SlideShare a Scribd company logo

A Study On Countermeasures Against Computer Virus Propagation Using An Agent-Based Approach

Sara Perez
Sara Perez

Academic Paper Writing Servicehttp://StudyHub.vip/A-Study-On-Countermeasures-Against-Comp

Education
1 of 8
Download to read offline
A Study on Countermeasures against Computer Virus Propagation Using an Agent-based Approach Masayuki Ishinishi^, Hideki Tanuma^, and Hiroshi Deguchi^ ^ C4 Systems Division, Air Staff Office, Japan Defense Agency, 5-1 Ichigaya-Honmura, Shinjuku, Tokyo 162-8804, Japan, ishinishi@fw.ipsj.or.jp ^ Interdisciphnary Graduate School of Science and Engineering, Tokyo Institute of Technology, 4259 Nagatsuta, Midori, Yokohama 226-8502, Japan, tanuma@cs.dis.titech.ac.jp, deguchi@dis.titech.ac.jp Summary. An increase of computer viruses in recent years caused big damage on the Internet or intranet in public offices and enterprises. The damage influences at the life of the people and becomes serious problems. This paper aims to study anti-virus policies to limit damage of network system from aspects of network operation. The authors propose a diffusion model of computer viruses using agent-based approach and clarify diffusion phenomena by simulations. They also consider countermeasures against computer virus propagation by means of aforesaid method. Key words, computer virus propagation, agent-based approach, SOARS 1 Introduction The recent prevalence of computer viruses that infect by merely connection into the Internet has given companies and government and other public offices major damages (IPA 2005). Though some information systems have been prevented from computer virus infection by means of closed network isolated from the Internet, the epidemic occurred since an infected laptop computer was brought into such closed network. The outbreak triggered the realization of the importance of security measures. There are many studies focused on the similarities between contagious dis- eases and computer viruses, the spreading of computer viruses is mainly analyzed based on the propagation model of contagious diseases (Sengoku 1996)(Okamoto 2001)(Hayashi 2004). However, There are few studies considered users, system man- agers, and the effect of personnel's operation and individual persons' behaviors on protection from spreading. Thus, this research aims to examine the protective measures that minimize the damage in case of spreading computer virus infection within the Intranet of organiza- tions mainly in operational aspects. This study reports the results from the analysis of a spreading phenomenon of a computer virus through the simulation by using the agent-based approach. The agent-based approach is suitable for description of issues in an analysis of effects on the whole system. The authors employ SOARS (Spot Oriented Agent Role Simulator), which uses the features of interactions as the
90 Networks simulation environment for the analysis of the spreading phenomenon of computer viruses (Deguchi 2004). 2 Simulation Process based on SOARS SOARS equips the declarative script language, which describes the action role of agents, and the procedural action sequence control, which is based on the concept called "stage" that possesses causal sequences. In SOARS, the location in which agents move and interact is called "spot," which consists of the objects indicating the state as shown in Fig.l. The dynamic control con guration of SOARS consists of "step," which shows the unit of spreading time on simulations and "stage," which indicates the causal sequences within a step. The time is indicated in discrete time. There are nine stages in our model. " Set-up Stage" means set-up of agents and spots. "Moving Stage" means the movement of agents between spots. "Internet In- fection Stage" means the computer viral infection on the Internet. "LAN Infection Stage" means the computer viral infection in LAN. "WAN Infection Stage" means the computer viral infection in WAN. "Symptom Stage" means the destruction of data by the infected computer by the computer virus. "Detecting and Notifying Stage" means the detection of the computer viral infection and noti cation to other users and managers. "Disconnected Stage" means the disconnection from the net- work. " Countermeasure Stage" means the adopting of security patches. Fig. 1. Simulation Processes Based on ^.^ ^ Hypothetical Network. SOARS. 3 Simulation Model 3.1 Modeling of Network This research deals with the Intranet and Internet. The Intranet which consists of LAN and WAN refers to the closed environment without the Internet connection as summarized in Fig.2. The network is considered as spot, and computers are regarded as agents. The connection of computers to the network is indicated by the existence of agents in a spot. If the agent exists in the Disconnected Spot, the computer is disconnected and in stand-alone. Also, if it exists in the LAN Spot, the computer is connected to LAN. If the agent exists in the WAN Spot, the computer is connected
A Study on Countermeasures against Computer Virus Propagation Using an Agent-Based Approach 91 Fig. 3. Modeling of Network. Fig. 4. Computer Virus Infection State. to WAN. If the agent exists in the Internet Spot, the computer is connected to the Internet. Using the spot structure of SOARS, the network structure in Fig.2 can be illus- trated as that in Fig.3. For example, when user (a) connects a desktop computer to the network using WAN, exchanges data, and disconnects the network, an agent performs the following operations within the same step in the simulation: (1) it con- nects with the network by moving from the Disconnected Spot to the LAN Spot and exchanges data with the computers in the LAN, (2) by moving from the LAN Spot to the WAN Spot, it exchanges data with the computers in the WAN network, (3) it disconnects itself from the network by moving from the WAN Spot to the Disconnected Spot. 3.2 State of Computer The state of computer is categorized into three: state of viral infection, state of data, and state of OS. The details are summarized in Fig.4. In the state of computer viral infection, we employ SIR model as well as previous studies. In terms of the state of data, there are two states: "Normal" and "Crashed." In the Symptom stage, when a computer changes from the "Susceptible" to "In- fected" and the computer virus develops with probability Pi the state changes from "Normal" to "Crashed." The state of OS is divided into "Normal" and "BreakDown." In the Counter- measure Stage, when a computer is in "Susceptible" or "Infected" state, by adopting security patches, a breakdown of the system due to the adverse effect of the security patches takes place with probability P2, and the state of OS changes from "Normal" to "BreakDown." 3.3 State of Computer Viruses The computer virus with which our research deals is a computer worm, and it is infected when an infected computer by the virus connects to the network with which another computer that possesses vulnerability to the computer virus is con- nected. On the LAN, WAN, and Internet, a computer virus spreads from "Infected"
92 Networks computer to a "Susceptible" one in the Infection stages. A virus is infected to one of the "Susceptible" computers connected with the same Spot as summarized in Fig.5. When the infecting behavior of a computer virus is illustrated with the spot ori- entation model, the computer virus is considered as a change in an internal attribute of an agent, namely the computer. Fig. 5. Modeling of Computer Virus Infection. 4 Simulation The simulation in this study is to analyze how a computer virus spreads over when an infected terminal is connected to a closed Intranet and what effects coun- termeasures by disconnecting the network and adopting security patches have on the protection of the information system. The authors consider a network in which LAN with 100 nodes is connected to WAN as shown in Fig.2. Within the LAN nodes, there are 100 computers, and in the initial condition, it is assumed that one terminal in the whole network is infected by a computer virus. When symptoms emerge, the probability of detection of the computer virus by the terminal user is designated as 100 % because the symptoms appear on the computer screen and they can apparently be found. Furthermore, the probability of the detection at the time of infection is set as 50 %, given the user's condition in installation of antivirus software and the user's reaction to the message from the antivirus software. Also the probability that the terminal user noti es another when having a computer with an infected or a symptom and that another user takes a countermeasure when receiving the alert is set 50 %. Pi is set 1% and P2 is set 0.5%. Furthermore, the scenario for the countermeasures against the spreading of a computer virus should be considered. The scenario is divided into the following four: (1) how to detect the computer virus, (2) how a user alerts another when the terminal is infected or has a symptom, (3) how to disconnect the network to minimize the damage, and (4) which computers to adopt the extermination/security patches of the computer virus. The details are shown in Tablel. The conditions of simulation are prepared for forty major combinations of the scenarios.
A Study on Countermeasures against Computer Virus Propagation Using an Agent-Based Approach 93 Table 1. Simulation Scenario Category Detection Alerting Disconnection Target of Ex- termination Option Only Terminal with Symptoms Infected Terminal Neighborhood Alert Alert m LAN Nodes Alert to All Terminal Discon- nection Terminal with Symptoms Infected Terminal All Com- puters Nodes Disconnection Terminal with Symp- toms Infected Terminal All Computers Note Detect only the terminal with symptoms. Detect the terminal infected by a computer virus. Select and alert one user in the same LAN nodes randomly. Alert all users in the same LAN nodes. Alert all users connected to the WAN. Only terminal with symptoms is discon- nected and becomes in the stand-alone. Terminal infected by a computer virus is disconnected and becomes in the stand- alone. All computers in the LAN nodes are dis- connected and become in the stand-alone. The connection point from LAN nodes to WAN is disconnected. Exterminate the computer virus and apply security patches to only the terminal with symptoms. Exterminate the computer virus and apply security patches to the computers infected by a computer virus. Apply security patches to all computers. 5 Simulation Results The conditions of simulation can be classi ed into six groups as a result of simu- lation. The rst group includes following cases: (a) to do nothing, (b) disconnection of the terminal after the detection of infected or attacked terminal, (c) disconnec- tion of the neighbor terminal after the detection of infected or attacked terminal. The second group includes following cases: (a) extermination of the terminal after the detection of infected or attacked terminal, (b) extermination of the neighbor terminal after the detection of attacked terminals. The third group only consists of extermination of the terminal after the detection of infected or attacked terminal. The fourth group also consists of extermination of all the terminals in the LAN after the detection of infected or attacked terminals. The fth group includes following cases: (a) disconnection of all the terminals include infected or attacked terminal in the same LAN after the detection of infected or attacked terminal, (b) disconnection of all the LAN nodes after the detection of infected or attacked terminal, The six group only consists of extermination of all the terminals in WAN after the detection of infected terminals.
94 Networks Groupli~^^-< *^™"P 2 Group 5 Group 6 ^^v^ / 201 251 301 351 401 451 Step 1 51 101 151 201 251 301 351 401 451 501 Step Fig. 6. The Number of Infected Comput- Fig. 7. The Number of Available Com- ers, puters. Fig.6 shows the change in the number of infected computers, and Fig.7 shows the change in the number of available computers; the horizontal axis represents time (step), and the vertical represents the number of the computers. In the rst group, the number of infected computers increases, and the number of available computers decreases because the virus spreads and develops its symptoms before disconnection of terminals. In the second group, although the number of infected computers decreases with time after an increase at the beginning, the number of available computers decreases as well as the rst group. As a cause for this effect, it can be pointed out that the countermeasures cannot be in time for the solution because the adoption of the extermination and security patches keeps falhng behind the spreading out (infection) of the computer virus, and at the time of the extermination of the virus, the expansive infection among other computers has already begun. In the third group, however, the countermeasures are taken before the spreading of infection of the virus, and the extermination and security patches are performed before the virus develops its symptoms; the promptness can maintain the number of the available computers. In the fourth group, the number of the available computers maintains since the countermeasures are taken before the infection and development of the symptoms of the computer virus and the infection does not spread out. This group is identi ed in case of that the user of the terminal with infection or symptoms alerts all other users in the LAN network, and this group shows even more immediate counter- measures than these in the third group whose case is that the user noti es merely neighborhood. In fth group, the user of the terminal with infection or symptoms noti es or alerts all other users in the LAN or Computer Security Incident Response Team (CSIRT), and the LAN nodes are separated from the WAN. In these cases, although the extermination and security patches are not per- formed, by disconnecting the LAN nodes, the further spreading outside the LAN with the symptoms can be stopped, and in this way, the spreading of the infection can be minimized without the extermination measure. The sixth group includes the cases in which the user of the terminal with infection or symptoms noti es the CSIRT, and through the alert from the CSIRT, all terminal users take countermeasures such as adopting the extermination and security patches. In these cases, whether or not the LAN nodes are separated from the WAN, all users can promptly take the countermeasures immediately after the detection of
A Study on Countermeasures against Computer Virus Propagation Using an Agent-Based Approach 95 infection or symptoms, so early extermination measures are possible, and the spread and development of the symptoms of the computer virus cease with rare cases of emergence. 6 Discussion 6.1 How to Detect Infection and Send Virus Alert In the simulation, the probability of countermeasure-taking of the users when they detect or receive the virus alert is set as 50%. This probability can be considered the extent to which the users receive the security education. From the result of the simulation, making sure to notify the managers, CSIRT etc. so that they can take the countermeasures at the organizational level is more effective to prevent the spreading of the computer virus than individual users' countermeasures. 6.2 The Effective Extermination Method for Computer Virus The result of the simulation shows that it is difficult to protect the system merely by detecting the terminal with symptoms. Especially, the small-scale countermea- sures such as alerting only the neighborhood are ineffective in exterminating the computer virus. Moreover, as for the target of the terminal disconnection, disconnecting only the computers with infection or symptoms causes the further expansion of the computer virus because it begins spreading before being detected. Thus, a large-scale measure such as disconnecting the LAN nodes before the virus spreads into other LAN is needed. Chen et al. note that the area in which the users take countermeasures needs to expand more quickly than the computer virus spreads in order to prevent the spreading of the computer virus (Chen 2004). More speci cally, users, when they detect a viral infection, should never take countermeasures by themselves, but in- stead they must notify the CSIRT so that all users can share the information and take the countermeasures at the organizational level. Needless to say, the CSIRT must direct the users to disconnect their computers immediately from the network and exterminate the computer virus when they are noti ed. 6.3 The Countermeasures for Unknown Computer Virus As described above, a small-scale countermeasure such as alerting the neighbor- hood within the LAN is insufficient for the prevention from the spreading of the computer virus, and in doing so, the virus is highly likely to spread to the whole area. Therefore, the authors propose countermeasures for an unknown virus as follows. First, when a user noti es the CSIRT immediately after detecting the infection or symptoms, the CSIRT receiving the alert directs the manager of the LAN to dis- connect the connection point between the LAN and WAN to prevent the virus from spreading further. Then the manager disconnects the nodes close to the computers. When recovering the network, to con rm the infection state of the computers, to disconnect the infected computers, and to reconnect only the networks without infection are the necessary procedures.
96 Networks 7 Conclusion This research suggests the propagation model based on the agent-based approach to investigate the operational countermeasures for computer worms. It also exam- ines, by using simulation, the effects of different countermeasures in disconnecting infected computers and user's alerting on the minimization of the damage. The analysis of the simulation suggests effective countermeasures. These include: (1) a computer virus spreads throughout when a user detects the viral infection and takes a temporary countermeasure, (2) in order to take a countermeasure more quickly than the expansion of the virus, when the virus is detected, the global virus alert is needed, (3) immediately after the detection, the LAN nodes close to the WAN need to be disconnected rather than those close to computers. Furthermore, the results show that it is necessary to ensure that the users no- tify the manager, CSIRT and alike so that they can take countermeasures at the organizational level before the users take countermeasures for their own computers. It is also found that the global expansion of an unknown virus can be prevented by appropriate disconnecting operation of the network, even if there is no revision program for the unknown virus. Since the discussion of this research is limited to the simple network structure and computer worm, further research is needed to investigate the methods of predicting the expansion of computer viruses and effective countermeasures with the actual network structure taken into consideration. References Information Technology Promotion Agency, Japan (2005) Computer Virus Incident Reports, http://www.ipa.go.jp/security/english/virus/press/200504/virus200504- e.html Sengoku,Y., Okamoto,E., Mambo,M., Uematsu,T. (1996) Analysys of Infection and Distinction of Computer Viruses in Computer Networks, 1996 International Symposium on Information Theory and Its Applications Vol.2, pp.163 166 Sengoku, Y., Okamoto, E., Mambo, M., Uematsu, T. (1996) Analysys of Infection and Distinction of Computer Viruses in Computer Networks, 1996 International Symposium on Information Theory and Its Applications, Vol.2, pp. 163-166 Okamoto, T., Ishida, Y. (2001) The analysis of diffusion model of computer viruses via email. Transaction of the Institute of Electronics, Information and Communication Engineers, D-1, Vol. J84-D-I, No. 5, pp. 474-482 (in Japanese) Hayashi, Y. (2004) Epidemic SIR dynamics on scale-free networks, Proc. of International Symposium on Dynamical Systems Theory and Its Applications to Biology and Environmental Sciences, pp. 79. Deguchi, H., Tanuma, H., Shimizu, T. (2004) SOARS: Spot oriented agent role simulator-Design and agent bgised dynamical system. Proceedings of the Third International Workshop on Agent-based Approaches in Economic and Social Complex Systems (AESCS '04), pp. 49-56 Chen, L., Carley, KM. (2004) The impact of countermeasure spreading on the propagation of computer viruses. IEEE Transactions on Systems, Man and Cybernetics-Part B: Cybernetics, Vol. 34, No. 2, pp. 823-833. View publication stats View publication stats

