Malware Pandemics

Abstract

This final technical report summarizes the research activities and technical results produced by SRI International for the ONR research project. The key objective of this project is to develop a principled approach toward understanding the structural and dynamic properties of large-scale malware pandemics in the Internet. In particular, there is an emphasis on studying the structural properties (network address translation (NATs), proxies, dynamic host configuration protocol DHCP effects) and dynamic properties (pandemic evolution), and how these properties evolve during the different phases of a malware life cycle. We conducted an in-depth reverse engineering of the peer-to-peer (P2P) protocol of Conficker and published this in the form of a web report [28]. Our efforts toward developing new techniques for tracking the structural properties of the Conficker population (such as percent of NAT and DHCP hosts) and building epidemic models for predicting the long-term influence of worms such as Conficker are detailed in this report.

Open PDF

Document Details

Document Type
Technical Report
Publication Date
Sep 01, 2010
Accession Number
ADA531166

Entities

People

  • Hassen Saidi
  • Phillip Porras
  • Vinod Yegneswaran

Organizations

  • SRI International

Tags

Communities of Interest

  • Cyber

DTIC Thesaurus Topics

  • Computer Programming
  • Computer Programs
  • Computers
  • Engineering
  • Internet
  • Local Area Networks
  • Malware
  • Mobile Computing
  • Mobile Devices
  • Mobile Phones
  • Network Protocols
  • Networks
  • Operating Systems
  • Shell Scripts
  • Smartphones
  • Social Networking Services
  • Structural Properties

Readers

  • Computer Networking
  • Cybersecurity.
  • Technical Research and Report Writing.

Technology Areas

  • Cyber