulator works fine (output close to the analyticalsolution) as well some other software tools that we havebuilt
SimulationA sufficient number of nodes survives theinfection according to the experimentalresults
ConclusionsWhat do we need from you?Your feedback, as well as your help to increaseour project’s visibility, because in order to build acrowdsourcing application you know we need….acrowd !Your ideas about a possible business plan tofacilitate the development and support of theplatform for sufficient time to attract adequateusers
SummarySome publications so no patents at all, sorry!๏ Vasileios Vlachos, and Diomidis Spinellis, A PRoactive Malware Identification System based on the Computer Hygiene Principles, Information Management & Computer Security, 15(4):295–312, 2007. (doi:10.1108/09685220710817815)๏ Vasileios Vlachos, Stefanos Androutsellis-Theotokis and Diomidis Spinellis, Security Applications of Peer-to-peer Networks, Computer Networks (Elsevier Science), Volume 45, Issue 2, pp 195-205, June 2004. (doi:10.1016/j.comnet.2004.01.002)๏ Vasileios Vlachos, Andreas Raptis, and Diomidis Spinellis PROMISing steps towards computer hygiene.", In Steven Furnell, editor, International Network Conference (INC2006), pages 229-236, July 2006, Plymouth, UK.Is the outcome of the PhD work of the 1st member under the supervision of Professor DiomidisSpinellis๏ PhD Thesis, "Security Applications of Peer to Peer Networks", Athens University of Economics and Business (AUEB), Athens, July 2007
Summary Our team: Vasileios Vlachos Alexandros PapanikoalouProfessor of Technological Researcher Fotis Liatsis Applications Technical University of Crete Undergraduate StudentTechnological Educational Technological Educational Institute of Larissa Institute of Larissa