Recommended

A secure routing process to simultaneously defend against false report and wo...
A secure routing process to simultaneously defend against false report and wo...A secure routing process to simultaneously defend against false report and wo...
A secure routing process to simultaneously defend against false report and wo...ieijjournal
 
Broadband network virus detection system based on bypass monitor
Broadband network virus detection system based on bypass monitorBroadband network virus detection system based on bypass monitor
Broadband network virus detection system based on bypass monitorUltraUploader
 
An anomalous behavior detection model in cloud computing
An anomalous behavior detection model in cloud computingAn anomalous behavior detection model in cloud computing
An anomalous behavior detection model in cloud computingredpel dot com
 
Limiting Self-Propagating Malware Based on Connection Failure Behavior
Limiting Self-Propagating Malware Based on Connection Failure Behavior Limiting Self-Propagating Malware Based on Connection Failure Behavior
Limiting Self-Propagating Malware Based on Connection Failure Behavior csandit
 
OpenFlow Security Threat Detection and Defense Services
OpenFlow Security Threat Detection and Defense ServicesOpenFlow Security Threat Detection and Defense Services
OpenFlow Security Threat Detection and Defense ServicesEswar Publications
 
H1803025360
H1803025360H1803025360
H1803025360IOSR Journals
 
Malware Risk Analysis on the Campus Network with Bayesian Belief Network
Malware Risk Analysis on the Campus Network with Bayesian Belief NetworkMalware Risk Analysis on the Campus Network with Bayesian Belief Network
Malware Risk Analysis on the Campus Network with Bayesian Belief NetworkIJNSA Journal
 
