Litcius/Paper detail

Modeling self-propagating malware with epidemiological models

Alesia Chernikova, Nicolò Gozzi, Nicola Perra, Simona Boboila, Tina Eliassi‐Rad, Alina Oprea

2023Applied Network Science24 citationsDOIOpen Access PDF

Abstract

Abstract Self-propagating malware (SPM) is responsible for large financial losses and major data breaches with devastating social impacts that cannot be understated. Well-known campaigns such as WannaCry and Colonial Pipeline have been able to propagate rapidly on the Internet and cause widespread service disruptions. To date, the propagation behavior of SPM is still not well understood. As result, our ability to defend against these cyber threats is still limited. Here, we address this gap by performing a comprehensive analysis of a newly proposed epidemiological-inspired model for SPM propagation, the Susceptible-Infected-Infected Dormant-Recovered (SIIDR) model. We perform a theoretical analysis of the SIIDR model by deriving its basic reproduction number and studying the stability of its disease-free equilibrium points in a homogeneous mixed system. We also characterize the SIIDR model on arbitrary graphs and discuss the conditions for stability of disease-free equilibrium points. We obtain access to 15 WannaCry attack traces generated under various conditions, derive the model’s transition rates, and show that SIIDR fits the real data well. We find that the SIIDR model outperforms more established compartmental models from epidemiology, such as SI, SIS, and SIR, at modeling SPM propagation.

Topics & Concepts

MalwareEpidemic modelComputer scienceStability (learning theory)The InternetComputer securityBasic reproduction numberEconometricsMathematicsMachine learningPopulationSociologyDemographyWorld Wide WebNetwork Security and Intrusion DetectionMathematical and Theoretical Epidemiology and Ecology ModelsSpam and Phishing Detection
Modeling self-propagating malware with epidemiological models | Litcius