CSDL Home IEEE Transactions on Dependable and Secure Computing 2012 vol.9 Issue No.01 - January/February

Subscribe

Issue No.01 - January/February (2012 vol.9)

pp: 30-45

Shouhuai Xu , University of Texas at San Antonio, San Antonio

Wenlian Lu , Fudan University, Shanghai

Zhenxin Zhan , University of Texas at San Antonio, San Antonio

DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/TDSC.2011.33

ABSTRACT

Understanding the spreading dynamics of computer viruses (worms, attacks) is an important research problem, and has received much attention from the communities of both computer security and statistical physics. However, previous studies have mainly focused on single-virus spreading dynamics. In this paper, we study multivirus spreading dynamics, where multiple viruses attempt to infect computers while possibly combating against each other because, for example, they are controlled by multiple botmasters. Specifically, we propose and analyze a general model (and its two special cases) of multivirus spreading dynamics in arbitrary networks (i.e., we do not make any restriction on network topologies), where the viruses may or may not coreside on computers. Our model offers analytical results for addressing questions such as: What are the sufficient conditions (also known as epidemic thresholds) under which the multiple viruses will die out? What if some viruses can "rob” others? What characteristics does the multivirus epidemic dynamics exhibit when the viruses are (approximately) equally powerful? The analytical results make a fundamental connection between two types of factors: defense capability and network connectivity. This allows us to draw various insights that can be used to guide security defense.

INDEX TERMS

Multiple virus dynamics, epidemic dynamics, epidemic threshold, complex networks, complex systems, cyber warfare model.

CITATION

Shouhuai Xu, Wenlian Lu, Zhenxin Zhan, "A Stochastic Model of Multivirus Dynamics",

*IEEE Transactions on Dependable and Secure Computing*, vol.9, no. 1, pp. 30-45, January/February 2012, doi:10.1109/TDSC.2011.33REFERENCES