Malware Risk Analysis on the Campus Network with Bayesian Belief Network
Malware Risk Analysis on the Campus Network with Bayesian Belief NetworkMalware Risk Analysis on the Campus Network with Bayesian Belief Network
Malware Risk Analysis on the Campus Network with Bayesian Belief NetworkIJNSA Journal
 

Recommended

A secure routing process to simultaneously defend against false report and wo...
A secure routing process to simultaneously defend against false report and wo...A secure routing process to simultaneously defend against false report and wo...
A secure routing process to simultaneously defend against false report and wo...ieijjournal
 
Broadband network virus detection system based on bypass monitor
Broadband network virus detection system based on bypass monitorBroadband network virus detection system based on bypass monitor
Broadband network virus detection system based on bypass monitorUltraUploader
 
An anomalous behavior detection model in cloud computing
An anomalous behavior detection model in cloud computingAn anomalous behavior detection model in cloud computing
An anomalous behavior detection model in cloud computingredpel dot com
 
Limiting Self-Propagating Malware Based on Connection Failure Behavior
Limiting Self-Propagating Malware Based on Connection Failure Behavior Limiting Self-Propagating Malware Based on Connection Failure Behavior
Limiting Self-Propagating Malware Based on Connection Failure Behavior csandit
 
OpenFlow Security Threat Detection and Defense Services
OpenFlow Security Threat Detection and Defense ServicesOpenFlow Security Threat Detection and Defense Services
OpenFlow Security Threat Detection and Defense ServicesEswar Publications
 
H1803025360
H1803025360H1803025360
H1803025360IOSR Journals
 
Malware Risk Analysis on the Campus Network with Bayesian Belief Network
Malware Risk Analysis on the Campus Network with Bayesian Belief NetworkMalware Risk Analysis on the Campus Network with Bayesian Belief Network
Malware Risk Analysis on the Campus Network with Bayesian Belief NetworkIJNSA Journal
 
Malware Risk Analysis on the Campus Network with Bayesian Belief Network
Malware Risk Analysis on the Campus Network with Bayesian Belief NetworkMalware Risk Analysis on the Campus Network with Bayesian Belief Network
Malware Risk Analysis on the Campus Network with Bayesian Belief NetworkIJNSA Journal
 
Limiting self propagating malware based
Limiting self propagating malware basedLimiting self propagating malware based
Limiting self propagating malware basedIJNSA Journal
 
A05510105
A05510105A05510105
A05510105IOSR-JEN
 
An epidemic model of mobile phone virus
An epidemic model of mobile phone virusAn epidemic model of mobile phone virus
An epidemic model of mobile phone virusUltraUploader
 
A fault tolerance approach to computer viruses
A fault tolerance approach to computer virusesA fault tolerance approach to computer viruses
A fault tolerance approach to computer virusesUltraUploader
 
A New Way of Identifying DOS Attack Using Multivariate Correlation Analysis
A New Way of Identifying DOS Attack Using Multivariate Correlation AnalysisA New Way of Identifying DOS Attack Using Multivariate Correlation Analysis
A New Way of Identifying DOS Attack Using Multivariate Correlation Analysisijceronline
 
IRJET- The Hidden Virus Propagation Search Engine Attack
IRJET- The Hidden Virus Propagation Search Engine AttackIRJET- The Hidden Virus Propagation Search Engine Attack
IRJET- The Hidden Virus Propagation Search Engine AttackIRJET Journal
 
X-ware: a proof of concept malware utilizing artificial intelligence
X-ware: a proof of concept malware utilizing artificial intelligenceX-ware: a proof of concept malware utilizing artificial intelligence
X-ware: a proof of concept malware utilizing artificial intelligenceIJECEIAES
 
PROTOCOL ANALYSIS TO PREVENT STORM ATTACKS IN 3G MOBILE NETWORKS
PROTOCOL ANALYSIS TO PREVENT STORM ATTACKS IN 3G MOBILE NETWORKSPROTOCOL ANALYSIS TO PREVENT STORM ATTACKS IN 3G MOBILE NETWORKS
PROTOCOL ANALYSIS TO PREVENT STORM ATTACKS IN 3G MOBILE NETWORKSIJSRD
 
USING A DEEP UNDERSTANDING OF NETWORK ACTIVITIES FOR SECURITY EVENT MANAGEMENT
USING A DEEP UNDERSTANDING OF NETWORK ACTIVITIES FOR SECURITY EVENT MANAGEMENTUSING A DEEP UNDERSTANDING OF NETWORK ACTIVITIES FOR SECURITY EVENT MANAGEMENT
USING A DEEP UNDERSTANDING OF NETWORK ACTIVITIES FOR SECURITY EVENT MANAGEMENTIJNSA Journal
 
Secure intrusion detection and countermeasure selection in virtual system usi...
Secure intrusion detection and countermeasure selection in virtual system usi...Secure intrusion detection and countermeasure selection in virtual system usi...
Secure intrusion detection and countermeasure selection in virtual system usi...eSAT Publishing House
 
USING A DEEP UNDERSTANDING OF NETWORK ACTIVITIES FOR SECURITY EVENT MANAGEMENT
USING A DEEP UNDERSTANDING OF NETWORK ACTIVITIES FOR SECURITY EVENT MANAGEMENTUSING A DEEP UNDERSTANDING OF NETWORK ACTIVITIES FOR SECURITY EVENT MANAGEMENT
USING A DEEP UNDERSTANDING OF NETWORK ACTIVITIES FOR SECURITY EVENT MANAGEMENTIJNSA Journal
 
Cyber-Defensive Architecture for Networked Industrial Control Systems
Cyber-Defensive Architecture for Networked Industrial Control SystemsCyber-Defensive Architecture for Networked Industrial Control Systems
Cyber-Defensive Architecture for Networked Industrial Control SystemsIJEACS
 
Intrusion Detection Techniques In Mobile Networks
Intrusion Detection Techniques In Mobile NetworksIntrusion Detection Techniques In Mobile Networks
Intrusion Detection Techniques In Mobile NetworksIOSR Journals
 
L018118083.new ramya publication (1)
L018118083.new ramya publication (1)L018118083.new ramya publication (1)
L018118083.new ramya publication (1)IOSR Journals
 
FLOODING ATTACKS DETECTION OF MOBILE AGENTS IN IP NETWORKS
FLOODING ATTACKS DETECTION OF MOBILE AGENTS IN IP NETWORKSFLOODING ATTACKS DETECTION OF MOBILE AGENTS IN IP NETWORKS
FLOODING ATTACKS DETECTION OF MOBILE AGENTS IN IP NETWORKScsandit
 
Mitchell-TR12-slide.pptx
Mitchell-TR12-slide.pptxMitchell-TR12-slide.pptx
Mitchell-TR12-slide.pptxMahmoudElsisi11
 
Probabilistic models for anomaly detection based on usage of network traffic
Probabilistic models for anomaly detection based on usage of network trafficProbabilistic models for anomaly detection based on usage of network traffic
Probabilistic models for anomaly detection based on usage of network trafficAlexander Decker
 
Mansour Alirfan5632632IntroductionProposalResults.docx
Mansour Alirfan5632632IntroductionProposalResults.docxMansour Alirfan5632632IntroductionProposalResults.docx
Mansour Alirfan5632632IntroductionProposalResults.docxinfantsuk
 
Online Intrusion Alert Aggregation with Generative Data Stream Modeling
Online Intrusion Alert Aggregation with Generative Data Stream ModelingOnline Intrusion Alert Aggregation with Generative Data Stream Modeling
Online Intrusion Alert Aggregation with Generative Data Stream ModelingIJMER
 
A wireless intrusion detection system and a new attack model (synopsis)
A wireless intrusion detection system and a new attack model (synopsis)A wireless intrusion detection system and a new attack model (synopsis)
A wireless intrusion detection system and a new attack model (synopsis)Mumbai Academisc
 
Top 5 San Diego College Essay Tutors Wyzant Tutor
Top 5 San Diego College Essay Tutors Wyzant TutorTop 5 San Diego College Essay Tutors Wyzant Tutor
Top 5 San Diego College Essay Tutors Wyzant TutorSara Perez
 
Writing With Pencil Stock Photo. Image Of Eraser, Yellow - 245
Writing With Pencil Stock Photo. Image Of Eraser, Yellow - 245Writing With Pencil Stock Photo. Image Of Eraser, Yellow - 245
Writing With Pencil Stock Photo. Image Of Eraser, Yellow - 245Sara Perez
 

More Related Content

Similar to A Study On Countermeasures Against Computer Virus Propagation Using An Agent-Based Approach

Limiting self propagating malware based
Limiting self propagating malware basedLimiting self propagating malware based
Limiting self propagating malware basedIJNSA Journal
 
An epidemic model of mobile phone virus
An epidemic model of mobile phone virusAn epidemic model of mobile phone virus
An epidemic model of mobile phone virusUltraUploader
 
A fault tolerance approach to computer viruses
A fault tolerance approach to computer virusesA fault tolerance approach to computer viruses
A fault tolerance approach to computer virusesUltraUploader
 
