Skip to main content
SpringerLink
Log in
Book cover

Nordic Conference on Secure IT Systems

NordSec 2016: Secure IT Systems pp 67–81Cite as

A Stochastic Framework for Prediction of Malware Spreading in Heterogeneous Networks

  • Conference paper
  • First Online:

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 10014))

Abstract

The infection of ICT systems with malware has become an increasing threat in the past years. In most cases, large-scale cyber-attacks are initiated by the establishment of a botnet, by infecting a large number of computers with malware to launch the actual attacks subsequently with help of the infected victim machines (e.g., a distributed denial-of-service or similar). To prevent such an infection, several methodologies and technical solutions like firewalls, malware scanners or intrusion detection systems are usually applied. Nevertheless, malware becomes more sophisticated and is often able to surpass these preventive actions. Hence, it is more relevant for ICT risk managers to assess the spreading of a malware infection within an organization’s network. In this paper, we present a novel framework based on stochastic models from the field of disease spreading to describe the propagation of malware within a network, with an explicit account for different infection routes (phishing emails, network shares, etc.). This approach allows the user not only to estimate the number of infected nodes in the network but also provides a simple criterion to check whether an infection may grow into a epidemic. Unlike many other techniques, our framework is not limited to a particular communication technology, but can unify different types of infection channels (e.g., physical, logical and social links) within the same model. We will use three simple examples to illustrate the functionalities of the framework.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

References

  1. Karnouskos, S.: Stuxnet worm impact on industrial cyber-physical system security. In: IECON 2011–37th Annual Conference of the IEEE Industrial Electronics Society (IECON), pp. 4490–4494. IEEE (2011)

    Google Scholar 

  2. Zetter, K.: Inside the cunning, unprecedented hack of ukraines power grid (2016). https://www.wired.com/2016/03/inside-cunning-unprecedented-hack-ukraines-power-grid/

  3. Gosk, S., Winter, T., Connor, T.: Iranian hackers claim cyber attack on New York dam (2015). http://www.nbcnews.com/news/us-news/iranian-hackers-claim-cyber-attack-new-york-dam-n484611

  4. Francescani, C.: U.S. infrastructure can be hacked with google, simple passwords (2016). http://www.nbcnews.com/news/us-news/u-s-infrastructure-can-be-hacked-google-simple-passwords-n548661

  5. SCADAhacker: Cyber security for critical infrastructure protection - scadahacker (2016). https://www.scadahacker.com/

  6. Microsoft: Zeroing in on malware propagation methods (2011)

    Google Scholar 

  7. Grimmett, G.: Percolation. Springer, New York (1989)

    MATH  Google Scholar 

  8. Newman, M.E.J.: The spread of epidemic disease on networks. Phys. Rev. E 66, 016128 (2002)

    Article  MathSciNet  Google Scholar 

  9. Poggi, S., Neri, F., Deytieux, V., Bates, A., Otten, W., Gilligan, C., Bailey, D.: Percolation-based risk index for pathogen invasion: application to soilborne disease in propagation systems. Phytopathology 103(10), 1012–1019 (2013)

    Article  Google Scholar 

  10. Zou, C.C., Gong, W., Towsley, D.: Code red worm propagation modeling and analysis. In: Proceedings of 9th ACM Conference on Computer and Communication Security, pp. 138–147 (2002)

    Google Scholar 

  11. Moore, D., Shannon, C., Voelker, G.M., Savage, S.: Internet quarantine: requirements for containing self-propagating code. In: Proceedings of INFOCOM 2003, vol. 3, pp. 1901–1910 (2003)

    Google Scholar 

  12. Ganesh, A., Massoulie, L., Towsley, D.: The effect of network topology on the spread of epidemics. In: Proceedings of INFOCOM 2005, vol. 2, pp. 1455–1466 (2005)

    Google Scholar 

  13. Zou, C.C., Towsley, D., Gong, W.: Modeling and simulation study of the propagation and defense of internet e-mail worms. IEEE Trans. Dependable Secure Comput. 4(2), 105–118 (2007)

    Article  Google Scholar 

  14. Chen, Z., Ji, C.: Spatial-temporal modeling of malware propagation in networks. IEEE Trans. Neural Netw. 16(5), 1291–1303 (2005)

    Article  MathSciNet  Google Scholar 

  15. Miller, J.C.: Bounding the size and probability of epidemics on networks. Appl. Probab. Trust 45, 498–512 (2008)

    Article  MathSciNet  MATH  Google Scholar 

  16. Sellke, S.H., Shroff, N.B., Bagchi, S.: Modeling and automated containment of worms. IEEE Trans. Dependable and Secure Comput. 5(2), 71–86 (2008)

    Article  Google Scholar 

  17. Yan, G., Eidenbenz, S.: Modeling propagation dynamics of bluetooth worms (extended version). IEEE Trans. Mob. Comput. 8(3), 353–368 (2009)

    Article  Google Scholar 

  18. Gao, C., Liu, J.: Modeling and restraining mobile virus propagation. IEEE Trans. Mob. Comput. 12(3), 529–541 (2013)

    Article  Google Scholar 

  19. Yu, S., Gu, G., Barnawi, A., Guo, S., Stojmenovic, I.: Malware propagation in large-scale networks. IEEE Trans. Knowl. Data Eng. 27(1), 170–179 (2015)

    Article  Google Scholar 

  20. Miller, J.C., Volz, E.M.: Incorporating disease and population structure into models of SIR disease in contact networks. PLoS ONE 8(8), 1–14 (2013)

    Google Scholar 

  21. Callaway, D.S., Newman, M.E.J., Strogatz, S.H., Watts, D.J.: Network robustness, fragility: percolation on random graphs. Phys. Rev. Lett. 85(25), 5468 (2000)

