The Experts below are selected from a list of 210 Experts worldwide ranked by ideXlab platform
Zesheng Chen - One of the best experts on this subject based on the ideXlab platform.
-
An information-theoretic view of network-aware malware attacks
IEEE Transactions on Information Forensics and Security, 2009Co-Authors: Zesheng Chen, Chuanyi JiAbstract:This work investigates three aspects: (a) a network vulnerability as the non-uniform Vulnerable-Host distribution, (b) threats, i.e., intelligent malwares that exploit such a vulnerability, and (c) defense, i.e., challenges for fighting the threats. We first study five large data sets and observe consistent clustered Vulnerable-Host distributions. We then present a new metric, referred to as the non-uniformity factor, which quantifies the unevenness of a Vulnerable-Host distribution. This metric is essentially the Renyi information entropy and better characterizes the non-uniformity of a distribution than the Shannon entropy. Next, we analyze the propagation speed of network-aware malwares in view of information theory. In particular, we draw a relationship between Renyi entropies and randomized epidemic malware-scanning algorithms. We find that the infection rates of malware-scanning methods are characterized by the Renyi entropies that relate to the information bits in a non-unform Vulnerable-Host distribution extracted by a randomized scanning algorithm. Meanwhile, we show that a representative network-aware malware can increase the spreading speed by exactly or nearly a non-uniformity factor when compared to a random-scanning malware at an early stage of malware propagation. This quantifies that how much more rapidly the Internet can be infected at the early stage when a malware exploits an uneven Vulnerable-Host distribution as a network-wide vulnerability. Furthermore, we analyze the effectiveness of defense strategies on the spread of network-aware malwares. Our results demonstrate that counteracting network-aware malwares is a significant challenge for the strategies that include Host-based defense and IPv6.
-
An Information-Theoretic View of Network-Aware Malware Attacks
IEEE Transactions on Information Forensics and Security, 2009Co-Authors: Zesheng ChenAbstract:This work provides an information-theoretic view to better understand the relationships between aggregated vulnerability information viewed by attackers and a class of randomized epidemic scanning algorithms. In particular, this work investigates three aspects: 1) a network vulnerability as the nonuniform Vulnerable-Host distribution, 2) threats, i.e., intelligent malwares that exploit such a vulnerability, and 3) defense, i.e., challenges for fighting the threats. We first study five large data sets and observe consistent clustered Vulnerable-Host distributions. We then present a new metric, referred to as the nonuniformity factor, that quantifies the unevenness of a Vulnerable-Host distribution. This metric is essentially the Renyi information entropy that unifies the nonuniformity of a Vulnerable-Host distribution with different malware-scanning methods. Next, we draw a relationship between Renyi entropies and randomized epidemic scanning algorithms. We find that the infection rates of malware-scanning methods are characterized by the Renyi entropies that relate to the information bits in a nonunform Vulnerable-Host distribution extracted by a randomized scanning algorithm. Meanwhile, we show that a representative network-aware malware can increase the spreading speed by exactly or nearly a nonuniformity factor when compared to a random-scanning malware at an early stage of malware propagation. This quantifies that how much more rapidly the Internet can be infected at the early stage when a malware exploits an uneven Vulnerable-Host distribution as a network-wide vulnerability. Furthermore, we analyze the effectiveness of defense strategies on the spread of network-aware malwares. Our results demonstrate that counteracting network-aware malwares is a significant challenge for the strategies that include Host-based defenses and IPv6.
-
Deriving a closed-form expression for worm-scanning strategies
International Journal of Security and Networks, 2009Co-Authors: Zesheng Chen, Chao ChenAbstract:This work presents a closed-form expression for characterising the spread of a class of worm-scanning strategies through a mean-field approximation. This expression can both accurately capture the worm propagation speed before the number of infections becomes large and explicitly demonstrate the effects of important parameters such as the Vulnerable-Host distribution and the worm-scanning strategy. Experimental results verify that the closed-form expression can accurately reflect the mean value of infections over time before the infected Hosts become saturated for a wide range of scanning methods including static worm-scanning strategies and self-learning worms.