A New Way of Identifying DOS Attack Using Multivariate Correlation Analysis
A New Way of Identifying DOS Attack Using Multivariate Correlation AnalysisA New Way of Identifying DOS Attack Using Multivariate Correlation Analysis
A New Way of Identifying DOS Attack Using Multivariate Correlation Analysisijceronline
 
IRJET- The Hidden Virus Propagation Search Engine Attack
IRJET- The Hidden Virus Propagation Search Engine AttackIRJET- The Hidden Virus Propagation Search Engine Attack
IRJET- The Hidden Virus Propagation Search Engine AttackIRJET Journal
 
X-ware: a proof of concept malware utilizing artificial intelligence
X-ware: a proof of concept malware utilizing artificial intelligenceX-ware: a proof of concept malware utilizing artificial intelligence
X-ware: a proof of concept malware utilizing artificial intelligenceIJECEIAES
 
PROTOCOL ANALYSIS TO PREVENT STORM ATTACKS IN 3G MOBILE NETWORKS
PROTOCOL ANALYSIS TO PREVENT STORM ATTACKS IN 3G MOBILE NETWORKSPROTOCOL ANALYSIS TO PREVENT STORM ATTACKS IN 3G MOBILE NETWORKS
PROTOCOL ANALYSIS TO PREVENT STORM ATTACKS IN 3G MOBILE NETWORKSIJSRD
 
USING A DEEP UNDERSTANDING OF NETWORK ACTIVITIES FOR SECURITY EVENT MANAGEMENT
USING A DEEP UNDERSTANDING OF NETWORK ACTIVITIES FOR SECURITY EVENT MANAGEMENTUSING A DEEP UNDERSTANDING OF NETWORK ACTIVITIES FOR SECURITY EVENT MANAGEMENT
USING A DEEP UNDERSTANDING OF NETWORK ACTIVITIES FOR SECURITY EVENT MANAGEMENTIJNSA Journal
 
Secure intrusion detection and countermeasure selection in virtual system usi...
Secure intrusion detection and countermeasure selection in virtual system usi...Secure intrusion detection and countermeasure selection in virtual system usi...
Secure intrusion detection and countermeasure selection in virtual system usi...eSAT Publishing House
 
USING A DEEP UNDERSTANDING OF NETWORK ACTIVITIES FOR SECURITY EVENT MANAGEMENT
USING A DEEP UNDERSTANDING OF NETWORK ACTIVITIES FOR SECURITY EVENT MANAGEMENTUSING A DEEP UNDERSTANDING OF NETWORK ACTIVITIES FOR SECURITY EVENT MANAGEMENT
USING A DEEP UNDERSTANDING OF NETWORK ACTIVITIES FOR SECURITY EVENT MANAGEMENTIJNSA Journal
 
Cyber-Defensive Architecture for Networked Industrial Control Systems
Cyber-Defensive Architecture for Networked Industrial Control SystemsCyber-Defensive Architecture for Networked Industrial Control Systems
Cyber-Defensive Architecture for Networked Industrial Control SystemsIJEACS
 
Intrusion Detection Techniques In Mobile Networks
Intrusion Detection Techniques In Mobile NetworksIntrusion Detection Techniques In Mobile Networks
Intrusion Detection Techniques In Mobile NetworksIOSR Journals
 
L018118083.new ramya publication (1)
L018118083.new ramya publication (1)L018118083.new ramya publication (1)
L018118083.new ramya publication (1)IOSR Journals
 
FLOODING ATTACKS DETECTION OF MOBILE AGENTS IN IP NETWORKS
FLOODING ATTACKS DETECTION OF MOBILE AGENTS IN IP NETWORKSFLOODING ATTACKS DETECTION OF MOBILE AGENTS IN IP NETWORKS
FLOODING ATTACKS DETECTION OF MOBILE AGENTS IN IP NETWORKScsandit
 
Mitchell-TR12-slide.pptx
Mitchell-TR12-slide.pptxMitchell-TR12-slide.pptx
Mitchell-TR12-slide.pptxMahmoudElsisi11
 
Probabilistic models for anomaly detection based on usage of network traffic
Probabilistic models for anomaly detection based on usage of network trafficProbabilistic models for anomaly detection based on usage of network traffic
Probabilistic models for anomaly detection based on usage of network trafficAlexander Decker
 
Mansour Alirfan5632632IntroductionProposalResults.docx
Mansour Alirfan5632632IntroductionProposalResults.docxMansour Alirfan5632632IntroductionProposalResults.docx
Mansour Alirfan5632632IntroductionProposalResults.docxinfantsuk
 
Online Intrusion Alert Aggregation with Generative Data Stream Modeling
Online Intrusion Alert Aggregation with Generative Data Stream ModelingOnline Intrusion Alert Aggregation with Generative Data Stream Modeling
Online Intrusion Alert Aggregation with Generative Data Stream ModelingIJMER
 
A wireless intrusion detection system and a new attack model (synopsis)
A wireless intrusion detection system and a new attack model (synopsis)A wireless intrusion detection system and a new attack model (synopsis)
A wireless intrusion detection system and a new attack model (synopsis)Mumbai Academisc
 

Similar to A Study On Countermeasures Against Computer Virus Propagation Using An Agent-Based Approach (20)

Limiting self propagating malware based
Limiting self propagating malware basedLimiting self propagating malware based
Limiting self propagating malware based
 
A05510105
A05510105A05510105
A05510105
 
An epidemic model of mobile phone virus
An epidemic model of mobile phone virusAn epidemic model of mobile phone virus
An epidemic model of mobile phone virus
 
A fault tolerance approach to computer viruses
A fault tolerance approach to computer virusesA fault tolerance approach to computer viruses
A fault tolerance approach to computer viruses
 
A New Way of Identifying DOS Attack Using Multivariate Correlation Analysis
A New Way of Identifying DOS Attack Using Multivariate Correlation AnalysisA New Way of Identifying DOS Attack Using Multivariate Correlation Analysis
A New Way of Identifying DOS Attack Using Multivariate Correlation Analysis
 
IRJET- The Hidden Virus Propagation Search Engine Attack
IRJET- The Hidden Virus Propagation Search Engine AttackIRJET- The Hidden Virus Propagation Search Engine Attack
IRJET- The Hidden Virus Propagation Search Engine Attack
 
X-ware: a proof of concept malware utilizing artificial intelligence
X-ware: a proof of concept malware utilizing artificial intelligenceX-ware: a proof of concept malware utilizing artificial intelligence
X-ware: a proof of concept malware utilizing artificial intelligence
 
PROTOCOL ANALYSIS TO PREVENT STORM ATTACKS IN 3G MOBILE NETWORKS
PROTOCOL ANALYSIS TO PREVENT STORM ATTACKS IN 3G MOBILE NETWORKSPROTOCOL ANALYSIS TO PREVENT STORM ATTACKS IN 3G MOBILE NETWORKS
PROTOCOL ANALYSIS TO PREVENT STORM ATTACKS IN 3G MOBILE NETWORKS
 
USING A DEEP UNDERSTANDING OF NETWORK ACTIVITIES FOR SECURITY EVENT MANAGEMENT
USING A DEEP UNDERSTANDING OF NETWORK ACTIVITIES FOR SECURITY EVENT MANAGEMENTUSING A DEEP UNDERSTANDING OF NETWORK ACTIVITIES FOR SECURITY EVENT MANAGEMENT
USING A DEEP UNDERSTANDING OF NETWORK ACTIVITIES FOR SECURITY EVENT MANAGEMENT
 
Secure intrusion detection and countermeasure selection in virtual system usi...
Secure intrusion detection and countermeasure selection in virtual system usi...Secure intrusion detection and countermeasure selection in virtual system usi...
Secure intrusion detection and countermeasure selection in virtual system usi...
 
USING A DEEP UNDERSTANDING OF NETWORK ACTIVITIES FOR SECURITY EVENT MANAGEMENT
USING A DEEP UNDERSTANDING OF NETWORK ACTIVITIES FOR SECURITY EVENT MANAGEMENTUSING A DEEP UNDERSTANDING OF NETWORK ACTIVITIES FOR SECURITY EVENT MANAGEMENT
USING A DEEP UNDERSTANDING OF NETWORK ACTIVITIES FOR SECURITY EVENT MANAGEMENT
 
Cyber-Defensive Architecture for Networked Industrial Control Systems
Cyber-Defensive Architecture for Networked Industrial Control SystemsCyber-Defensive Architecture for Networked Industrial Control Systems
Cyber-Defensive Architecture for Networked Industrial Control Systems
 
Intrusion Detection Techniques In Mobile Networks
Intrusion Detection Techniques In Mobile NetworksIntrusion Detection Techniques In Mobile Networks
Intrusion Detection Techniques In Mobile Networks
 
L018118083.new ramya publication (1)
L018118083.new ramya publication (1)L018118083.new ramya publication (1)
L018118083.new ramya publication (1)
 
FLOODING ATTACKS DETECTION OF MOBILE AGENTS IN IP NETWORKS
FLOODING ATTACKS DETECTION OF MOBILE AGENTS IN IP NETWORKSFLOODING ATTACKS DETECTION OF MOBILE AGENTS IN IP NETWORKS
FLOODING ATTACKS DETECTION OF MOBILE AGENTS IN IP NETWORKS
 
