TITLE: Modeling and Detecting the Propagation of Internet Worm Epidemics

SPEAKER: Dr. Kurt Rohloff

ABSTRACT:

In this talk we discuss recent approaches to modeling and detecting epidemics of Internet worms. We particularly focus on Random Constant Scanning (RCS) worms that use zero-day exploits for which malware signatures are unknowable. Although these worms propagate by randomly scanning network addresses for hosts that are susceptible to infection, traditional RCS worm models are fundamentally deterministic. We introduce a recent modeling approach based on density-dependent Markov jump process to model worm epidemic propagation across the Internet. This model relies on a computationally simple hybrid deterministic/stochastic point-process model for locally observed scanning behavior. We use this behavior as the basis of a worm epidemic detection strategy. We discuss the benefits and drawbacks of a mathematically optimal hypothesis-testing detection approach under idealized conditions and possible other approaches to model, detect and mitigate this class of malware.

BIO: Dr. Kurt Rohloff is a senior scientist in the Distributed Systems research group at BBN Technologies. Dr. Rohloff’s areas of research expertise include supervisory control, stochastic modeling and large-scale distributed computing. Dr. Rohloff is the PI on the DARPA PROCEED program where he leads a team developing a Fully Homomorphic Encryption implementation which will enable secure cloud computing. Dr. Rohloff is the Chief Designer and Lead Architect of the SHARD triple-store, a high-performance, massively scalable graph data storage system. Dr. Rohloff received his MS and PhD degrees from the University of Michigan and was a post-doc at the Coordinated Sciences Lab at UIUC. Dr. Rohloff is very proud of his Bachelor's degree in Electrical Engineering from Georgia Tech (and the ISYE classes on statistical failure modeling.)