Accession Number:

ADA531166

Title:

Malware Pandemics

Descriptive Note:

Final technical rept. 1 Apr 2009-31 Mar 2010

Corporate Author:

SRI INTERNATIONAL MENLO PARK CA COMPUTER SCIENCE LAB

Report Date:

2010-09-01

Pagination or Media Count:

36.0

Abstract:

This final technical report summarizes the research activities and technical results produced by SRI International for the ONR research project. The key objective of this project is to develop a principled approach toward understanding the structural and dynamic properties of large-scale malware pandemics in the Internet. In particular, there is an emphasis on studying the structural properties network address translation NATs, proxies, dynamic host configuration protocol DHCP effects and dynamic properties pandemic evolution, and how these properties evolve during the different phases of a malware life cycle. We conducted an in-depth reverse engineering of the peer-to-peer P2P protocol of Conficker and published this in the form of a web report 28. Our efforts toward developing new techniques for tracking the structural properties of the Conficker population such as percent of NAT and DHCP hosts and building epidemic models for predicting the long-term influence of worms such as Conficker are detailed in this report.

Subject Categories:

  • Computer Programming and Software
  • Computer Systems Management and Standards

Distribution Statement:

APPROVED FOR PUBLIC RELEASE