Skip to main content
SpringerLink
Log in

A stochastic epidemiological model for the propagation of active worms considering the dynamicity of network topology

  • Published:
Peer-to-Peer Networking and Applications Aims and scope Submit manuscript

Abstract

Topology-aware active worms, which use topological scanning for finding their victims, are one of the most serious threats in the Internet. Peer-to-peer (P2P) networks and applications are suitable environments for the spread of topology-aware active worms. Several models for the propagation behavior of these threats exist in the literature. Discrete-time models are usually more accurate than the continuous ones due to the nature of worm propagation, which is inherently a discrete-time process. On the other hand, as the propagation of worms is a stochastic process, the stochastic models enable us to study the stochastic characteristics of worm propagation process and are definitely useful. To the best of our knowledge, no stochastic model for the topology-aware active worm propagation has been developed yet. Also, none of the existing models consider the dynamic changes of network topology during the spread of worms. It is important that the network topology be taken into account as a key parameter in the model and at the same time, complex computations should be avoided. These are two important goals of this work, which were not considered in the existing models. In this paper, we introduce a new stochastic and discrete-time model for topology-aware active worm propagation (abbreviated as STAWP). The STAWP model considers the dynamicity of network topology and the join and leave of hosts in a simple manner. We have also extended the existing topology logic matrix (TLM) simulative model in order to meet the goals of the STAWP model. Comparing the results of our experiments using this extended model (i.e., extended TLM or ETLM) with the STAWP model, shows that their behaviors are nearly the same, which can be used to validate both models. Using the STAWP model, we have investigated the impact of several parameters in topology-aware active worm propagation process, the results of which are also presented in this paper.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7
Fig. 8
Fig. 9
Fig. 10
Fig. 11
Fig. 12

Similar content being viewed by others

References

  1. Fan X, Xiang Y (2010) Modeling the propagation of peer-to-peer worms. Futur Gener Comput Syst 26(8):1433–1443

    Article  Google Scholar 

  2. Xiang Y, Fan X, Zhu WT (2009) Propagation of active worms: a survey. Int J Comput Syst Sci Eng 24(3):157–172

    MATH  Google Scholar 

  3. Yu W (2004) Analyze the worm-based attack in large scale P2P. In Proceedings of the Eighth IEEE International Symposium on High Assurance Systems Engineering, College Station, TX, pp. 308–309

  4. Anderson RM, May RM, Anderson B (1992) Infectious diseases of humans: dynamics and control. Oxford Science, New York

    Google Scholar 

  5. Hatahet S, Bouabdallah A, Challal Y (2010) A new worm propagation threat in BitTorrent: modeling and analysis. Telecommun Syst 45(2–3):95–109

    Article  Google Scholar 

  6. Jafarabadi A, Azgomi MA (2011) On the impacts of join and leave on the propagation ratio of topology-aware active worms. In Proceedingd of the 4th International Conference on Security of Information and Networks (SIN′11), Sydney, pp. 209–214

  7. Jafarabadi A, Azgomi MA (2011) An SIR model for the propagation of topology-aware active worms considering the join and leave of hosts. In Proceedings of the 7th International Conference on Information Assurance and Security (IAS′11), Malacca, pp. 204–209

  8. Yu W, Wang X, Xuan D, Lee D (2006) Effective detection of active worms with varying scan rate. In Proceedings of the 2006 Securecomm and Workshops, Baltimore, pp. 1–10

  9. Li P, Salour M, Su X (2008) A survey of Internet worm detection and containment. IEEE Commun Surv Tutor 10(1):20–35

    Article  Google Scholar 

  10. Chen Z, Gao L, Kwiat K (2003) Modeling the spread of active worms. In Proceedings of the IEEE INFOCOM′03, pp. 1890–1900

  11. Zou CC, Towsley D, Gong W, Cai S (2005) Routing worm: a fast, selective attack worm based on IP address information. In Proceedings of the Workshop on Principles of Advanced and Distributed Simulation (PADS′5), Monterey, CA, pp. 199–206

  12. Zou CC, Towsley D, Gong W (2003) On the performance of internet worm scanning strategies. University of Massachusetts, Technical Report

  13. Qing S, Wen W (2005) A survey and trends on Internet worms. Comput Secur 24(4):334–346

    Article  Google Scholar 

  14. Milojicic DS et al. (2003) Peer-to-peer computing. HP Laboratories Palo Alto HPL-2002-57 (R.1)

  15. Kermack WO, McKendrick AG (1927) A contribution to the mathematical theory of epidemics. In Proceedings of the Royal College of Phisician, Edinburgh, pp. 700–721

