Abstract
The infection of ICT systems with malware has become an increasing threat in the past years. In most cases, large-scale cyber-attacks are initiated by the establishment of a botnet, by infecting a large number of computers with malware to launch the actual attacks subsequently with help of the infected victim machines (e.g., a distributed denial-of-service or similar). To prevent such an infection, several methodologies and technical solutions like firewalls, malware scanners or intrusion detection systems are usually applied. Nevertheless, malware becomes more sophisticated and is often able to surpass these preventive actions. Hence, it is more relevant for ICT risk managers to assess the spreading of a malware infection within an organization’s network. In this paper, we present a novel framework based on stochastic models from the field of disease spreading to describe the propagation of malware within a network, with an explicit account for different infection routes (phishing emails, network shares, etc.). This approach allows the user not only to estimate the number of infected nodes in the network but also provides a simple criterion to check whether an infection may grow into a epidemic. Unlike many other techniques, our framework is not limited to a particular communication technology, but can unify different types of infection channels (e.g., physical, logical and social links) within the same model. We will use three simple examples to illustrate the functionalities of the framework.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsReferences
Karnouskos, S.: Stuxnet worm impact on industrial cyber-physical system security. In: IECON 2011–37th Annual Conference of the IEEE Industrial Electronics Society (IECON), pp. 4490–4494. IEEE (2011)
Zetter, K.: Inside the cunning, unprecedented hack of ukraines power grid (2016). https://www.wired.com/2016/03/inside-cunning-unprecedented-hack-ukraines-power-grid/
Gosk, S., Winter, T., Connor, T.: Iranian hackers claim cyber attack on New York dam (2015). http://www.nbcnews.com/news/us-news/iranian-hackers-claim-cyber-attack-new-york-dam-n484611
Francescani, C.: U.S. infrastructure can be hacked with google, simple passwords (2016). http://www.nbcnews.com/news/us-news/u-s-infrastructure-can-be-hacked-google-simple-passwords-n548661
SCADAhacker: Cyber security for critical infrastructure protection - scadahacker (2016). https://www.scadahacker.com/
Microsoft: Zeroing in on malware propagation methods (2011)
Grimmett, G.: Percolation. Springer, New York (1989)
Newman, M.E.J.: The spread of epidemic disease on networks. Phys. Rev. E 66, 016128 (2002)
Poggi, S., Neri, F., Deytieux, V., Bates, A., Otten, W., Gilligan, C., Bailey, D.: Percolation-based risk index for pathogen invasion: application to soilborne disease in propagation systems. Phytopathology 103(10), 1012–1019 (2013)
Zou, C.C., Gong, W., Towsley, D.: Code red worm propagation modeling and analysis. In: Proceedings of 9th ACM Conference on Computer and Communication Security, pp. 138–147 (2002)
Moore, D., Shannon, C., Voelker, G.M., Savage, S.: Internet quarantine: requirements for containing self-propagating code. In: Proceedings of INFOCOM 2003, vol. 3, pp. 1901–1910 (2003)
Ganesh, A., Massoulie, L., Towsley, D.: The effect of network topology on the spread of epidemics. In: Proceedings of INFOCOM 2005, vol. 2, pp. 1455–1466 (2005)
Zou, C.C., Towsley, D., Gong, W.: Modeling and simulation study of the propagation and defense of internet e-mail worms. IEEE Trans. Dependable Secure Comput. 4(2), 105–118 (2007)
Chen, Z., Ji, C.: Spatial-temporal modeling of malware propagation in networks. IEEE Trans. Neural Netw. 16(5), 1291–1303 (2005)
Miller, J.C.: Bounding the size and probability of epidemics on networks. Appl. Probab. Trust 45, 498–512 (2008)
Sellke, S.H., Shroff, N.B., Bagchi, S.: Modeling and automated containment of worms. IEEE Trans. Dependable and Secure Comput. 5(2), 71–86 (2008)
Yan, G., Eidenbenz, S.: Modeling propagation dynamics of bluetooth worms (extended version). IEEE Trans. Mob. Comput. 8(3), 353–368 (2009)
