Information Technology Reference
In-Depth Information
The difference between a nullifying defense and a spreading patch defense
is that when a countering scan reaches a host that is already sending infection
scans, the infection scans stop.
Nullifying Defense
(
D
3
)
1. Item (1) from the Empty Defense rules, item (2) from the Simple Patch
rules, and item (2) from the spreading patch rules.
2. If
S
(
h
i
)
<C
(
h
i
) the node labels the infection edge corresponding to the
j
th
element of
C
i
(say, (
s
j
,
dst
j
)) with value
C
(
h
i
)+
s
j
, for all
j
such that
S
(
h
i
)+
s
j
≤
C
(
h
i
).
And finally, the difference between a sniper defense and a nullifying defense
is that infection scans that encounter hosts running countering scans cause the
host sending the infection scan to cease. This may occur before the host is itself
scanned by a countering scan (which has the same nullifying effect).
Sniper Defense
(
D
4
)
1. Item (1) from Empty Defense rules, item (2) from the Simple Patch rules,
item (2) from the Spreading Patch rules.
2. If
S
(
h
i
)
<C
(
h
i
), let
k
be the smallest index for (
s
k
,dst
k
)
∈I
i
such that
S
(
h
i
)+
s
k
>C
(
dst
k
), and define
K
i
=
S
(
h
i
)+
s
k
. The node for
h
i
labels the
infection edge corresponding to the
j
th
element of
C
i
(say, (
s
j
,
dst
j
)) with
value
C
(
h
i
)+
s
j
, for all
j
such that
S
(
h
i
)+
s
j
≤
min
{
C
(
h
i
)
,K
i
}
.
The construction above make the conditions under which a given infection
edge is labeled increasingly restrictive, as we move through sequence of defenses.
This implies that if we choose a host
h
i
and defenses
D
a
and
D
b
with
a<b
,
then the set of labeled incoming infection edges it has in the SPG for
D
b
is a
subset of the labeled incoming infection edges it has in the SPG for
D
a
.This
fact enables us to prove the central results comparing different defenses.
Lemma 1.
Consider two defenses
D
a
and
D
b
,
a<b
, under identical boundary
conditions. Let
G
a
and
G
b
be corresponding Sample Path Graphs constructed
under the Common Sample Path assumption, and let
S
(
y
)
(
h
)
and
C
(
y
)
(
h
)
denote
the
S
(
h
)
and
C
(
h
)
variables for host
h
under defense
y
∈{
a, b
}
. Then for every
host
h
,
S
(
a
)
(
h
)
S
(
b
)
(
h
)
and
C
(
b
)
(
h
)
C
(
a
)
(
h
)
.
≤
≤
Proof.
Without loss of generality renumber the hosts by increasing value of
S
(
b
)
(
h
), we induct on this order. Consider the base case of
h
0
.Both
S
(
a
)
(
h
0
)
and
S
(
b
)
(
h
0
) are defined by edges from hosts assumed to be infected at time 0,
and are thus identical. In both
G
a
and
G
b
host
h
0
gets the same set of labeled
countering edges from the initial set of hosts running the defense, and
C
(
h
0
)in
both graphs is no larger than the smallest of these labels. However, in
G
b
there
may be more countering edges labeled, and hence the possibility of a shorter
path to
h
0
through those edges, whence
C
(
b
)
(
h
0
)
C
(
a
)
(
h
0
) and the induction
base is established. For the induction hypothesis we assume that the assertion
≤