  16. Andersson H, Britton T (2000) Stochastic epidemic models and their statistical analysis. Springer, New York

    Book  MATH  Google Scholar 

  17. Li MY, Graef JR, Wang L, Karsai J (1999) Global dynamics of a SEIR model with varying total population size. Math Biosci 160(2):191–213

    Article  MathSciNet  MATH  Google Scholar 

  18. Sehgal VK (2006) Stochastic modeling of worm propagation in trusted networks. In Proceedings of the International Conference on Security and Management, Las Vegas, pp. 26–29

  19. Bailey NT (1975) The mathematical theory of infectious diseases and its applications. Hafner Press, New York

    MATH  Google Scholar 

  20. Walter GG, Contreras M (1999) Compartmental modeling with networks. BIRKHAUSER, Boston

    Book  MATH  Google Scholar 

  21. Zhang X-S, Chen T, Zheng J, Li H (2010) Proactive worm propagation modeling and analysis in unstructured peer-to-peer networks. J Zhejiang Univ Sci C (Comput Electron) 11(2):119–129

    Article  Google Scholar 

  22. Wang Y, Wen S, Cesare S, Zhou W, Xiang Y (2011) The microcosmic model of worm propagation. Comput J 54(10):1700–1720

    Article  Google Scholar 

  23. Toutonji OA, Yoo S-M, Park M (2012) Stability analysis of VEISV propagation modeling for network worm attack. Appl Math Model 36(6):2751–2761

    Article  MathSciNet  MATH  Google Scholar 

  24. Rohloff K, Basar T (2005) Stochastic behavior of random constant scanning worms. In Proceedings of the 14th International Conference onComputer Communications and Networks (ICCCN′05), San Diego, pp. 339–344

  25. Sellke S, Shroff NB, Bagchi S (2005) Modeling and automated containment of worms. In Proceedings of the International Conference on Dependable Systems and Networks (DSN′05), Yokohama, pp. 528–537

  26. Wang Y, Zhou W, Cesare C, Zhou W, Xiang Y (2011) Eliminating errors in worm propagation models. IEEE Commun Lett 15(9):1022–1024

    Article  Google Scholar 

  27. Wen S et al (2013) Modeling propagation dynamics of social network worms. IEEE Trans Parallel Distrib Syst 24(8):1633–1643

    Article  Google Scholar 

  28. Wen S, Zhou W, Wang Y, Zhou W, Xiang Y (2012) Locating defense positions for thwarting the propagation of topological worms. IEEE Commun Lett 4(560–563):16

    Google Scholar 

  29. Zou CC, Gong W, Towsley D (2002) Code Red worm propagation modeling and analysis. In Proceedings of the 9th ACM Conference on Computer and Communications Security (CCS′02), Washington DC, pp. 138–147

  30. Frauenthal JC (1980) Mathematical modeling in epidemology. Springer, New York

    Book  Google Scholar 

  31. Xie Y, Hu J, Tang S, Huang X (2013) A forwarded-backward algorithm for nested hidden semi-Markov model and application to network traffic. Comput J 56(2):229–238

    Article  Google Scholar 

  32. Xie Y et al (2013) Modelling oscillation behaviour of network traffic by nested Hidden Markov Model with variable state-duration. IEEE Trans Parallel Distrib Syst 24(9):1807–1817

    Article  Google Scholar 

Download references

Acknowledgment

We are grateful to Iran National Science Foundation (INSF) for financial support of this research.

Author information

Authors and Affiliations

  1. Trustworthy Computing Laboratory, School of Computer Engineering, Iran University of Science and Technology, Hengam St., Resalat Sq, Tehran, Iran, 16846-13114

    Ahmad Jafarabadi & Mohammad Abdollahi Azgomi

Authors
  1. Ahmad Jafarabadi
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Mohammad Abdollahi Azgomi
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Mohammad Abdollahi Azgomi.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Jafarabadi, A., Azgomi, M.A. A stochastic epidemiological model for the propagation of active worms considering the dynamicity of network topology. Peer-to-Peer Netw. Appl. 8, 1008–1022 (2015). https://doi.org/10.1007/s12083-014-0306-y

Download citation

  • Received:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s12083-014-0306-y

Keywords

Search

Navigation