Mitchell-TR12-slide.pptx
Mitchell-TR12-slide.pptxMitchell-TR12-slide.pptx
Mitchell-TR12-slide.pptx
 
Probabilistic models for anomaly detection based on usage of network traffic
Probabilistic models for anomaly detection based on usage of network trafficProbabilistic models for anomaly detection based on usage of network traffic
Probabilistic models for anomaly detection based on usage of network traffic
 
Mansour Alirfan5632632IntroductionProposalResults.docx
Mansour Alirfan5632632IntroductionProposalResults.docxMansour Alirfan5632632IntroductionProposalResults.docx
Mansour Alirfan5632632IntroductionProposalResults.docx
 
Online Intrusion Alert Aggregation with Generative Data Stream Modeling
Online Intrusion Alert Aggregation with Generative Data Stream ModelingOnline Intrusion Alert Aggregation with Generative Data Stream Modeling
Online Intrusion Alert Aggregation with Generative Data Stream Modeling
 
A wireless intrusion detection system and a new attack model (synopsis)
A wireless intrusion detection system and a new attack model (synopsis)A wireless intrusion detection system and a new attack model (synopsis)
A wireless intrusion detection system and a new attack model (synopsis)
 

More from Sara Perez

Top 5 San Diego College Essay Tutors Wyzant Tutor
Top 5 San Diego College Essay Tutors Wyzant TutorTop 5 San Diego College Essay Tutors Wyzant Tutor
Top 5 San Diego College Essay Tutors Wyzant TutorSara Perez
 
Writing With Pencil Stock Photo. Image Of Eraser, Yellow - 245
Writing With Pencil Stock Photo. Image Of Eraser, Yellow - 245Writing With Pencil Stock Photo. Image Of Eraser, Yellow - 245
Writing With Pencil Stock Photo. Image Of Eraser, Yellow - 245Sara Perez
 
Homeschool Writing Grading Rubric (Printable) - BJU Pre
Homeschool Writing Grading Rubric (Printable) - BJU PreHomeschool Writing Grading Rubric (Printable) - BJU Pre
Homeschool Writing Grading Rubric (Printable) - BJU PreSara Perez
 
Nursing Essay Writing Services Writing Services, Essay Writing, Essay
Nursing Essay Writing Services Writing Services, Essay Writing, EssayNursing Essay Writing Services Writing Services, Essay Writing, Essay
Nursing Essay Writing Services Writing Services, Essay Writing, EssaySara Perez
 
Autumn Fairy Writing Paper. Online assignment writing service.
Autumn Fairy Writing Paper. Online assignment writing service.Autumn Fairy Writing Paper. Online assignment writing service.
Autumn Fairy Writing Paper. Online assignment writing service.Sara Perez
 
College Sample Scholarship Essays Master Of Template Do
College Sample Scholarship Essays Master Of Template DoCollege Sample Scholarship Essays Master Of Template Do
College Sample Scholarship Essays Master Of Template DoSara Perez
 
Music Writing Book Music Manuscript Line Paper For
Music Writing Book Music Manuscript Line Paper ForMusic Writing Book Music Manuscript Line Paper For
Music Writing Book Music Manuscript Line Paper ForSara Perez
 
Apa Research Papers - Write My Custom Paper.
Apa Research Papers - Write My Custom Paper.Apa Research Papers - Write My Custom Paper.
Apa Research Papers - Write My Custom Paper.Sara Perez
 
A Very Short Story Analysis. In Our Time A Very Short Story Summary
A Very Short Story Analysis. In Our Time A Very Short Story SummaryA Very Short Story Analysis. In Our Time A Very Short Story Summary
A Very Short Story Analysis. In Our Time A Very Short Story SummarySara Perez
 
Essay About Nature And Environment Free Essay E
Essay About Nature And Environment Free Essay EEssay About Nature And Environment Free Essay E
Essay About Nature And Environment Free Essay ESara Perez
 
Dreaded Research Essay Example Thatsnotus
Dreaded Research Essay Example ThatsnotusDreaded Research Essay Example Thatsnotus
Dreaded Research Essay Example ThatsnotusSara Perez
 
Incorporating Sources Into Your Research Paper
Incorporating Sources Into Your Research PaperIncorporating Sources Into Your Research Paper
Incorporating Sources Into Your Research PaperSara Perez
 
Essay On Nature 10 Lines To 250 Words Class 1-10 - Study-Phi
Essay On Nature 10 Lines To 250 Words Class 1-10 - Study-PhiEssay On Nature 10 Lines To 250 Words Class 1-10 - Study-Phi
Essay On Nature 10 Lines To 250 Words Class 1-10 - Study-PhiSara Perez
 
Great Writing 3 From Great Paragraphs To Great Essays
Great Writing 3 From Great Paragraphs To Great EssaysGreat Writing 3 From Great Paragraphs To Great Essays
Great Writing 3 From Great Paragraphs To Great EssaysSara Perez
 
How To Write A Cover Page For A Research Paper - R
How To Write A Cover Page For A Research Paper - RHow To Write A Cover Page For A Research Paper - R
How To Write A Cover Page For A Research Paper - RSara Perez
 
Phd Statement Of Purpose Sample Essays Classles
Phd Statement Of Purpose Sample Essays ClasslesPhd Statement Of Purpose Sample Essays Classles
Phd Statement Of Purpose Sample Essays ClasslesSara Perez
 
How To Write A Summary Summary Writing, Essay Wr
How To Write A Summary Summary Writing, Essay WrHow To Write A Summary Summary Writing, Essay Wr
How To Write A Summary Summary Writing, Essay WrSara Perez
 
Sample College Paper Format - Essay Example For College. 9 Coll
Sample College Paper Format - Essay Example For College. 9 CollSample College Paper Format - Essay Example For College. 9 Coll
Sample College Paper Format - Essay Example For College. 9 CollSara Perez
 
How To Write A Cause And Effect Essay Outline, Step
How To Write A Cause And Effect Essay Outline, StepHow To Write A Cause And Effect Essay Outline, Step
How To Write A Cause And Effect Essay Outline, StepSara Perez
 
Law Essay Writing Service Australia - Expert Custom
Law Essay Writing Service Australia - Expert CustomLaw Essay Writing Service Australia - Expert Custom
Law Essay Writing Service Australia - Expert CustomSara Perez
 

More from Sara Perez (20)

Top 5 San Diego College Essay Tutors Wyzant Tutor
Top 5 San Diego College Essay Tutors Wyzant TutorTop 5 San Diego College Essay Tutors Wyzant Tutor
Top 5 San Diego College Essay Tutors Wyzant Tutor
 
Writing With Pencil Stock Photo. Image Of Eraser, Yellow - 245
Writing With Pencil Stock Photo. Image Of Eraser, Yellow - 245Writing With Pencil Stock Photo. Image Of Eraser, Yellow - 245
Writing With Pencil Stock Photo. Image Of Eraser, Yellow - 245
 
Homeschool Writing Grading Rubric (Printable) - BJU Pre
Homeschool Writing Grading Rubric (Printable) - BJU PreHomeschool Writing Grading Rubric (Printable) - BJU Pre
Homeschool Writing Grading Rubric (Printable) - BJU Pre
 
Nursing Essay Writing Services Writing Services, Essay Writing, Essay
Nursing Essay Writing Services Writing Services, Essay Writing, EssayNursing Essay Writing Services Writing Services, Essay Writing, Essay
Nursing Essay Writing Services Writing Services, Essay Writing, Essay
 
Autumn Fairy Writing Paper. Online assignment writing service.
Autumn Fairy Writing Paper. Online assignment writing service.Autumn Fairy Writing Paper. Online assignment writing service.
Autumn Fairy Writing Paper. Online assignment writing service.
 
College Sample Scholarship Essays Master Of Template Do
College Sample Scholarship Essays Master Of Template DoCollege Sample Scholarship Essays Master Of Template Do
College Sample Scholarship Essays Master Of Template Do
 
Music Writing Book Music Manuscript Line Paper For
Music Writing Book Music Manuscript Line Paper ForMusic Writing Book Music Manuscript Line Paper For
Music Writing Book Music Manuscript Line Paper For
 
Apa Research Papers - Write My Custom Paper.
Apa Research Papers - Write My Custom Paper.Apa Research Papers - Write My Custom Paper.
Apa Research Papers - Write My Custom Paper.
 