- [1] P. Ammann, D. Wijesekera, and S. Kaushik, "Scalable, Graph-Based Network Vulnerability Analysis,"
Proc. the Ninth ACM Conf. Computer and Comm. Security (CCS '02), pp. 217-224, 2002.- [2] R. Anderson and R. May,
Infectious Diseases of Humans. Oxford Univ. Press, 1991.- [3] N. Bailey,
The Mathematical Theory of Infectious Diseases and Its Applications, second, ed. Hafner Press, 1975.- [4] A. Barabasi and R. Albert, "Emergence of Scaling in Random Networks,"
Science, vol. 286, pp. 509-512, 1999.- [5] A. Berman and N. Shaked-Monderer,
Completely Positive Matrices. World Scientific Publishing, 2003.- [6] E. Bursztein, "Extending Anticipation Games with Location, Penalty and Timeline,"
Proc. the Fifth Int'l Workshop Formal Aspects in Security and Trust (FAST '08), 2008.- [7] E. Bursztein, "NetQi: A Model Checker for Anticipation Game,"
Proc. the Sixth Int'l Symp. Automated Technology for Verification and Analysis (ATVA '08), pp. 246-251, 2008.- [8] E. Bursztein and J. Goubault-Larrecq, "A Logical Framework for Evaluating Network Resilience against Faults and Attacks,"
ASIAN '07: Proc. 12th Asian Computing Science Conf. Advances in Computer Science, pp. 212-227, 2007.- [9] E. Bursztein and J. Mitchell, "Using Strategy Objectives for Network Security Analysis,"
Proc. Fifth Int'l Conf. Information Security and Cryptology (Inscrypt '09), 2009.- [10] D. Chakrabarti, Y. Wang, C. Wang, J. Leskovec, and C. Faloutsos, "Epidemic Thresholds in Real Networks,"
ACM Trans. Information and System Security, vol. 10, no. 4, pp. 1-26, 2008.- [11] R. Chinchani, A. Iyer, H. Ngo, and S. Upadhyaya, "Towards a Theory of Insider Threat Assessment,"
Proc. Int'l Conf. Dependable Systems and Networks (DSN '05), pp. 108-117, 2005.- [12] M. Dacier and Y. Deswarte, "Privilege Graph: An Extension to the Typed Access Matrix Model,"
Proc. Third European Symp. Research in Computer Security (ESORICS '94), pp. 319-334, 1994.- [13] A. Ganesh, L. Massoulie, and D. Towsley, "The Effect of Network Topology on the Spread of Epidemics,"
Proc. IEEE INFOCOM '05, 2005.- [14] J. Hale,
Ordinary Differential Equations. Interscience, 1969.- [15] H. Hethcote, "The Mathematics of Infectious Diseases,"
SIAM Rev., vol. 42, no. 4, pp. 599-653, 2000.- [16] R. Horn and C. Johnson,
Matrix Analysis. Cambridge Univ. Press, 1985.- [17] R. Horn and C. Johnson,
Topics in Matrix Analysis. Cambridge Univ. Press, 1991.- [18] S. Jha and J. Wing, "Survivability Analysis of Networked Systems,"
Proc. 23rd Int'l Conf. Software Eng. (ICSE '01), pp. 307-317, 2001.- [19] J. Kephart and S. White, "Directed-Graph Epidemiological Models of Computer Viruses,"
Proc. IEEE Symp. Security and Privacy, pp. 343-361, 1991.- [20] J. Kephart and S. White, "Measuring and Modeling Computer Virus Prevalence,"
Proc. IEEE Symp. Security and Privacy, pp. 2-15, 1993.- [21] W. Kermack and A. McKendrick, "A Contribution to the Mathematical Theory of Epidemics,"
Proc. Royal Soc. London A, vol. 115, pp. 700-721, 1927.- [22] A. McKendrick, "Applications of Mathematics to Medical Problems,"
Proc. Edinburgh Math. Soc., vol. 14, pp. 98-130, 1926.- [23] A. Medina, A. Lakhina, I. Matta, and J. Byers, "Brite: An Approach to Universal Topology Generation,"
Proc. Int'l Symp. Modeling, Analysis and Simulation of Computer and Telecomm. Systems (MASCOTS '01), pp. 346-356, 2001.- [24] V. Mehta, C. Bartzis, H. Zhu, E. Clarke, and J. Wing, "Ranking Attack Graphs,"
Proc. Int'l Symp. Recent Advances in Intrusion Detection (RAID '06), pp. 127-144, 2006.- [25] Y. Moreno, R. Pastor-Satorras, and A. Vespignani, "Epidemic Outbreaks in Complex Heterogeneous Networks,"
European Physical J. B, vol. 26, pp. 521-529, 2002.- [26] R. Naraine, "'Friendly' Welchia Worm Wreaking Havoc," http://www.internetnews.com/ent-news/article.php/ 3065761Friendly-Welchia-Worm-Wreaking-Havoc.htm , Aug. 2003.
- [27] S. Noel, S. Jajodia, B. O'Berry, and M. Jacobs, "Efficient Minimum-Cost Network Hardening via Exploit Dependency Graphs,"
Proc. 19th Ann. Computer Security Applications Conf. (ACSAC '03), pp. 86-95, 2003.- [28] R. Ortalo, Y. Deswarte, and M. Kaaniche, "Experimenting with Quantitative Evaluation Tools for Monitoring Operational Security,"
IEEE Trans. Software Eng., vol. 25, no. 5, pp. 633-650, Sept./Oct. 1999.- [29] R. Pastor-Satorras and A. Vespignani, "Epidemics and Immunization in Scale-Free Networks,"
Handbook of Graphs and Networks: From the Genome to the Internet. Wiley-VCH, 2003.- [30] R. Pastor-Satorras and A. Vespignani, "Epidemic Dynamics and Endemic States in Complex Networks,"
Physical Rev. E, vol. 63, p. 066117, 2001.- [31] R. Pastor-Satorras and A. Vespignani, "Epidemic Dynamics in Finite Size Scale-Free Networks,"
Physical Rev. E, vol. 65, p. 035108, 2002.- [32] Y. Pesin, "Characteristic Lyapunov Exponents and Smooth Ergodic Theory,"
Russ Math Survey, vol. 32, no. 4, pp. 55-114, 1977.- [33] C. Phillips and L. Swiler, "A Graph-Based System for Network-Vulnerability Analysis,"
Proc. 1998 Workshop New Security Paradigms (NSPW '98), pp. 71-79, 1998.- [34] Y. Wang, D. Chakrabarti, C. Wang, and C. Faloutsos, "Epidemic Spreading in Real Networks: An Eigenvalue Viewpoint,"
Proc. 22nd IEEE Symp. Reliable Distributed Systems (SRDS '03), pp. 25-34, 2003.- [35] L. Zhou, L. Zhang, F. McSherry, N. Immorlica, M. Costa, and S. Chien, "An Effective Architecture Algorithm for Detecting Worms with Various Scan,"
Proc. Fourth Int'l Workshop Peer-to-Peer Systems (IPTPS '05), 2005. |