Skip to main content
SpringerLink
Log in

Adversarial Dynamics: The Conficker Case Study

  • Conference paper
  • First Online:
Moving Target Defense II

Part of the book series: Advances in Information Security ((ADIS,volume 100))

Abstract

It is well known that computer and network security is an adversarial challenge. Attackers develop exploits and defenders respond to them through updates, service packs or other defensive measures. In non-adversarial situations, such as automobile safety, advances on one side are not countered by the other side and so progress can be demonstrated over time. In adversarial situations, advances by one side are countered by the other and so oscillatory performance typically emerges. This paper contains a detailed study of the coevolution of the Conficker Worm and associated defenses against it. It demonstrates, in concrete terms, that attackers and defenders each present moving targets to the other. After detailing specific adaptations of attackers and defenders in the context of Conficker and its variants, we briefly develop a quantitative model for explaining the coevolution based on what we call Quantitative Attack Graphs (QAG) which involve attackers selecting shortest paths through an attack graph with defenders investing in hardening the shortest path edges appropriately.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 84.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 109.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info
Hardcover Book
USD 109.99
Price excludes VAT (USA)
  • Durable hardcover edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    This implies a Nash Equilibrium test: If, after revealing the player’s strategies to one another, no player changes his strategy, despite knowing the actions of his opponents, a Nash Equilibrium has been reached.

References

  1. Bilar, D.: Degradation and subversion through subsystem attacks. IEEE Security and Privacy 8, 70–73 (2010). DOI10.1109/MSP.2010.122. http://ieeexplore.ieee.org/xpl/articleDetails.jsp?arnumber=5523869

    Google Scholar 

  2. Bilar, D., Saltaformaggio, B.: Using a novel behavioral stimuli-response framework to defend against adversarial cyberspace participants. In: Cyber Conflict (ICCC), 2011 3rd International Conference on, pp. 169–185. CCD COE, IEEE, Tallinn, Estonia (2011). http://www.ccdcoe.org/publications/2011proceedings/UsingANovelBehavioralStimuli-ResponseFramework...-Bilar-Saltaformaggio.pdf

  3. Bowden, M.: Worm : The First Digital World War. Grove Press (2011)

    Google Scholar 

  4. Carin, L., Cybenko, G., Hughes, J.: Cybersecurity strategies: The queries methodology. Computer 41(8), 20–26 (2008). DOI10.1109/MC.2008.295. http://dx.doi.org/10.1109/MC.2008.295

    Google Scholar 

  5. Fudenberg, D., Tirole, J.: Game Theory. The MIT Press, Cambridge MA (1991)

    Google Scholar 

  6. Greengard, S.: The war against botnets. Commun. ACM 55(2), 16–18 (2012). DOI10.1145/2076450.2076456. http://doi.acm.org/10.1145/2076450.2076456

    Google Scholar 

  7. Group, C.W.: Lessons learned. http://www.confickerworkinggroup.org/wiki/uploads/Conficker_Working_Group\_Lessons\_Learned\_17\_June\_2010\_final.pdf (2010)

  8. Hart, S., Mas-Colell, A.: Uncoupled dynamics do not lead to Nash equilibrium. American Economic Review 93, 1830–1836 (2003)

    Google Scholar 

  9. Hofbauer, J., Sigmund, K.: Evolutionary game dynamics. Bulletin (New Series) of the Amer. Math. Soc. 40(4), 479–519 (2003)

    Google Scholar 

  10. Ingols, K., Lippmann, R., Piwowarski, K.: Practical attack graph generation for network defense. In: Proceedings of the 22nd Annual Computer Security Applications Conference, ACSAC ’06, pp. 121–130. IEEE Computer Society, Washington, DC, USA (2006). DOI10.1109/ACSAC.2006.39. http://dx.doi.org/10.1109/ACSAC.2006.39

  11. Langner, R.: Stuxnet: Dissecting a cyberwarfare weapon. IEEE Security and Privacy 9(3), 49–51 (2011). DOI10.1109/MSP.2011.67. http://dx.doi.org/10.1109/MSP.2011.67

  12. Levine, D.F.D.K.: The Theory of Learning in Games (Economic Learning and Social Evolution). The MIT Press, Cambridge MA (1998)

    Google Scholar 

  13. Microsoft: Microsoft Security Intelligence Report, Volume 12, July through December 2011. http://download.microsoft.com/download/C/9/A/C9A544AD-4150-43D3-80F7-4F1641EF910A/Microsoft_Security_Intelligence_Report_Volume_12_English.pdf (2012)

  14. Phillips, C., Swiler, L.P.: A graph-based system for network-vulnerability analysis. In: Proceedings of the 1998 workshop on New security paradigms, NSPW ’98, pp. 71–79. ACM, New York, NY, USA (1998). DOI10.1145/310889.310919. http://doi.acm.org/10.1145/310889.310919

  15. Porras, P., Saidi, H., Yegneswaran, V.: Conficker c p2p protocol and implementation. SRI International, Menlo Park, CA, Tech. Rep (2009)

