Modeling self-propagating malware with epidemiological models
Abstract Self-propagating malware (SPM) is responsible for large financial losses and major data breaches with devastating social impacts that cannot be understated. Well-known campaigns such as WannaCry and Colonial Pipeline have been able to propagate rapidly on the Internet and cause widespread s...
| Main Authors: | , , , , , |
|---|---|
| Format: | Article |
| Language: | English |
| Published: |
SpringerOpen
2023-08-01
|
| Series: | Applied Network Science |
| Subjects: | |
| Online Access: | https://doi.org/10.1007/s41109-023-00578-z |
| _version_ | 1827724090943733760 |
|---|---|
| author | Alesia Chernikova Nicolò Gozzi Nicola Perra Simona Boboila Tina Eliassi-Rad Alina Oprea |
| author_facet | Alesia Chernikova Nicolò Gozzi Nicola Perra Simona Boboila Tina Eliassi-Rad Alina Oprea |
| author_sort | Alesia Chernikova |
| collection | DOAJ |
| description | Abstract Self-propagating malware (SPM) is responsible for large financial losses and major data breaches with devastating social impacts that cannot be understated. Well-known campaigns such as WannaCry and Colonial Pipeline have been able to propagate rapidly on the Internet and cause widespread service disruptions. To date, the propagation behavior of SPM is still not well understood. As result, our ability to defend against these cyber threats is still limited. Here, we address this gap by performing a comprehensive analysis of a newly proposed epidemiological-inspired model for SPM propagation, the Susceptible-Infected-Infected Dormant-Recovered (SIIDR) model. We perform a theoretical analysis of the SIIDR model by deriving its basic reproduction number and studying the stability of its disease-free equilibrium points in a homogeneous mixed system. We also characterize the SIIDR model on arbitrary graphs and discuss the conditions for stability of disease-free equilibrium points. We obtain access to 15 WannaCry attack traces generated under various conditions, derive the model’s transition rates, and show that SIIDR fits the real data well. We find that the SIIDR model outperforms more established compartmental models from epidemiology, such as SI, SIS, and SIR, at modeling SPM propagation. |
| first_indexed | 2024-03-10T22:09:51Z |
| format | Article |
| id | doaj.art-e88104c4a9624d8eb27711fcb00459a7 |
| institution | Directory Open Access Journal |
| issn | 2364-8228 |
| language | English |
| last_indexed | 2024-03-10T22:09:51Z |
| publishDate | 2023-08-01 |
| publisher | SpringerOpen |
| record_format | Article |
| series | Applied Network Science |
| spelling | doaj.art-e88104c4a9624d8eb27711fcb00459a72023-11-19T12:42:00ZengSpringerOpenApplied Network Science2364-82282023-08-018114310.1007/s41109-023-00578-zModeling self-propagating malware with epidemiological modelsAlesia Chernikova0Nicolò Gozzi1Nicola Perra2Simona Boboila3Tina Eliassi-Rad4Alina Oprea5Northeastern UniversityISI FoundationSchool of Mathematical Sciences, Queen Mary University of LondonNortheastern UniversityNortheastern UniversityNortheastern UniversityAbstract Self-propagating malware (SPM) is responsible for large financial losses and major data breaches with devastating social impacts that cannot be understated. Well-known campaigns such as WannaCry and Colonial Pipeline have been able to propagate rapidly on the Internet and cause widespread service disruptions. To date, the propagation behavior of SPM is still not well understood. As result, our ability to defend against these cyber threats is still limited. Here, we address this gap by performing a comprehensive analysis of a newly proposed epidemiological-inspired model for SPM propagation, the Susceptible-Infected-Infected Dormant-Recovered (SIIDR) model. We perform a theoretical analysis of the SIIDR model by deriving its basic reproduction number and studying the stability of its disease-free equilibrium points in a homogeneous mixed system. We also characterize the SIIDR model on arbitrary graphs and discuss the conditions for stability of disease-free equilibrium points. We obtain access to 15 WannaCry attack traces generated under various conditions, derive the model’s transition rates, and show that SIIDR fits the real data well. We find that the SIIDR model outperforms more established compartmental models from epidemiology, such as SI, SIS, and SIR, at modeling SPM propagation.https://doi.org/10.1007/s41109-023-00578-zSelf-propagating malwareCompartmental modelsEpidemiologyModelingDynamical systems |
| spellingShingle | Alesia Chernikova Nicolò Gozzi Nicola Perra Simona Boboila Tina Eliassi-Rad Alina Oprea Modeling self-propagating malware with epidemiological models Applied Network Science Self-propagating malware Compartmental models Epidemiology Modeling Dynamical systems |
| title | Modeling self-propagating malware with epidemiological models |
| title_full | Modeling self-propagating malware with epidemiological models |
| title_fullStr | Modeling self-propagating malware with epidemiological models |
| title_full_unstemmed | Modeling self-propagating malware with epidemiological models |
| title_short | Modeling self-propagating malware with epidemiological models |
| title_sort | modeling self propagating malware with epidemiological models |
| topic | Self-propagating malware Compartmental models Epidemiology Modeling Dynamical systems |
| url | https://doi.org/10.1007/s41109-023-00578-z |
| work_keys_str_mv | AT alesiachernikova modelingselfpropagatingmalwarewithepidemiologicalmodels AT nicologozzi modelingselfpropagatingmalwarewithepidemiologicalmodels AT nicolaperra modelingselfpropagatingmalwarewithepidemiologicalmodels AT simonaboboila modelingselfpropagatingmalwarewithepidemiologicalmodels AT tinaeliassirad modelingselfpropagatingmalwarewithepidemiologicalmodels AT alinaoprea modelingselfpropagatingmalwarewithepidemiologicalmodels |