Home   >   CSC-OpenAccess Library   >    Manuscript Information
On the Malware Front
Robert Kooij, H.J. van der Molen
Pages - 72 - 81     |    Revised - 15-09-2012     |    Published - 25-10-2012
Volume - 4   Issue - 4    |    Publication Date - October 2012  Table of Contents
Virus Spread, Epidemic Threshold, Heterogeneous Networks, Diversification
The purpose of this article is to extend related research on the spread of malware in networks and to assess the security impact of certain measures against the spread of malware. We examine the influence of heterogeneous infection and curing rates for a Susceptible-Infected-Susceptible (SIS) model, that is used to describe the spread of malware on the Internet. The topology structure considered is the regular graph, which represents homogeneous network structures. We present a new method to calculate the steady state of heterogeneous populations, for the general case with m subpopulations. Using this method, we give the explicit conditions under which the malware persists in the network. Next we give calculation examples which are based on the assumption of two subpopulations and explore this method in more detail, proving that the method produces valid outcomes and that the basic reproduction numbers R for each subpopulation are the only factors determining the steady state situation. The value of R depends on the effectiveness of attacking malware and the defending countermeasures. We then consider some special cases for subpopulations in regular graphs using this method. In the first case the protection against malware is assumed to be absent within one subpopulation. The calculations show that it pays off for the subpopulations with the best protection to help other, less protected subpopulations. The second case describes the effect of diversification against malware, when one subpopulation does not share the vulnerabilities with the rest of the population to become infected with malware and propagate that malware. The results show that diversification is an effective countermeasure against the propagation of malware. Based on the market share of the software, we estimate the 'resistance' of different compartments against malware. Using statistical data, we finally show that dividing a population in two subpopulations increases the accuracy of the model. Based on this data, we also show that the use of security software does not correlate very well with the number of reported infections.
1 Google Scholar 
2 CiteSeerX 
3 refSeek 
4 Scribd 
5 PdfSR 
A. Ganesh, L. Massoulié and D. Towsley. “The Effect of Network Topology on the Spread of Epidemics”, Proc. IEEE INFOCOM.05, Miami, 2005.
D.K. Daley and J. Gani. “Epidemic modelling: An Introduction”, Cambridge University Press, 1999.
J. Guckenheimer and P. Holmes. “Nonlinear oscillations, dynamical systems, and bifurcations of vector fields”, New York: Springer, 1983
J. Omic, R.E. Kooij and P. Van Mieghem. “Heterogenous protection in regular and complete bipartite networks”, Proc. of Networking 2009, Aachen Germany, 11-15 May, 2009.
J.O. Kephart and S.R. White. “Direct-graph epidemiological models of computer viruses”, Proc.IEEE Computer Society Symposium on Research in Security and Privacy, pp. 343-359, 1991.
MessageLabs Intelligence. “2010 Annual Security Report”, December 7, 2010 http://www.inteco.es/file/27gHxrzWsYyeyRTFYq8MuQ [2012-10-05]
N.T.J. Bailey. “The Mathematical Theory of Infectious Diseases and its Applications”, London:Charlin Griffin & Company, 2nd ed., 1975.
P. Van Mieghem, J. Omic, and R.E. Kooij. “Virus spread in networks”. IEEE/ACM Transactions on Networking, 17(1), 1-14, 2009.
R. Pastor-Satorras and A. Vespignani. “Epidemic Spreading in Scale-Free Networks”, Physical Review Letters, Vol. 86, No. 14, April, 3200-3203, 2001.
See for market share used (OS, Browser and Office software) [2012-05-20]:http://marketshare.hitslink.com/operating-system-market-share.aspx?qprid=8;http://marketshare.hitslink.com/browser-marketshare.aspx?qprid=0&qpcustomd=0&qptimeframe=M&qpsp=155;www.webmasterpro.de/portal/news/2010/02/05/international-openoffice-market-shares.html.
T. Gross, C. Dommar D’Lima and B. Blasius. “Epidemic dynamics on an adaptive network”,Physical Review Letters 96, 208701–4, 2006.
Y. Wang and C. Wang. “Modeling the Effects of Timing Parameters on Virus Propagation”. ACM Workshop on Rapid Malcode, Washington, DC, Oct. 27, 2003.
Y. Wang, D. Chakrabarti, C. Wang, and C. Faloutsos. “Epidemic spreading in real networks: An eigenvalue viewpoint”, IEEE Computer Society, 22nd International Symposium on Reliable Distributed Systems (SRDS’03), pages 25—34, Los Alamitos, CA, USA, 2003.
Professor Robert Kooij
Delft University of Technology - Netherlands
Mr. H.J. van der Molen
Wageningen University - Netherlands

View all special issues >>