From: Danny Wyatt (danny@cs.washington.edu)
Date: Tue Nov 30 2004 - 20:26:50 PST
How to 0wn the Internet in your Spare Time
Stuart Staniford, Vern Paxson, Nicholas Weaver
This paper analyzes the spread of 3 example worms, posits a model for
that spread, discusses ways to maximize the spread of a worm under that
model, and then discusses theoretical exploits and the need for a cyber
CDC.
I don't want to sound too cynical, but I am skeptical that they derived
their model in the order that they present it. Anyone could look at the
scan rate graphs, see the obvious sigmoid signature (or even without
that just notice that you're dealing with a binary infected/not-infected
variable), and think "Hey, this looks like a job for logistic
regression!" So when they "derive" the logistic function from their
model, I'm not sure we aren't seeing the cart trying to hide the horse.
That said, it's nonetheless a valuable model and their discussion of how
to maximize it---how to bend the sigmoid to be as close to a vertical
line at time zero---are sobering. Their analyses do show that previous
worms have not been as smart as they could have been to maximize
propagation, and the optimizations they present sound feasible and
plausible. Some of their simulations are questionable in their amount
of simplification, though, and they are clearly maximized for
panic-inducing effect.
I did appreciate their consideration of new sources of vulnerability,
particularly p2p software. KaZaa is a doubly good example since it came
bundled with its own spyware. Spyware is perhaps a larger concern
today: it's surreptitiously, semi-legitimately installed and seeks to
draw as little attention to itself as possible. If some piece of
spyware had a vulnerability, it is unlikely that users would even know
they needed to patch it. (Not that that would help it seems, since even
front page news Windows vulnerabilities remain unpatched months later.)
Overall, this was an OK but unremarkable paper. It did not contain much
that I had not already learned from the popular press.
This archive was generated by hypermail 2.1.6 : Tue Nov 30 2004 - 20:26:55 PST