    Article  Google Scholar 

  22. Sander, L.M., Warren, C.P., Sokolov, I.M., Simon, C., Koopman, J.: Percolation on heterogeneous networks as a model for epidemics. Math. Biosci. 180, 293–305 (2002)

    Article  MathSciNet  MATH  Google Scholar 

  23. Kenah, E., Robins, M.: Second look at spread of epidemics on networks. Phys. Rev. E 76, 036113 (2007)

    Article  MathSciNet  Google Scholar 

  24. Slathe, M., Jones, J.H.: Dynamics and control of diseases in networks with community structure. PLoS Comput. Biol. 4(6), e1000736 (2010)

    Article  MathSciNet  Google Scholar 

  25. Schwartz, N., Cohen, R., ben-Avraham, D., Barabasi, A.L., Havlin, S.: Percolation in directed scale-free networks. Phys. Rev. E 66, 015104 (2002)

    Article  MathSciNet  Google Scholar 

  26. Cohen, R., ben Avraham, D., Havlin, S.: Percolation critical exponents in scale-free networks. Phys. Rev. E 66, 036113 (2002)

    Article  Google Scholar 

  27. Cohen, R., Erez, K., ben Avraham, D., Havlin, S.: Resilience of the internet to random breakdowns. Phys. Rev. Lett. 85(21), 4626 (2000)

    Article  Google Scholar 

  28. Cohen, R., Erez, K., ben-Avraham, D., Havlin, S.: Breakdown of the internet under intentional attack. Phys. Rev. Lett. 86, 3682–3685 (2001)

    Article  Google Scholar 

  29. Newman, M.E.J., Ferrario, C.R.: Competing epidemics on complex networks. Phys. Rev. E 84, 036106 (2011)

    Article  Google Scholar 

  30. Newman, M.E., Ferrario, C.R.: Interacting epidemics and coinfection on contact networks. PLoS ONE 8(8), e71321 (2013)

    Article  Google Scholar 

  31. Green, B., Prince, D., Roedig, U., Busby, J., Hutchison, D.: Socio-technical security analysis of industrial control systems (ICS). In: 2nd International Symposium for ICS and SCADA Cyber Security Research 2014 (ICS-CSR 2014), vol. 9 (2014)

    Google Scholar 

  32. Meyers, L.A., Newman, M.E.J., Pourbohloul, B.: Predicting epidemics on directed contact networks. J. Theoret. Biol. 240(3), 400–418 (2006)

    Article  MathSciNet  Google Scholar 

  33. König, S.: Error propagation through a network with non-uniform failure (2016). arXiv: 1604.03558

  34. Wilf, H.S.: Generatingfunctionology. Academic Press, Cambridge (1994)

    MATH  Google Scholar 

  35. Newman, M.E.J., Strogatz, S.H., Watts, D.J.: Random graphs with arbitrary degree distributions and their applications. Phys. Rev. E 64, 026118 (2001)

    Article  Google Scholar 

  36. Beck, A.: Entwicklung einer Metrik zur automatisierten Analyse und Bewertung von Bedrohungsszenarien mit Hilfe neuraler Netzwerke (2016)

    Google Scholar 

  37. Erdős, P., Rényi, A.: On random graphs. Publicationes Mathematicae 6, 290–297 (1959)

    MathSciNet  MATH  Google Scholar 

  38. Corless, R.M., Gonnet, G.H., Hare, D.E.G., Jeffrey, D.J., Knuth, D.E.: On the Lambert W function. Comput. Math. 5, 329–359 (1996)

    MathSciNet  MATH  Google Scholar 

  39. König, S., Rass, S., Schauer, S., Beck, A.: Risk propagation analysis and visualization using percolation theory. Int. J. Adv. Comput. Sci. Appl. (IJACSA), 7(1) (2016)

    Google Scholar 

  40. Rass, S.: On Game-Theoretic Risk Management (Part One) - Towards a Theory of Games with Payoffs that are Probability-Distributions. ArXiv e-prints, June 2015. http://arxiv.org/abs/1506.07368

  41. Rass, S.: On game-theoretic risk management (part two) - algorithms to compute nash-equilibria in games with distributions as payoffs (2015). arXiv: 1511.08591

Download references

Acknowledgment

This work was supported by the European Commission’s Project No. 608090, HyRiM (Hybrid Risk Management for Utility Networks) under the 7th Framework Programme (FP7-SEC-2013-1).

Author information

Authors and Affiliations

  1. Digital Safety and Security Department, Austrian Institute of Technology GmbH, Klagenfurt, Austria

    Sandra König & Stefan Schauer

  2. System Security Group, Institute of Applied Informatics, Universität Klagenfurt, Klagenfurt, Austria

    Stefan Rass

Authors
  1. Sandra König
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Stefan Schauer
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Stefan Rass
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Sandra König .

Editor information

Editors and Affiliations

  1. Tampere University of Technology , Tampere, Finland

    Billy Bob Brumley

  2. Computer Science and Eng, University of Oulu, Oulu, Finland

    Juha Röning

Rights and permissions

Reprints and permissions

Copyright information

© 2016 Springer International Publishing AG

About this paper

Cite this paper

König, S., Schauer, S., Rass, S. (2016). A Stochastic Framework for Prediction of Malware Spreading in Heterogeneous Networks. In: Brumley, B., Röning, J. (eds) Secure IT Systems. NordSec 2016. Lecture Notes in Computer Science(), vol 10014. Springer, Cham. https://doi.org/10.1007/978-3-319-47560-8_5

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-47560-8_5

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-47559-2

  • Online ISBN: 978-3-319-47560-8

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation