optimization of nachi spreads s1080057 satoshi onoda supervised by prof. hiroshi toyoizumi
TRANSCRIPT
![Page 1: Optimization of NACHI Spreads s1080057 Satoshi Onoda Supervised by Prof. Hiroshi Toyoizumi](https://reader035.vdocuments.us/reader035/viewer/2022062809/5697c0211a28abf838cd29d1/html5/thumbnails/1.jpg)
Optimization of NACHI Spreads
s1080057 Satoshi OnodaSupervised by Prof. Hiroshi Toyoizumi
![Page 2: Optimization of NACHI Spreads s1080057 Satoshi Onoda Supervised by Prof. Hiroshi Toyoizumi](https://reader035.vdocuments.us/reader035/viewer/2022062809/5697c0211a28abf838cd29d1/html5/thumbnails/2.jpg)
Background
Worm is one of the computer virus, which spreads by itself.The worm, which kills other worms exists. These worms are effective in countermeasure against malicious worms.But, these worms may have a bad influence on the network.
![Page 3: Optimization of NACHI Spreads s1080057 Satoshi Onoda Supervised by Prof. Hiroshi Toyoizumi](https://reader035.vdocuments.us/reader035/viewer/2022062809/5697c0211a28abf838cd29d1/html5/thumbnails/3.jpg)
Purpose
To find a method finding the optimum scan rate of NACHI, which can terminate MSBLAST and control the increase of NACHI as little as possible.
![Page 4: Optimization of NACHI Spreads s1080057 Satoshi Onoda Supervised by Prof. Hiroshi Toyoizumi](https://reader035.vdocuments.us/reader035/viewer/2022062809/5697c0211a28abf838cd29d1/html5/thumbnails/4.jpg)
MSBLAST
Type:WormPlatform: Windows 2000, XP
Scan IP
Discover alive Computer
Send Wrong Data for 2kSend Wrong Data for XP
Fail to Expect Succeed to Expect
Fail
Instruct to Download
Succeed
Instruct to Execute
to XPto XP to 2kto 2k
80% 20%
![Page 5: Optimization of NACHI Spreads s1080057 Satoshi Onoda Supervised by Prof. Hiroshi Toyoizumi](https://reader035.vdocuments.us/reader035/viewer/2022062809/5697c0211a28abf838cd29d1/html5/thumbnails/5.jpg)
NACHI
Type: WormPlatform: Windows 2000, XPDefect: ICMP packets increasing on the network
Kill MSBLAST
Update
Check whether already Patched or not
Instruct to Download & Execute
Scan IP
Yet
Already
Expect Security Hole
Discover alive Computer
![Page 6: Optimization of NACHI Spreads s1080057 Satoshi Onoda Supervised by Prof. Hiroshi Toyoizumi](https://reader035.vdocuments.us/reader035/viewer/2022062809/5697c0211a28abf838cd29d1/html5/thumbnails/6.jpg)
Relation between NACHI and MSBLAST
MSBLAST NACHI
arb
![Page 7: Optimization of NACHI Spreads s1080057 Satoshi Onoda Supervised by Prof. Hiroshi Toyoizumi](https://reader035.vdocuments.us/reader035/viewer/2022062809/5697c0211a28abf838cd29d1/html5/thumbnails/7.jpg)
Model -equation-
x(t) :# of the computers infected MSBLAST at time ty(t) :# of the computers infected NACHI at time tr :propagation rate of MSBLASTa :propagation rate of NACHIb :# in which NACHI kills MSBLAST per second
),())0(),0(( 00 yxyx
aydt
dy
byrxdt
dx
rt
atrtrt
ebyxtx
ra
ra
eebyexx(t)
ra
)()(
ii)
)(
i)
00
00
ateyty 0)(
![Page 8: Optimization of NACHI Spreads s1080057 Satoshi Onoda Supervised by Prof. Hiroshi Toyoizumi](https://reader035.vdocuments.us/reader035/viewer/2022062809/5697c0211a28abf838cd29d1/html5/thumbnails/8.jpg)
Experiment
1.NACHI or MSBLAST runs in one client
2.Capture packets from first infected client
3.Find scan rate
![Page 9: Optimization of NACHI Spreads s1080057 Satoshi Onoda Supervised by Prof. Hiroshi Toyoizumi](https://reader035.vdocuments.us/reader035/viewer/2022062809/5697c0211a28abf838cd29d1/html5/thumbnails/9.jpg)
Result of Experiment
Range of Scanning IP Required Time[sec]
NACHI
192.168.0.0 - 192.168.255.255
4495
192.165.0.0 - 192.165.255.255
3050
61.157.0.0 - 61.157.255.255 1018
(256*256 random IPs) 1008
MSBLAST
203.78.0.0 - 203.82.254.254 29582
Rate[/sec]
41.084
10.991
![Page 10: Optimization of NACHI Spreads s1080057 Satoshi Onoda Supervised by Prof. Hiroshi Toyoizumi](https://reader035.vdocuments.us/reader035/viewer/2022062809/5697c0211a28abf838cd29d1/html5/thumbnails/10.jpg)
Model -graph-
)1,1000(),(
10/
1019.1565536
71
2
1
5
1
65536
71
2
1
5
4991.10
1045.465536/71084.41
00
3
2
yx
ab
r
a
![Page 11: Optimization of NACHI Spreads s1080057 Satoshi Onoda Supervised by Prof. Hiroshi Toyoizumi](https://reader035.vdocuments.us/reader035/viewer/2022062809/5697c0211a28abf838cd29d1/html5/thumbnails/11.jpg)
Global Maximum of BLAST
t’
x(t’)
ra
ffbyfxtx
arr
)(
)'( 00
ra
aby
raxbyraf
1
0
00 ))(()(
![Page 12: Optimization of NACHI Spreads s1080057 Satoshi Onoda Supervised by Prof. Hiroshi Toyoizumi](https://reader035.vdocuments.us/reader035/viewer/2022062809/5697c0211a28abf838cd29d1/html5/thumbnails/12.jpg)
Algorithm
1. Decide the constants2. Decide the value of max3. Solve x(t’)=max for a4. Divide a by infecting probability
Obtain optimum scan rate of NACHI, s
max)(0
0
ra
ffbyfx
arr
![Page 13: Optimization of NACHI Spreads s1080057 Satoshi Onoda Supervised by Prof. Hiroshi Toyoizumi](https://reader035.vdocuments.us/reader035/viewer/2022062809/5697c0211a28abf838cd29d1/html5/thumbnails/13.jpg)
Optimum Scan Rate for some max
)1,1000(),(
10/
1019.1
00
3
yx
ab
r, s
![Page 14: Optimization of NACHI Spreads s1080057 Satoshi Onoda Supervised by Prof. Hiroshi Toyoizumi](https://reader035.vdocuments.us/reader035/viewer/2022062809/5697c0211a28abf838cd29d1/html5/thumbnails/14.jpg)
Conclusion
We obtained a method to determine the optimum scan rate of NACHI with some conditions.When we need the good worm like NACHI, we must find the optimum rate.