A Very Short Story Analysis. In Our Time A Very Short Story Summary
A Very Short Story Analysis. In Our Time A Very Short Story SummaryA Very Short Story Analysis. In Our Time A Very Short Story Summary
A Very Short Story Analysis. In Our Time A Very Short Story Summary
 
Essay About Nature And Environment Free Essay E
Essay About Nature And Environment Free Essay EEssay About Nature And Environment Free Essay E
Essay About Nature And Environment Free Essay E
 
Dreaded Research Essay Example Thatsnotus
Dreaded Research Essay Example ThatsnotusDreaded Research Essay Example Thatsnotus
Dreaded Research Essay Example Thatsnotus
 
Incorporating Sources Into Your Research Paper
Incorporating Sources Into Your Research PaperIncorporating Sources Into Your Research Paper
Incorporating Sources Into Your Research Paper
 
Essay On Nature 10 Lines To 250 Words Class 1-10 - Study-Phi
Essay On Nature 10 Lines To 250 Words Class 1-10 - Study-PhiEssay On Nature 10 Lines To 250 Words Class 1-10 - Study-Phi
Essay On Nature 10 Lines To 250 Words Class 1-10 - Study-Phi
 
Great Writing 3 From Great Paragraphs To Great Essays
Great Writing 3 From Great Paragraphs To Great EssaysGreat Writing 3 From Great Paragraphs To Great Essays
Great Writing 3 From Great Paragraphs To Great Essays
 
How To Write A Cover Page For A Research Paper - R
How To Write A Cover Page For A Research Paper - RHow To Write A Cover Page For A Research Paper - R
How To Write A Cover Page For A Research Paper - R
 
Phd Statement Of Purpose Sample Essays Classles
Phd Statement Of Purpose Sample Essays ClasslesPhd Statement Of Purpose Sample Essays Classles
Phd Statement Of Purpose Sample Essays Classles
 
How To Write A Summary Summary Writing, Essay Wr
How To Write A Summary Summary Writing, Essay WrHow To Write A Summary Summary Writing, Essay Wr
How To Write A Summary Summary Writing, Essay Wr
 
Sample College Paper Format - Essay Example For College. 9 Coll
Sample College Paper Format - Essay Example For College. 9 CollSample College Paper Format - Essay Example For College. 9 Coll
Sample College Paper Format - Essay Example For College. 9 Coll
 
How To Write A Cause And Effect Essay Outline, Step
How To Write A Cause And Effect Essay Outline, StepHow To Write A Cause And Effect Essay Outline, Step
How To Write A Cause And Effect Essay Outline, Step
 
Law Essay Writing Service Australia - Expert Custom
Law Essay Writing Service Australia - Expert CustomLaw Essay Writing Service Australia - Expert Custom
Law Essay Writing Service Australia - Expert Custom
 

Recently uploaded

How to Give a Domain for a Field in Odoo 17
How to Give a Domain for a Field in Odoo 17How to Give a Domain for a Field in Odoo 17
How to Give a Domain for a Field in Odoo 17Celine George
 
Beyond the EU: DORA and NIS 2 Directive's Global Impact
Beyond the EU: DORA and NIS 2 Directive's Global ImpactBeyond the EU: DORA and NIS 2 Directive's Global Impact
Beyond the EU: DORA and NIS 2 Directive's Global ImpactPECB
 
Grant Readiness 101 TechSoup and Remy Consulting
Grant Readiness 101 TechSoup and Remy ConsultingGrant Readiness 101 TechSoup and Remy Consulting
Grant Readiness 101 TechSoup and Remy ConsultingTechSoup
 
Making and Justifying Mathematical Decisions.pdf
Making and Justifying Mathematical Decisions.pdfMaking and Justifying Mathematical Decisions.pdf
Making and Justifying Mathematical Decisions.pdfChris Hunter
 
Gardella_PRCampaignConclusion Pitch Letter
Gardella_PRCampaignConclusion Pitch LetterGardella_PRCampaignConclusion Pitch Letter
Gardella_PRCampaignConclusion Pitch LetterMateoGardella
 
Basic Civil Engineering first year Notes- Chapter 4 Building.pptx
Basic Civil Engineering first year Notes- Chapter 4 Building.pptxBasic Civil Engineering first year Notes- Chapter 4 Building.pptx
Basic Civil Engineering first year Notes- Chapter 4 Building.pptxDenish Jangid
 
PROCESS RECORDING FORMAT.docx
PROCESS RECORDING FORMAT.docxPROCESS RECORDING FORMAT.docx
PROCESS RECORDING FORMAT.docxPoojaSen20
 
Measures of Central Tendency: Mean, Median and Mode
Measures of Central Tendency: Mean, Median and ModeMeasures of Central Tendency: Mean, Median and Mode
Measures of Central Tendency: Mean, Median and ModeThiyagu K
 
Class 11th Physics NEET formula sheet pdf
Class 11th Physics NEET formula sheet pdfClass 11th Physics NEET formula sheet pdf
Class 11th Physics NEET formula sheet pdfAyushMahapatra5
 
An Overview of Mutual Funds Bcom Project.pdf
An Overview of Mutual Funds Bcom Project.pdfAn Overview of Mutual Funds Bcom Project.pdf
An Overview of Mutual Funds Bcom Project.pdfSanaAli374401
 
Nutritional Needs Presentation - HLTH 104
Nutritional Needs Presentation - HLTH 104Nutritional Needs Presentation - HLTH 104
Nutritional Needs Presentation - HLTH 104misteraugie
 
Application orientated numerical on hev.ppt
Application orientated numerical on hev.pptApplication orientated numerical on hev.ppt
Application orientated numerical on hev.pptRamjanShidvankar
 
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...EduSkills OECD
 
Ecological Succession. ( ECOSYSTEM, B. Pharmacy, 1st Year, Sem-II, Environmen...
Ecological Succession. ( ECOSYSTEM, B. Pharmacy, 1st Year, Sem-II, Environmen...Ecological Succession. ( ECOSYSTEM, B. Pharmacy, 1st Year, Sem-II, Environmen...
Ecological Succession. ( ECOSYSTEM, B. Pharmacy, 1st Year, Sem-II, Environmen...Shubhangi Sonawane
 
APM Welcome, APM North West Network Conference, Synergies Across Sectors
APM Welcome, APM North West Network Conference, Synergies Across SectorsAPM Welcome, APM North West Network Conference, Synergies Across Sectors
APM Welcome, APM North West Network Conference, Synergies Across SectorsAssociation for Project Management
 
psychiatric nursing HISTORY COLLECTION .docx
psychiatric nursing HISTORY COLLECTION .docxpsychiatric nursing HISTORY COLLECTION .docx
psychiatric nursing HISTORY COLLECTION .docxPoojaSen20
 
microwave assisted reaction. General introduction
microwave assisted reaction. General introductionmicrowave assisted reaction. General introduction
microwave assisted reaction. General introductionMaksud Ahmed
 
Gardella_Mateo_IntellectualProperty.pdf.
Gardella_Mateo_IntellectualProperty.pdf.Gardella_Mateo_IntellectualProperty.pdf.
Gardella_Mateo_IntellectualProperty.pdf.MateoGardella
 

Recently uploaded (20)

How to Give a Domain for a Field in Odoo 17
How to Give a Domain for a Field in Odoo 17How to Give a Domain for a Field in Odoo 17
How to Give a Domain for a Field in Odoo 17
 
Beyond the EU: DORA and NIS 2 Directive's Global Impact
Beyond the EU: DORA and NIS 2 Directive's Global ImpactBeyond the EU: DORA and NIS 2 Directive's Global Impact
Beyond the EU: DORA and NIS 2 Directive's Global Impact
 
Grant Readiness 101 TechSoup and Remy Consulting
Grant Readiness 101 TechSoup and Remy ConsultingGrant Readiness 101 TechSoup and Remy Consulting
Grant Readiness 101 TechSoup and Remy Consulting
 
Making and Justifying Mathematical Decisions.pdf
Making and Justifying Mathematical Decisions.pdfMaking and Justifying Mathematical Decisions.pdf
Making and Justifying Mathematical Decisions.pdf
 
Gardella_PRCampaignConclusion Pitch Letter
Gardella_PRCampaignConclusion Pitch LetterGardella_PRCampaignConclusion Pitch Letter
Gardella_PRCampaignConclusion Pitch Letter
 
Basic Civil Engineering first year Notes- Chapter 4 Building.pptx
Basic Civil Engineering first year Notes- Chapter 4 Building.pptxBasic Civil Engineering first year Notes- Chapter 4 Building.pptx
Basic Civil Engineering first year Notes- Chapter 4 Building.pptx
 
PROCESS RECORDING FORMAT.docx
PROCESS RECORDING FORMAT.docxPROCESS RECORDING FORMAT.docx
PROCESS RECORDING FORMAT.docx
 
Measures of Central Tendency: Mean, Median and Mode
Measures of Central Tendency: Mean, Median and ModeMeasures of Central Tendency: Mean, Median and Mode
Measures of Central Tendency: Mean, Median and Mode
 
Class 11th Physics NEET formula sheet pdf
Class 11th Physics NEET formula sheet pdfClass 11th Physics NEET formula sheet pdf
Class 11th Physics NEET formula sheet pdf
 
An Overview of Mutual Funds Bcom Project.pdf
An Overview of Mutual Funds Bcom Project.pdfAn Overview of Mutual Funds Bcom Project.pdf
An Overview of Mutual Funds Bcom Project.pdf
 
Nutritional Needs Presentation - HLTH 104
Nutritional Needs Presentation - HLTH 104Nutritional Needs Presentation - HLTH 104
Nutritional Needs Presentation - HLTH 104
 
Application orientated numerical on hev.ppt
Application orientated numerical on hev.pptApplication orientated numerical on hev.ppt
Application orientated numerical on hev.ppt
 
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
 
Ecological Succession. ( ECOSYSTEM, B. Pharmacy, 1st Year, Sem-II, Environmen...
Ecological Succession. ( ECOSYSTEM, B. Pharmacy, 1st Year, Sem-II, Environmen...Ecological Succession. ( ECOSYSTEM, B. Pharmacy, 1st Year, Sem-II, Environmen...
Ecological Succession. ( ECOSYSTEM, B. Pharmacy, 1st Year, Sem-II, Environmen...
 
