Home   >   CSC-OpenAccess Library   >    Manuscript Information
Full Text Available

This is an Open Access publication published under CSC-OpenAccess Policy.
On the Malware Front
Robert Kooij, H.J. van der Molen
Pages - 72 - 81     |    Revised - 15-09-2012     |    Published - 25-10-2012
Volume - 4   Issue - 4    |    Publication Date - October 2012  Table of Contents
Virus Spread, Epidemic Threshold, Heterogeneous Networks, Diversification
The purpose of this article is to extend related research on the spread of malware in networks and to assess the security impact of certain measures against the spread of malware. We examine the influence of heterogeneous infection and curing rates for a Susceptible-Infected-Susceptible (SIS) model, that is used to describe the spread of malware on the Internet. The topology structure considered is the regular graph, which represents homogeneous network structures. We present a new method to calculate the steady state of heterogeneous populations, for the general case with m subpopulations. Using this method, we give the explicit conditions under which the malware persists in the network. Next we give calculation examples which are based on the assumption of two subpopulations and explore this method in more detail, proving that the method produces valid outcomes and that the basic reproduction numbers R for each subpopulation are the only factors determining the steady state situation. The value of R depends on the effectiveness of attacking malware and the defending countermeasures. We then consider some special cases for subpopulations in regular graphs using this method. In the first case the protection against malware is assumed to be absent within one subpopulation. The calculations show that it pays off for the subpopulations with the best protection to help other, less protected subpopulations. The second case describes the effect of diversification against malware, when one subpopulation does not share the vulnerabilities with the rest of the population to become infected with malware and propagate that malware. The results show that diversification is an effective countermeasure against the propagation of malware. Based on the market share of the software, we estimate the 'resistance' of different compartments against malware. Using statistical data, we finally show that dividing a population in two subpopulations increases the accuracy of the model. Based on this data, we also show that the use of security software does not correlate very well with the number of reported infections.
CITED BY (0)  
1 Google Scholar
2 CiteSeerX
3 refSeek
4 Scribd
5 PdfSR
1 MessageLabs Intelligence. “2010 Annual Security Report”, December 7, 2010 http://www.inteco.es/file/27gHxrzWsYyeyRTFYq8MuQ [2012-10-05]
2 J.O. Kephart and S.R. White. “Direct-graph epidemiological models of computer viruses”, Proc.IEEE Computer Society Symposium on Research in Security and Privacy, pp. 343-359, 1991.
3 R. Pastor-Satorras and A. Vespignani. “Epidemic Spreading in Scale-Free Networks”, Physical Review Letters, Vol. 86, No. 14, April, 3200-3203, 2001.
4 A. Ganesh, L. Massoulié and D. Towsley. “The Effect of Network Topology on the Spread of Epidemics”, Proc. IEEE INFOCOM.05, Miami, 2005.
5 N.T.J. Bailey. “The Mathematical Theory of Infectious Diseases and its Applications”, London:Charlin Griffin & Company, 2nd ed., 1975.
6 D.K. Daley and J. Gani. “Epidemic modelling: An Introduction”, Cambridge University Press, 1999.
7 Y. Wang, D. Chakrabarti, C. Wang, and C. Faloutsos. “Epidemic spreading in real networks: An eigenvalue viewpoint”, IEEE Computer Society, 22nd International Symposium on Reliable Distributed Systems (SRDS’03), pages 25—34, Los Alamitos, CA, USA, 2003.
8 P. Van Mieghem, J. Omic, and R.E. Kooij. “Virus spread in networks”. IEEE/ACM Transactions on Networking, 17(1), 1-14, 2009.
9 Y. Wang and C. Wang. “Modeling the Effects of Timing Parameters on Virus Propagation”. ACM Workshop on Rapid Malcode, Washington, DC, Oct. 27, 2003.
10 T. Gross, C. Dommar D’Lima and B. Blasius. “Epidemic dynamics on an adaptive network”,Physical Review Letters 96, 208701–4, 2006.
11 J. Omic, R.E. Kooij and P. Van Mieghem. “Heterogenous protection in regular and complete bipartite networks”, Proc. of Networking 2009, Aachen Germany, 11-15 May, 2009.
12 J. Guckenheimer and P. Holmes. “Nonlinear oscillations, dynamical systems, and bifurcations of vector fields”, New York: Springer, 1983
13 See for market share used (OS, Browser and Office software) [2012-05-20]:http://marketshare.hitslink.com/operating-system-market-share.aspx?qprid=8;http://marketshare.hitslink.com/browser-marketshare.aspx?qprid=0&qpcustomd=0&qptimeframe=M&qpsp=155;www.webmasterpro.de/portal/news/2010/02/05/international-openoffice-market-shares.html.
Professor Robert Kooij
Delft University of Technology - Netherlands
Mr. H.J. van der Molen
Wageningen University - Netherlands