Botnets, i.e., large systems of controlled agents, have become the most sophisticated and dangerous way of spreading malware. Their damaging actions can range from massive dispatching of e-mail spam messages, to denial of service attacks, to collection of private and sensitive information. Unlike standard computer viruses or worms, botnets spread silently without actively operating their damaging activity, and then are activated in a coordinated way to maximize the “benefit” of the malware. In this paper we propose two models based on compartmental differential equations derived from “standard” models in biological disease spreading. These models offer insight into the general behavior of botnets, allowing both the optimal tuning of botnets’ characteristics, and possible countermeasures to prevent them. We analyze, in closed form, some simple instances of the models whose parameters have non-ambiguous interpretation. We conclude the paper by discussing possible model extensions, which can be used to fine-tune the analysis of specific epidemic malware in the case that some parameters can be obtained from actual measurements of the botnet behavior.

Compartmental differential equations models of botnets and epidemic malware

Ajelli, Marco;Lo Cigno, Renato Antonio;Montresor, Alberto
2010

Abstract

Botnets, i.e., large systems of controlled agents, have become the most sophisticated and dangerous way of spreading malware. Their damaging actions can range from massive dispatching of e-mail spam messages, to denial of service attacks, to collection of private and sensitive information. Unlike standard computer viruses or worms, botnets spread silently without actively operating their damaging activity, and then are activated in a coordinated way to maximize the “benefit” of the malware. In this paper we propose two models based on compartmental differential equations derived from “standard” models in biological disease spreading. These models offer insight into the general behavior of botnets, allowing both the optimal tuning of botnets’ characteristics, and possible countermeasures to prevent them. We analyze, in closed form, some simple instances of the models whose parameters have non-ambiguous interpretation. We conclude the paper by discussing possible model extensions, which can be used to fine-tune the analysis of specific epidemic malware in the case that some parameters can be obtained from actual measurements of the botnet behavior.
Trento, Italia
Università di Trento
Ajelli, Marco; Lo Cigno, Renato Antonio; Montresor, Alberto
File in questo prodotto:
File Dimensione Formato  
TR-DISI-10-011.pdf

accesso aperto

Descrizione: Articolo esteso.
Tipologia: Pre-print non referato (Non-refereed preprint)
Licenza: Tutti i diritti riservati (All rights reserved)
Dimensione 3.07 MB
Formato Adobe PDF
3.07 MB Adobe PDF Visualizza/Apri

I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione

Utilizza questo identificativo per citare o creare un link a questo documento: http://hdl.handle.net/11572/112227
Citazioni
  • ???jsp.display-item.citation.pmc??? ND
  • Scopus ND
  • ???jsp.display-item.citation.isi??? ND
social impact