APM Welcome, APM North West Network Conference, Synergies Across Sectors
APM Welcome, APM North West Network Conference, Synergies Across SectorsAPM Welcome, APM North West Network Conference, Synergies Across Sectors
APM Welcome, APM North West Network Conference, Synergies Across Sectors
 
psychiatric nursing HISTORY COLLECTION .docx
psychiatric nursing HISTORY COLLECTION .docxpsychiatric nursing HISTORY COLLECTION .docx
psychiatric nursing HISTORY COLLECTION .docx
 
microwave assisted reaction. General introduction
microwave assisted reaction. General introductionmicrowave assisted reaction. General introduction
microwave assisted reaction. General introduction
 
Mattingly "AI & Prompt Design: Structured Data, Assistants, & RAG"
Mattingly "AI & Prompt Design: Structured Data, Assistants, & RAG"Mattingly "AI & Prompt Design: Structured Data, Assistants, & RAG"
Mattingly "AI & Prompt Design: Structured Data, Assistants, & RAG"
 
Código Creativo y Arte de Software | Unidad 1
Código Creativo y Arte de Software | Unidad 1Código Creativo y Arte de Software | Unidad 1
Código Creativo y Arte de Software | Unidad 1
 
Gardella_Mateo_IntellectualProperty.pdf.
Gardella_Mateo_IntellectualProperty.pdf.Gardella_Mateo_IntellectualProperty.pdf.
Gardella_Mateo_IntellectualProperty.pdf.
 

A Study On Countermeasures Against Computer Virus Propagation Using An Agent-Based Approach

