Abstract
Topology-aware active worms, which use topological scanning for finding their victims, are one of the most serious threats in the Internet. Peer-to-peer (P2P) networks and applications are suitable environments for the spread of topology-aware active worms. Several models for the propagation behavior of these threats exist in the literature. Discrete-time models are usually more accurate than the continuous ones due to the nature of worm propagation, which is inherently a discrete-time process. On the other hand, as the propagation of worms is a stochastic process, the stochastic models enable us to study the stochastic characteristics of worm propagation process and are definitely useful. To the best of our knowledge, no stochastic model for the topology-aware active worm propagation has been developed yet. Also, none of the existing models consider the dynamic changes of network topology during the spread of worms. It is important that the network topology be taken into account as a key parameter in the model and at the same time, complex computations should be avoided. These are two important goals of this work, which were not considered in the existing models. In this paper, we introduce a new stochastic and discrete-time model for topology-aware active worm propagation (abbreviated as STAWP). The STAWP model considers the dynamicity of network topology and the join and leave of hosts in a simple manner. We have also extended the existing topology logic matrix (TLM) simulative model in order to meet the goals of the STAWP model. Comparing the results of our experiments using this extended model (i.e., extended TLM or ETLM) with the STAWP model, shows that their behaviors are nearly the same, which can be used to validate both models. Using the STAWP model, we have investigated the impact of several parameters in topology-aware active worm propagation process, the results of which are also presented in this paper.
Similar content being viewed by others
References
Fan X, Xiang Y (2010) Modeling the propagation of peer-to-peer worms. Futur Gener Comput Syst 26(8):1433–1443
Xiang Y, Fan X, Zhu WT (2009) Propagation of active worms: a survey. Int J Comput Syst Sci Eng 24(3):157–172
Yu W (2004) Analyze the worm-based attack in large scale P2P. In Proceedings of the Eighth IEEE International Symposium on High Assurance Systems Engineering, College Station, TX, pp. 308–309
Anderson RM, May RM, Anderson B (1992) Infectious diseases of humans: dynamics and control. Oxford Science, New York
Hatahet S, Bouabdallah A, Challal Y (2010) A new worm propagation threat in BitTorrent: modeling and analysis. Telecommun Syst 45(2–3):95–109
Jafarabadi A, Azgomi MA (2011) On the impacts of join and leave on the propagation ratio of topology-aware active worms. In Proceedingd of the 4th International Conference on Security of Information and Networks (SIN′11), Sydney, pp. 209–214
Jafarabadi A, Azgomi MA (2011) An SIR model for the propagation of topology-aware active worms considering the join and leave of hosts. In Proceedings of the 7th International Conference on Information Assurance and Security (IAS′11), Malacca, pp. 204–209
Yu W, Wang X, Xuan D, Lee D (2006) Effective detection of active worms with varying scan rate. In Proceedings of the 2006 Securecomm and Workshops, Baltimore, pp. 1–10
Li P, Salour M, Su X (2008) A survey of Internet worm detection and containment. IEEE Commun Surv Tutor 10(1):20–35
Chen Z, Gao L, Kwiat K (2003) Modeling the spread of active worms. In Proceedings of the IEEE INFOCOM′03, pp. 1890–1900
Zou CC, Towsley D, Gong W, Cai S (2005) Routing worm: a fast, selective attack worm based on IP address information. In Proceedings of the Workshop on Principles of Advanced and Distributed Simulation (PADS′5), Monterey, CA, pp. 199–206
Zou CC, Towsley D, Gong W (2003) On the performance of internet worm scanning strategies. University of Massachusetts, Technical Report
Qing S, Wen W (2005) A survey and trends on Internet worms. Comput Secur 24(4):334–346
Milojicic DS et al. (2003) Peer-to-peer computing. HP Laboratories Palo Alto HPL-2002-57 (R.1)
Kermack WO, McKendrick AG (1927) A contribution to the mathematical theory of epidemics. In Proceedings of the Royal College of Phisician, Edinburgh, pp. 700–721
Andersson H, Britton T (2000) Stochastic epidemic models and their statistical analysis. Springer, New York
Li MY, Graef JR, Wang L, Karsai J (1999) Global dynamics of a SEIR model with varying total population size. Math Biosci 160(2):191–213
Sehgal VK (2006) Stochastic modeling of worm propagation in trusted networks. In Proceedings of the International Conference on Security and Management, Las Vegas, pp. 26–29
Bailey NT (1975) The mathematical theory of infectious diseases and its applications. Hafner Press, New York
Walter GG, Contreras M (1999) Compartmental modeling with networks. BIRKHAUSER, Boston
Zhang X-S, Chen T, Zheng J, Li H (2010) Proactive worm propagation modeling and analysis in unstructured peer-to-peer networks. J Zhejiang Univ Sci C (Comput Electron) 11(2):119–129
Wang Y, Wen S, Cesare S, Zhou W, Xiang Y (2011) The microcosmic model of worm propagation. Comput J 54(10):1700–1720
Toutonji OA, Yoo S-M, Park M (2012) Stability analysis of VEISV propagation modeling for network worm attack. Appl Math Model 36(6):2751–2761
Rohloff K, Basar T (2005) Stochastic behavior of random constant scanning worms. In Proceedings of the 14th International Conference onComputer Communications and Networks (ICCCN′05), San Diego, pp. 339–344
Sellke S, Shroff NB, Bagchi S (2005) Modeling and automated containment of worms. In Proceedings of the International Conference on Dependable Systems and Networks (DSN′05), Yokohama, pp. 528–537
Wang Y, Zhou W, Cesare C, Zhou W, Xiang Y (2011) Eliminating errors in worm propagation models. IEEE Commun Lett 15(9):1022–1024
Wen S et al (2013) Modeling propagation dynamics of social network worms. IEEE Trans Parallel Distrib Syst 24(8):1633–1643
Wen S, Zhou W, Wang Y, Zhou W, Xiang Y (2012) Locating defense positions for thwarting the propagation of topological worms. IEEE Commun Lett 4(560–563):16
Zou CC, Gong W, Towsley D (2002) Code Red worm propagation modeling and analysis. In Proceedings of the 9th ACM Conference on Computer and Communications Security (CCS′02), Washington DC, pp. 138–147
Frauenthal JC (1980) Mathematical modeling in epidemology. Springer, New York
Xie Y, Hu J, Tang S, Huang X (2013) A forwarded-backward algorithm for nested hidden semi-Markov model and application to network traffic. Comput J 56(2):229–238
Xie Y et al (2013) Modelling oscillation behaviour of network traffic by nested Hidden Markov Model with variable state-duration. IEEE Trans Parallel Distrib Syst 24(9):1807–1817
Acknowledgment
We are grateful to Iran National Science Foundation (INSF) for financial support of this research.
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Jafarabadi, A., Azgomi, M.A. A stochastic epidemiological model for the propagation of active worms considering the dynamicity of network topology. Peer-to-Peer Netw. Appl. 8, 1008–1022 (2015). https://doi.org/10.1007/s12083-014-0306-y
Received:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s12083-014-0306-y