-
Optimal worm-scanning method using Vulnerable-Host distributions
International Journal of Security and Networks, 2007Co-Authors: Zesheng ChenAbstract:Most internet worms use random scanning. The distribution of Vulnerable Hosts on the internet, however, is highly non-uniform over the IP-address space. This implies that random scanning wastes many scans on inVulnerable addresses and more virulent scanning schemes may take advantage of the non-uniformity of a Vulnerable-Host distribution. Questions then arise as to how attackers may exploit such information and how virulent the resulting worm may be. These issues provide 'worst-case scenarios'for defenders and 'best-case scenarios'for attackers when the Vulnerable-Host distribution is available. This work develops such a scenario, called importance scanning, which results from importance sampling in statistics. Importance scanning scans the IP-address space according to an empirical distribution of Vulnerable Hosts. An analytical model is developed to relate the infection rate of worms with the Importance-Scanning (IS) strategies. Based on parameters chosen from Witty and Code Red worms, the experimental results show that an IS worm can spread much faster than either a random-scanning worm or a routing worm. In addition, a game-theoretical approach suggests that the best strategy for defenders is to scatter applications uniformly in the entire IP-address space.
-
INFOCOM - Measuring Network-Aware Worm Spreading Ability
IEEE INFOCOM 2007 - 26th IEEE International Conference on Computer Communications, 2007Co-Authors: Zesheng ChenAbstract:This work investigates three aspects: (a) a network vulnerability as the non-uniform Vulnerable-Host distribution, (b) threats, i.e., intelligent worms that exploit such a vulnerability, and (c) defense, i.e., challenges for fighting the threats. We first study five data sets and observe consistent clustered Vulnerable-Host distributions. We then present a new metric, referred to as the non-uniformity factor, which quantifies the unevenness of a Vulnerable-Host distribution. This metric is essentially the Renyi information entropy and better characterizes the non-uniformity of a distribution than the Shannon entropy. We then analytically and empirically measure the infection rate and the propagation speed of network-aware worms. We show that a representative network-aware worm can increase the spreading speed by exactly or nearly a non-uniformity factor when compared to a random-scanning worm at the early stage of worm propagation. This implies that when a worm exploits an uneven Vulnerable-Host distribution as a network-wide vulnerability, the Internet can be infected much more rapidly. Furthermore, we analyze the effectiveness of defense strategies on the spread of network-aware worms. Our results demonstrate that counteracting network-aware worms is a significant challenge for the strategies that include Host-based defense and IPv6.
Anne-leila Meistertzheim - One of the best experts on this subject based on the ideXlab platform.
-
The high resolution melting analysis (HRM) as a molecular tool for monitoring parasites of the wildlife
Parasitology, 2017Co-Authors: Laurent Héritier, Olivier Verneau, Gregory Breuil, Anne-leila MeistertzheimAbstract:In an interconnected world, the international pet trade on wild animals is becoming increasingly important. As a consequence, non-native parasite species are introduced, which affect the health of wildlife and contribute to the loss of biodiversity. Because the investigation of parasite diversity within Vulnerable Host species implies the molecular identification of large samples of parasite eggs, the sequencing of DNA barcodes is time-consuming and costly. Thereby, the objectives of our study were to apply the high resolution melting (HRM) approach for species determination from pools of parasite eggs. Molecular assays were validated on flatworm parasites (polystomes) infecting the Mediterranean pond turtle Mauremys leprosa and the invasive red-eared slider Trachemys scripta elegans in French natural environments. HRM analysis results indicated that double or multiple parasitic infections could be detected from wild animal populations. They also showed that the cycle of parasite eggs production was not regular over time and may depend on several factors, among which the ecological niche and the target species. Thereby, monitoring parasites from wild endangered animals implies periodic parasitological surveys to avoid false negative diagnostics, based solely on eggs production.