Gao, C., Liu, J.: Modeling and restraining mobile virus propagation. IEEE Trans. Mob. Comput. 12(3), 529–541 (2013)
Yu, S., Gu, G., Barnawi, A., Guo, S., Stojmenovic, I.: Malware propagation in large-scale networks. IEEE Trans. Knowl. Data Eng. 27(1), 170–179 (2015)
Miller, J.C., Volz, E.M.: Incorporating disease and population structure into models of SIR disease in contact networks. PLoS ONE 8(8), 1–14 (2013)
Callaway, D.S., Newman, M.E.J., Strogatz, S.H., Watts, D.J.: Network robustness, fragility: percolation on random graphs. Phys. Rev. Lett. 85(25), 5468 (2000)
Sander, L.M., Warren, C.P., Sokolov, I.M., Simon, C., Koopman, J.: Percolation on heterogeneous networks as a model for epidemics. Math. Biosci. 180, 293–305 (2002)
Kenah, E., Robins, M.: Second look at spread of epidemics on networks. Phys. Rev. E 76, 036113 (2007)
Slathe, M., Jones, J.H.: Dynamics and control of diseases in networks with community structure. PLoS Comput. Biol. 4(6), e1000736 (2010)
Schwartz, N., Cohen, R., ben-Avraham, D., Barabasi, A.L., Havlin, S.: Percolation in directed scale-free networks. Phys. Rev. E 66, 015104 (2002)
Cohen, R., ben Avraham, D., Havlin, S.: Percolation critical exponents in scale-free networks. Phys. Rev. E 66, 036113 (2002)
Cohen, R., Erez, K., ben Avraham, D., Havlin, S.: Resilience of the internet to random breakdowns. Phys. Rev. Lett. 85(21), 4626 (2000)
Cohen, R., Erez, K., ben-Avraham, D., Havlin, S.: Breakdown of the internet under intentional attack. Phys. Rev. Lett. 86, 3682–3685 (2001)
Newman, M.E.J., Ferrario, C.R.: Competing epidemics on complex networks. Phys. Rev. E 84, 036106 (2011)
Newman, M.E., Ferrario, C.R.: Interacting epidemics and coinfection on contact networks. PLoS ONE 8(8), e71321 (2013)
Green, B., Prince, D., Roedig, U., Busby, J., Hutchison, D.: Socio-technical security analysis of industrial control systems (ICS). In: 2nd International Symposium for ICS and SCADA Cyber Security Research 2014 (ICS-CSR 2014), vol. 9 (2014)
Meyers, L.A., Newman, M.E.J., Pourbohloul, B.: Predicting epidemics on directed contact networks. J. Theoret. Biol. 240(3), 400–418 (2006)
König, S.: Error propagation through a network with non-uniform failure (2016). arXiv: 1604.03558
Wilf, H.S.: Generatingfunctionology. Academic Press, Cambridge (1994)
Newman, M.E.J., Strogatz, S.H., Watts, D.J.: Random graphs with arbitrary degree distributions and their applications. Phys. Rev. E 64, 026118 (2001)
Beck, A.: Entwicklung einer Metrik zur automatisierten Analyse und Bewertung von Bedrohungsszenarien mit Hilfe neuraler Netzwerke (2016)
Erdős, P., Rényi, A.: On random graphs. Publicationes Mathematicae 6, 290–297 (1959)
Corless, R.M., Gonnet, G.H., Hare, D.E.G., Jeffrey, D.J., Knuth, D.E.: On the Lambert W function. Comput. Math. 5, 329–359 (1996)
König, S., Rass, S., Schauer, S., Beck, A.: Risk propagation analysis and visualization using percolation theory. Int. J. Adv. Comput. Sci. Appl. (IJACSA), 7(1) (2016)
Rass, S.: On Game-Theoretic Risk Management (Part One) - Towards a Theory of Games with Payoffs that are Probability-Distributions. ArXiv e-prints, June 2015. http://arxiv.org/abs/1506.07368
Rass, S.: On game-theoretic risk management (part two) - algorithms to compute nash-equilibria in games with distributions as payoffs (2015). arXiv: 1511.08591
Acknowledgment
This work was supported by the European Commission’s Project No. 608090, HyRiM (Hybrid Risk Management for Utility Networks) under the 7th Framework Programme (FP7-SEC-2013-1).
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2016 Springer International Publishing AG
About this paper
Cite this paper
König, S., Schauer, S., Rass, S. (2016). A Stochastic Framework for Prediction of Malware Spreading in Heterogeneous Networks. In: Brumley, B., Röning, J. (eds) Secure IT Systems. NordSec 2016. Lecture Notes in Computer Science(), vol 10014. Springer, Cham. https://doi.org/10.1007/978-3-319-47560-8_5
Download citation
DOI: https://doi.org/10.1007/978-3-319-47560-8_5
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-47559-2
Online ISBN: 978-3-319-47560-8
eBook Packages: Computer ScienceComputer Science (R0)