  • 1. A Study on Countermeasures against Computer Virus Propagation Using an Agent-based Approach Masayuki Ishinishi^, Hideki Tanuma^, and Hiroshi Deguchi^ ^ C4 Systems Division, Air Staff Office, Japan Defense Agency, 5-1 Ichigaya-Honmura, Shinjuku, Tokyo 162-8804, Japan, ishinishi@fw.ipsj.or.jp ^ Interdisciphnary Graduate School of Science and Engineering, Tokyo Institute of Technology, 4259 Nagatsuta, Midori, Yokohama 226-8502, Japan, tanuma@cs.dis.titech.ac.jp, deguchi@dis.titech.ac.jp Summary. An increase of computer viruses in recent years caused big damage on the Internet or intranet in public offices and enterprises. The damage influences at the life of the people and becomes serious problems. This paper aims to study anti-virus policies to limit damage of network system from aspects of network operation. The authors propose a diffusion model of computer viruses using agent-based approach and clarify diffusion phenomena by simulations. They also consider countermeasures against computer virus propagation by means of aforesaid method. Key words, computer virus propagation, agent-based approach, SOARS 1 Introduction The recent prevalence of computer viruses that infect by merely connection into the Internet has given companies and government and other public offices major damages (IPA 2005). Though some information systems have been prevented from computer virus infection by means of closed network isolated from the Internet, the epidemic occurred since an infected laptop computer was brought into such closed network. The outbreak triggered the realization of the importance of security measures. There are many studies focused on the similarities between contagious dis- eases and computer viruses, the spreading of computer viruses is mainly analyzed based on the propagation model of contagious diseases (Sengoku 1996)(Okamoto 2001)(Hayashi 2004). However, There are few studies considered users, system man- agers, and the effect of personnel's operation and individual persons' behaviors on protection from spreading. Thus, this research aims to examine the protective measures that minimize the damage in case of spreading computer virus infection within the Intranet of organiza- tions mainly in operational aspects. This study reports the results from the analysis of a spreading phenomenon of a computer virus through the simulation by using the agent-based approach. The agent-based approach is suitable for description of issues in an analysis of effects on the whole system. The authors employ SOARS (Spot Oriented Agent Role Simulator), which uses the features of interactions as the
  • 2. 90 Networks simulation environment for the analysis of the spreading phenomenon of computer viruses (Deguchi 2004). 2 Simulation Process based on SOARS SOARS equips the declarative script language, which describes the action role of agents, and the procedural action sequence control, which is based on the concept called "stage" that possesses causal sequences. In SOARS, the location in which agents move and interact is called "spot," which consists of the objects indicating the state as shown in Fig.l. The dynamic control con guration of SOARS consists of "step," which shows the unit of spreading time on simulations and "stage," which indicates the causal sequences within a step. The time is indicated in discrete time. There are nine stages in our model. " Set-up Stage" means set-up of agents and spots. "Moving Stage" means the movement of agents between spots. "Internet In- fection Stage" means the computer viral infection on the Internet. "LAN Infection Stage" means the computer viral infection in LAN. "WAN Infection Stage" means the computer viral infection in WAN. "Symptom Stage" means the destruction of data by the infected computer by the computer virus. "Detecting and Notifying Stage" means the detection of the computer viral infection and noti cation to other users and managers. "Disconnected Stage" means the disconnection from the net- work. " Countermeasure Stage" means the adopting of security patches. Fig. 1. Simulation Processes Based on ^.^ ^ Hypothetical Network. SOARS. 3 Simulation Model 3.1 Modeling of Network This research deals with the Intranet and Internet. The Intranet which consists of LAN and WAN refers to the closed environment without the Internet connection as summarized in Fig.2. The network is considered as spot, and computers are regarded as agents. The connection of computers to the network is indicated by the existence of agents in a spot. If the agent exists in the Disconnected Spot, the computer is disconnected and in stand-alone. Also, if it exists in the LAN Spot, the computer is connected to LAN. If the agent exists in the WAN Spot, the computer is connected
  • 3. A Study on Countermeasures against Computer Virus Propagation Using an Agent-Based Approach 91 Fig. 3. Modeling of Network. Fig. 4. Computer Virus Infection State. to WAN. If the agent exists in the Internet Spot, the computer is connected to the Internet. Using the spot structure of SOARS, the network structure in Fig.2 can be illus- trated as that in Fig.3. For example, when user (a) connects a desktop computer to the network using WAN, exchanges data, and disconnects the network, an agent performs the following operations within the same step in the simulation: (1) it con- nects with the network by moving from the Disconnected Spot to the LAN Spot and exchanges data with the computers in the LAN, (2) by moving from the LAN Spot to the WAN Spot, it exchanges data with the computers in the WAN network, (3) it disconnects itself from the network by moving from the WAN Spot to the Disconnected Spot. 3.2 State of Computer The state of computer is categorized into three: state of viral infection, state of data, and state of OS. The details are summarized in Fig.4. In the state of computer viral infection, we employ SIR model as well as previous studies. In terms of the state of data, there are two states: "Normal" and "Crashed." In the Symptom stage, when a computer changes from the "Susceptible" to "In- fected" and the computer virus develops with probability Pi the state changes from "Normal" to "Crashed." The state of OS is divided into "Normal" and "BreakDown." In the Counter- measure Stage, when a computer is in "Susceptible" or "Infected" state, by adopting security patches, a breakdown of the system due to the adverse effect of the security patches takes place with probability P2, and the state of OS changes from "Normal" to "BreakDown." 3.3 State of Computer Viruses The computer virus with which our research deals is a computer worm, and it is infected when an infected computer by the virus connects to the network with which another computer that possesses vulnerability to the computer virus is con- nected. On the LAN, WAN, and Internet, a computer virus spreads from "Infected"
  • 4. 92 Networks computer to a "Susceptible" one in the Infection stages. A virus is infected to one of the "Susceptible" computers connected with the same Spot as summarized in Fig.5. When the infecting behavior of a computer virus is illustrated with the spot ori- entation model, the computer virus is considered as a change in an internal attribute of an agent, namely the computer. Fig. 5. Modeling of Computer Virus Infection. 4 Simulation The simulation in this study is to analyze how a computer virus spreads over when an infected terminal is connected to a closed Intranet and what effects coun- termeasures by disconnecting the network and adopting security patches have on the protection of the information system. The authors consider a network in which LAN with 100 nodes is connected to WAN as shown in Fig.2. Within the LAN nodes, there are 100 computers, and in the initial condition, it is assumed that one terminal in the whole network is infected by a computer virus. When symptoms emerge, the probability of detection of the computer virus by the terminal user is designated as 100 % because the symptoms appear on the computer screen and they can apparently be found. Furthermore, the probability of the detection at the time of infection is set as 50 %, given the user's condition in installation of antivirus software and the user's reaction to the message from the antivirus software. Also the probability that the terminal user noti es another when having a computer with an infected or a symptom and that another user takes a countermeasure when receiving the alert is set 50 %. Pi is set 1% and P2 is set 0.5%. Furthermore, the scenario for the countermeasures against the spreading of a computer virus should be considered. The scenario is divided into the following four: (1) how to detect the computer virus, (2) how a user alerts another when the terminal is infected or has a symptom, (3) how to disconnect the network to minimize the damage, and (4) which computers to adopt the extermination/security patches of the computer virus. The details are shown in Tablel. The conditions of simulation are prepared for forty major combinations of the scenarios.
  • 5. A Study on Countermeasures against Computer Virus Propagation Using an Agent-Based Approach 93 Table 1. Simulation Scenario Category Detection Alerting Disconnection Target of Ex- termination Option Only Terminal with Symptoms Infected Terminal Neighborhood Alert Alert m LAN Nodes Alert to All Terminal Discon- nection Terminal with Symptoms Infected Terminal All Com- puters Nodes Disconnection Terminal with Symp- toms Infected Terminal All Computers Note Detect only the terminal with symptoms. Detect the terminal infected by a computer virus. Select and alert one user in the same LAN nodes randomly. Alert all users in the same LAN nodes. Alert all users connected to the WAN. Only terminal with symptoms is discon- nected and becomes in the stand-alone. Terminal infected by a computer virus is disconnected and becomes in the stand- alone. All computers in the LAN nodes are dis- connected and become in the stand-alone. The connection point from LAN nodes to WAN is disconnected. Exterminate the computer virus and apply security patches to only the terminal with symptoms. Exterminate the computer virus and apply security patches to the computers infected by a computer virus. Apply security patches to all computers. 5 Simulation Results The conditions of simulation can be classi ed into six groups as a result of simu- lation. The rst group includes following cases: (a) to do nothing, (b) disconnection of the terminal after the detection of infected or attacked terminal, (c) disconnec- tion of the neighbor terminal after the detection of infected or attacked terminal. The second group includes following cases: (a) extermination of the terminal after the detection of infected or attacked terminal, (b) extermination of the neighbor terminal after the detection of attacked terminals. The third group only consists of extermination of the terminal after the detection of infected or attacked terminal. The fourth group also consists of extermination of all the terminals in the LAN after the detection of infected or attacked terminals. The fth group includes following cases: (a) disconnection of all the terminals include infected or attacked terminal in the same LAN after the detection of infected or attacked terminal, (b) disconnection of all the LAN nodes after the detection of infected or attacked terminal, The six group only consists of extermination of all the terminals in WAN after the detection of infected terminals.
  • 6. 94 Networks Groupli~^^-< *^™"P 2 Group 5 Group 6 ^^v^ / 201 251 301 351 401 451 Step 1 51 101 151 201 251 301 351 401 451 501 Step Fig. 6. The Number of Infected Comput- Fig. 7. The Number of Available Com- ers, puters. Fig.6 shows the change in the number of infected computers, and Fig.7 shows the change in the number of available computers; the horizontal axis represents time (step), and the vertical represents the number of the computers. In the rst group, the number of infected computers increases, and the number of available computers decreases because the virus spreads and develops its symptoms before disconnection of terminals. In the second group, although the number of infected computers decreases with time after an increase at the beginning, the number of available computers decreases as well as the rst group. As a cause for this effect, it can be pointed out that the countermeasures cannot be in time for the solution because the adoption of the extermination and security patches keeps falhng behind the spreading out (infection) of the computer virus, and at the time of the extermination of the virus, the expansive infection among other computers has already begun. In the third group, however, the countermeasures are taken before the spreading of infection of the virus, and the extermination and security patches are performed before the virus develops its symptoms; the promptness can maintain the number of the available computers. In the fourth group, the number of the available computers maintains since the countermeasures are taken before the infection and development of the symptoms of the computer virus and the infection does not spread out. This group is identi ed in case of that the user of the terminal with infection or symptoms alerts all other users in the LAN network, and this group shows even more immediate counter- measures than these in the third group whose case is that the user noti es merely neighborhood. In fth group, the user of the terminal with infection or symptoms noti es or alerts all other users in the LAN or Computer Security Incident Response Team (CSIRT), and the LAN nodes are separated from the WAN. In these cases, although the extermination and security patches are not per- formed, by disconnecting the LAN nodes, the further spreading outside the LAN with the symptoms can be stopped, and in this way, the spreading of the infection can be minimized without the extermination measure. The sixth group includes the cases in which the user of the terminal with infection or symptoms noti es the CSIRT, and through the alert from the CSIRT, all terminal users take countermeasures such as adopting the extermination and security patches. In these cases, whether or not the LAN nodes are separated from the WAN, all users can promptly take the countermeasures immediately after the detection of
  • 7. A Study on Countermeasures against Computer Virus Propagation Using an Agent-Based Approach 95 infection or symptoms, so early extermination measures are possible, and the spread and development of the symptoms of the computer virus cease with rare cases of emergence. 6 Discussion 6.1 How to Detect Infection and Send Virus Alert In the simulation, the probability of countermeasure-taking of the users when they detect or receive the virus alert is set as 50%. This probability can be considered the extent to which the users receive the security education. From the result of the simulation, making sure to notify the managers, CSIRT etc. so that they can take the countermeasures at the organizational level is more effective to prevent the spreading of the computer virus than individual users' countermeasures. 6.2 The Effective Extermination Method for Computer Virus The result of the simulation shows that it is difficult to protect the system merely by detecting the terminal with symptoms. Especially, the small-scale countermea- sures such as alerting only the neighborhood are ineffective in exterminating the computer virus. Moreover, as for the target of the terminal disconnection, disconnecting only the computers with infection or symptoms causes the further expansion of the computer virus because it begins spreading before being detected. Thus, a large-scale measure such as disconnecting the LAN nodes before the virus spreads into other LAN is needed. Chen et al. note that the area in which the users take countermeasures needs to expand more quickly than the computer virus spreads in order to prevent the spreading of the computer virus (Chen 2004). More speci cally, users, when they detect a viral infection, should never take countermeasures by themselves, but in- stead they must notify the CSIRT so that all users can share the information and take the countermeasures at the organizational level. Needless to say, the CSIRT must direct the users to disconnect their computers immediately from the network and exterminate the computer virus when they are noti ed. 6.3 The Countermeasures for Unknown Computer Virus As described above, a small-scale countermeasure such as alerting the neighbor- hood within the LAN is insufficient for the prevention from the spreading of the computer virus, and in doing so, the virus is highly likely to spread to the whole area. Therefore, the authors propose countermeasures for an unknown virus as follows. First, when a user noti es the CSIRT immediately after detecting the infection or symptoms, the CSIRT receiving the alert directs the manager of the LAN to dis- connect the connection point between the LAN and WAN to prevent the virus from spreading further. Then the manager disconnects the nodes close to the computers. When recovering the network, to con rm the infection state of the computers, to disconnect the infected computers, and to reconnect only the networks without infection are the necessary procedures.
  • 8. 96 Networks 7 Conclusion This research suggests the propagation model based on the agent-based approach to investigate the operational countermeasures for computer worms. It also exam- ines, by using simulation, the effects of different countermeasures in disconnecting infected computers and user's alerting on the minimization of the damage. The analysis of the simulation suggests effective countermeasures. These include: (1) a computer virus spreads throughout when a user detects the viral infection and takes a temporary countermeasure, (2) in order to take a countermeasure more quickly than the expansion of the virus, when the virus is detected, the global virus alert is needed, (3) immediately after the detection, the LAN nodes close to the WAN need to be disconnected rather than those close to computers. Furthermore, the results show that it is necessary to ensure that the users no- tify the manager, CSIRT and alike so that they can take countermeasures at the organizational level before the users take countermeasures for their own computers. It is also found that the global expansion of an unknown virus can be prevented by appropriate disconnecting operation of the network, even if there is no revision program for the unknown virus. Since the discussion of this research is limited to the simple network structure and computer worm, further research is needed to investigate the methods of predicting the expansion of computer viruses and effective countermeasures with the actual network structure taken into consideration. References Information Technology Promotion Agency, Japan (2005) Computer Virus Incident Reports, http://www.ipa.go.jp/security/english/virus/press/200504/virus200504- e.html Sengoku,Y., Okamoto,E., Mambo,M., Uematsu,T. (1996) Analysys of Infection and Distinction of Computer Viruses in Computer Networks, 1996 International Symposium on Information Theory and Its Applications Vol.2, pp.163 166 Sengoku, Y., Okamoto, E., Mambo, M., Uematsu, T. (1996) Analysys of Infection and Distinction of Computer Viruses in Computer Networks, 1996 International Symposium on Information Theory and Its Applications, Vol.2, pp. 163-166 Okamoto, T., Ishida, Y. (2001) The analysis of diffusion model of computer viruses via email. Transaction of the Institute of Electronics, Information and Communication Engineers, D-1, Vol. J84-D-I, No. 5, pp. 474-482 (in Japanese) Hayashi, Y. (2004) Epidemic SIR dynamics on scale-free networks, Proc. of International Symposium on Dynamical Systems Theory and Its Applications to Biology and Environmental Sciences, pp. 79. Deguchi, H., Tanuma, H., Shimizu, T. (2004) SOARS: Spot oriented agent role simulator-Design and agent bgised dynamical system. Proceedings of the Third International Workshop on Agent-based Approaches in Economic and Social Complex Systems (AESCS '04), pp. 49-56 Chen, L., Carley, KM. (2004) The impact of countermeasure spreading on the propagation of computer viruses. IEEE Transactions on Systems, Man and Cybernetics-Part B: Cybernetics, Vol. 34, No. 2, pp. 823-833. View publication stats View publication stats