    Google Scholar 

  16. Porras, P., Saïdi, H., Yegneswaran, V.: A foray into conficker’s logic and rendezvous points. In: Proceedings of the 2nd USENIX conference on Large-scale exploits and emergent threats: botnets, spyware, worms, and more, LEET’09, pp. 7–7. USENIX Association, Berkeley, CA, USA (2009). http://dl.acm.org/citation.cfm?id=1855676.1855683

  17. Ren, H., Ong, G.: Exploit ms-08-067 bundled in commercial malware kit. http://www.avertlabs.com/research/blog/index.php/2008/11/14/exploit-ms08-067-bundled-in-commercial-malware-kit/ (14 Nov 2008)

  18. Rodionov, E., Matrosov, A.: The evolution of TDL: Conquering x64. http://go.eset.com/us/resources/white-papers/The_Evolution_of_TDL.pdf (2011)

  19. Rubinstein, A.: http://arielrubinstein.tau.ac.il/papers/afterwards.pdf (2007)

  20. Rubinstein, A.: Theory of Games and Economic Behavior (Commemorative Edition). John von Neumann and Oskar Morgenstern (with an introduction by Harold Kuhn and an afterword by Ariel Rubinstein). Princeton University Press, Princeotn NJ (2007)

    Google Scholar 

  21. Shin, S., Gu, G.: Conficker and beyond: a large-scale empirical study. In: Proceedings of the 26th Annual Computer Security Applications Conference, ACSAC ’10, pp. 151–160. ACM, New York, NY, USA (2010). DOI10.1145/1920261.1920285. http://doi.acm.org/10.1145/1920261.1920285

  22. Sicilia, D., Cybenko, G.: Application of the replicator equation to decision-making processes in border security. Proceedings of SPIE Defense and Security, 2012, Baltimore MD (2012)

    Google Scholar 

  23. Sparrow, C., van Strien, S., Harris, C.: Fictitious play in 3 x 3 games: the transition between periodic and chaotic bahavior. Games and Economic Behavior 63, 259–291 (2008)

    Google Scholar 

  24. Sweeney, P., Cybenko, G.: An analytic approach to cyber adversarial dynamics. Proceedings of SPIE Defense and Security, 2012, Baltimore MD (2012)

    Google Scholar 

Download references

Acknowledgements

We thank Vincent Berk, Patrick Sweeney, David Sicilia, Gabriel Stocco, James Thomas House and other colleagues at Process Query Systems, Dartmouth College, Siege Technologies and elsewhere for discussions and contributions that have led to these findings. This work was partially supported by DARPA Contract FA8750-11-1-0253 at Dartmouth College and US DoD contracts to Process Query Systems. All opinions and results expressed in this article are those of the authors and do not represent the positions or opinions of the US Government or sponsoring agencies.

Author information

Authors and Affiliations

  1. Process Query Systems LLC, 16 Cavendish Ct., Lebanon, NH, 03766, USA

    Daniel Bilar, George Cybenko & John Murphy

  2. Siege Technologies, 33 S Commercial St., Manchester, NH, 03101, USA

    Daniel Bilar & John Murphy

  3. Dartmouth College, Hanover, NH, 03750, USA

    George Cybenko

Authors
  1. Daniel Bilar
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. George Cybenko
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. John Murphy
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Daniel Bilar .

Editor information

Editors and Affiliations

  1. Center for Secure Information Systems, George Mason University, Fairfax, 22030-4444, Virginia, USA

    Sushil Jajodia

  2. Center for Secure Information Systems, George Mason University, University Drive, Fairfax, 22030-4422, Virginia, USA

    Anup K. Ghosh

  3. Inst. Advanced Computer Studies, Dept. Computer Science, University of Maryland, Paint Branch Dr, College Park, 20742, Maryland, USA

    V.S. Subrahmanian

  4. The MITRE Corporation, Colshire Drive 7515, McLean, 22102-7508, Virginia, USA

    Vipin Swarup

  5. Computing & Information Sci Div, Triangle Park, 27709-2211, North Carolina, USA

    Cliff Wang

  6. Fudan University, Shanghai, 200433, China, People's Republic

    X. Sean Wang

Rights and permissions

Reprints and permissions

Copyright information

© 2013 Springer Science+Business Media New York

About this paper

Cite this paper

Bilar, D., Cybenko, G., Murphy, J. (2013). Adversarial Dynamics: The Conficker Case Study. In: Jajodia, S., Ghosh, A., Subrahmanian, V., Swarup, V., Wang, C., Wang, X. (eds) Moving Target Defense II. Advances in Information Security, vol 100. Springer, New York, NY. https://doi.org/10.1007/978-1-4614-5416-8_3

Download citation

  • DOI: https://doi.org/10.1007/978-1-4614-5416-8_3

  • Published:

  • Publisher Name: Springer, New York, NY

  • Print ISBN: 978-1-4614-5415-1

  • Online ISBN: 978-1-4614-5416-8

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation