1

CIS 6930: Workshop IIIEncounter-based Networks

Presenter: Sapon Tanachaiwiwatstanachai@gmail.com

Instructor: Dr. Helmy2/5/2007

2

Agenda

• Introduction

• Motivation

• Examples of Encounter based networking

• Encounter-based worm interactions

• Experiment for our class

• Reference

3

Introduction

• What is Encounter-based networking– Networking relying on encounter or relationships between nodes

(Social networking)– Wireless ad hoc networks– Discontinuous path (Intermittent connection)– Store-and-forward (Bundles)– Similar to delay-and-disruption-tolerant-networking

• Large delay• Low data rate• High loss rate

• Basic assumptions of each node– Persistent storage– Willing to participate– Limitation of Power– Short Radio Range

4

Motivation

• Why we need encounter-based networks– Reasons?– What we can learn from Experiment 1 and 2

• Wireless LAN Coverage on Campus is good for any where and any time computing?

• How can you analyze of the potential of encounter-based networking?

– Step 1: Look where the holes on campus?– Step 2: Analyze the encounter characteristic based on WLAN– Step 3: Do Experiment number 3– Step 4: ?

5

Examples of encounter-based networks

• Military tactical networks• Disaster relief• ZebraNet• Interplanetary networks• Rural village networks• Underwater acoustic networks• Other?

6http://www.cs.rice.edu/~animesh/comp620/presentations/JFP04_D.pdf

7

Epidemic Routing

8

Encounter-based worms

• Future direction on worm attacks!! (Cabir, ComWar)– Rely on encounter pattern/relationships between users.– Close to flooding, i.e. Epidemic routing.– Propagate via Bluetooth connection (10-meter range)

• Question: How can we alleviate this problem?– Traditional prevention at gateway such as firewall not effective

against fully distributed attacks– Disconnected networks No centralized update

• Inspired by War of the Worms : CodeGreen worms launched to terminate CodeRed worms

• Approach: Deploy automated generated predator worm to terminate prey worm worm interaction

9

Encounter-based worm interaction

PredatorPrey

Susceptible

Prey and predator’s infection rate rely only on encounter characteristics

10

Analysis of Worm Interaction

ASI BAII

BSI

S A B

BA SISIdt

dS

BAAA IISI

dt

dI

BABB IISI

dt

dI

S=SusceptibleIA= Prey infected hostsIB = Predator infected hostsβ = Contact rate

11

Simulation Results

Simulation Mathematical Model

1000 Nodes Aggressive Encounter Rate = 0.01/sec

0.00%

10.00%

20.00%

30.00%

40.00%

50.00%

60.00%

70.00%

80.00%

90.00%

100.00%

0 1000 2000 3000 4000 5000 6000

sec

%in

fec

tiv

es

A-Delay0

A-Delay500

A-Delay1000

A-Delay1500

A-Delay2000

B-Delay0

B-Delay500

B-Delay1000

B-Delay1500

B-Delay2000

1000 Nodes Mathematic model Encouter Rate 0.01/sec

0.00E+00

1.00E+02

2.00E+02

3.00E+02

4.00E+02

5.00E+02

6.00E+02

7.00E+02

8.00E+02

9.00E+02

1.00E+03

0.00E+00 1.00E+03 2.00E+03 3.00E+03 4.00E+03 5.00E+03 6.00E+03

Time

Infe

ctiv

es

A Delay 0

A Delay 500

A Delay 1000

A Delay 1500

A Delay 2000

B Delay 0

B Delay 500

B Delay 1000

B Delay 1500

B delay 2000

Closely estimate the infectives when varying reaction times (off 3.8%)

encounter rate = contact rateBased on aggressive one-sided interaction

Encounter level simulation with 1000 mobile nodes having uniform encounter

Reaction time Reaction time

12

Worm Propagation Based On Encounter Derived from WLAN Trace

Worm propagation from USC WLAN Trace file

0

0.1

0.2

0.3

0.4

0.5

0.6

0.7

0.8

0.9

1

0 500000 1000000 1500000 2000000 2500000 3000000

Time (Sec)

Infe

cti

ve

s

population1001_prop1036_prop1873_prop

13

Worm Interaction Based on Bluetooth i-Mote Traces

14

Experiment Setup

• Goal: To answer the following questions– Is the UF campus the good target for worm

propagation, given that it propagates via Bluetooth?– If so, what places are most vulnerable?– If you want to stop the propagation with other worm,

how can you do it effectively?• Equipments: iPAQs, your laptops, your

strategies• Software: Modified Bluechat, Bluetooth

Explorer,Netstumbler, AirSnort, etc.• Trace format of Modified Bluechat:

– Name of device (brand) [MAC Address] Month/Date/Year Hour/Minute/Second

15

Experiment

• Bluetooth device discovery– Distribution of Bluetooth devices that you encounter

during the day• E.g. Type of devices such as cell phone or lap top, brand of

such devices such as Nokia, Motorola, etc.

• Bluetooth game Design the strategies for– Largest of encounter rate per day– Largest number of unique devices– Largest number of stable devices (long-duration

encounters)– Different roles between teams e.g. Cops and Cons

• Bluetooth and WLAN relationships– Can you derive the correlation between them?

16

Example of Bluetooth map

17

Reference• E. Anderson, K. Eustice, S. Markstrum, M. Hansen, P. L. Reiher , “Mobile

Contagion: Simulation of Infection and Defense” PADS 2005: 80-87• S. Capkun, J. P. Hubaux, and L. Buttyan "Mobility Helps Security in Ad Hoc

Networks" Fourth ACM Symposium on Mobile Networking and Computing (MobiHoc), June 2003

• F. Castaneda, E.C. Sezer, J. Xu, “WORM vs. WORM: preliminary study of an active counter-attack mechanism”, ACM workshop on Rapid malcode, 2004

• A. Chaintreau, P. Hui, J. Crowcroft, C. Diot, R. Gass and J. Scott, “Impact of Human Mobility on the Design of Opportunistic Forwarding Algorithms” IEEE INFOCOM, April 2006

• W. Hsu, A. Helmy, "On Nodal Encounter Patterns in Wireless LAN Traces", The 2nd IEEE Int.l Workshop on Wireless Network Measurement (WiNMee), April 2006

• S.Tanachaiwiwat, A. Helmy, "Encounter-based Worms: Analysis and Defense", IEEE Conference on Sensor and Ad Hoc Communications and Networks (SECON) 2006 Poster/Demo Session, VA, September 2006

• A. Vahdat and D. Becker. Epidemic routing for partially connected ad hoc networks. Technical Report CS-2000.