Chao Chen - One of the best experts on this subject based on the ideXlab platform.
-
Deriving a closed-form expression for worm-scanning strategies
International Journal of Security and Networks, 2009Co-Authors: Zesheng Chen, Chao ChenAbstract:This work presents a closed-form expression for characterising the spread of a class of worm-scanning strategies through a mean-field approximation. This expression can both accurately capture the worm propagation speed before the number of infections becomes large and explicitly demonstrate the effects of important parameters such as the Vulnerable-Host distribution and the worm-scanning strategy. Experimental results verify that the closed-form expression can accurately reflect the mean value of infections over time before the infected Hosts become saturated for a wide range of scanning methods including static worm-scanning strategies and self-learning worms.
-
IPCCC - Understanding Localized-Scanning Worms
2007 IEEE International Performance Computing and Communications Conference, 2007Co-Authors: Zesheng Chen, Chao ChenAbstract:Localized scanning is a simple technique used by attackers to search for Vulnerable Hosts. Localized scanning trades off between the local and the global search of Vulnerable Hosts and has been used by Code Red II and Ninida worms. As such a strategy is so simple yet effective in attacking the Internet, it is important that defenders understand the spreading ability and behaviors of localized-scanning worms. In this work, we first characterize the relationships between Vulnerable-Host distributions and the spread of localized-scanning worms through mathematical modeling and analysis, and compare random scanning with localized scanning. We then design an optimal localized-scanning strategy, which provides an upper bound on the spreading speed of localized-scanning self-propagating codes. Furthermore, we construct three variants of localized scanning. Specifically, the feedback localized scanning and the ping-pong localized scanning adapt the scanning methods based on the feedback from the probed Host, and thus spread faster than the original localized scanning and meanwhile have a smaller variance.
Laurent Héritier - One of the best experts on this subject based on the ideXlab platform.
-
The high resolution melting analysis (HRM) as a molecular tool for monitoring parasites of the wildlife
Parasitology, 2017Co-Authors: Laurent Héritier, Olivier Verneau, Gregory Breuil, Anne-leila MeistertzheimAbstract:In an interconnected world, the international pet trade on wild animals is becoming increasingly important. As a consequence, non-native parasite species are introduced, which affect the health of wildlife and contribute to the loss of biodiversity. Because the investigation of parasite diversity within Vulnerable Host species implies the molecular identification of large samples of parasite eggs, the sequencing of DNA barcodes is time-consuming and costly. Thereby, the objectives of our study were to apply the high resolution melting (HRM) approach for species determination from pools of parasite eggs. Molecular assays were validated on flatworm parasites (polystomes) infecting the Mediterranean pond turtle Mauremys leprosa and the invasive red-eared slider Trachemys scripta elegans in French natural environments. HRM analysis results indicated that double or multiple parasitic infections could be detected from wild animal populations. They also showed that the cycle of parasite eggs production was not regular over time and may depend on several factors, among which the ecological niche and the target species. Thereby, monitoring parasites from wild endangered animals implies periodic parasitological surveys to avoid false negative diagnostics, based solely on eggs production.
Zhang Ming-qing - One of the best experts on this subject based on the ideXlab platform.
-
Research of Worm Propagation Model Based on Local-Scanning
Computer Simulation, 2009Co-Authors: Zhang Ming-qingAbstract:A local-scanning worm propagation model was established based on the in-depth study of the local-scanning strategy. With the mathematical reasoning method,the relationship between Vulnerable-Host distributions and localized-scanning worms was discussed in three extreme cases. Then,an optimal localized-scanning strategy that maximized the localized-scanning worm propagation speed was designed. Finally,the efficiency of the model was verified with the Matlab simulation tool,and the result is in expectation.
