Chapter 3

Early malware diffusion modeling methodologies

Abstract

In this chapter, we introduce some notable malware modeling approaches that have been popular in the literature almost for the past three decades. These traditional modeling methodologies have been extending concepts and notions from the epidemics field in the computer and communications networks application domain in an attempt to describe the observed behavior of malware dynamics as closely as possible. The traditional epidemics models have been developed in the framework of ordinary differential equations and their objective is to describe cumulatively how members of interacting populations change states with respect to their interactions. In this chapter, we present the simple and generalized epidemics models and based on them, two additional variations of these models, namely, the two-factor and dynamic quarantine models, for modeling malware mainly in wired networks and the Internet. Additional relevant models are also provided. These models are later exploited in the second part of the book to develop more advanced models for stochastic optimal control of malware dynamics.

Epidemics equations; Simple epidemic model; General epidemic model; Two-factor model; Dynamic quarantine model; Malware diffusion modeling; Ordinary differential equations

3.1. Introduction

Attempts to model malware diffusion have started as early as the first cyber-attacks1 broke out and their potential financial and technological impact was realized to a pragmatic and accurate extent. These first approaches were mainly based on the earlier methodologies developed in the fields of biology and anthropology describing the spreading of viruses and diseases over living organisms, etc. They utilized elements from the theory of ordinary differential equations (ODEs) [40] (a brief review of the required knowledge from ODE theory is contained in Appendix A), so that the corresponding approaches can be essentially described as deterministic epidemiology modeling [99]. Following suit, various other attempts to extend those initial modeling approaches were employed, by applying stochastic modeling techniques that allowed to incorporate in the developed analytical models various quantitative observations obtained by processing and analysis of real measurement data.
Apart from their historic value, such approaches are quite important for the field of malware modeling, since they are often used as a basis for developing more complicated models. Also, they are successful in revealing the basic emerging trends of malware dynamics observed. In the following, we describe each family of these early modeling approaches separately and then add some additional perspective by illustrating their advantages and limitations, thus paving the way for the more advanced approaches emerging nowadays. The latter are covered in Part 2. We focus on these established analytical models and explain in detail the type of behavior they describe, while also analyzing their relation with realistic malware examples. We also note for each of such examples the degree to which the corresponding model is successful in practical considerations and possible extensions that would be desired in order to be able to cover the existing diffusing attacks even more successfully.
..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset