Compartmental differential equations models of botnets and epidemic malware

Botnets, i.e., large systems of controlled agents, have become the most sophisticated and dangerous way of spreading malware. Their damaging actions can range from massive dispatching of e-mail spam messages, to denial of service attacks, to collection of private and sensitive information. Unlike standard computer viruses or worms, botnets spread silently without actively operating their damaging activity, and then are activated in a coordinated way to maximize the “benefit” of the malware. In this paper we propose two models based on compartmental differential equations derived from “standard” models in biological disease spreading. These models offer insight into the general behavior of botnets, allowing both the optimal tuning of botnets’ characteristics, and possible countermeasures to prevent them. We analyze, in closed form, some simple instances of the models whose parameters have non-ambiguous interpretation. We conclude the paper by discussing possible model extensions, which can be used to fine-tune the analysis of specific epidemic malware in the case that some parameters can be obtained from actual measurements of the botnet behavior.