In the previous chapters, this book presented a multitude of malware diffusion modeling frameworks and methodologies, some older and some state-of-the-art. With respect to the employed mathematical tools, objectives and obtained results, all these approaches exhibit characteristic diversity. However, within this variety of techniques and results, several emerging trends may be identified, which can be of significant aid in exploiting these approaches in the future, and more generally for rethinking the current state-of-the-art.
In this chapter, we provide a summary of the most general and most important principles that emerged from the presented methodologies in a codified manner, hoping that they could be exploited both for extending the same frameworks themselves, and applied in other disciplines or similar processes as well.
As mentioned before, the main application domain of the presented framework was networking and more specifically wireless complex and multihop networks. However, all the provided approaches can be extended in other types of wireless and wired networks, and in fact some of them already have, e.g. those presented in
Chapters 4, and . Additionally, the demonstrated methodologies and techniques can be applied in other domains of Network Science (
Chapter 9). The following lessons learned/emerging trends can aid toward this direction and toward tackling some of the open problems provided in the previous chapter as well.
Lesson 11.1
Queuing and Malware
The queuing framework presented inChapter 4is a holistic approach for modeling malware diffusion in spreading/propagative networks, fixed networks, and networks with churn and even formulate optimization problems for studying attack strategies. Currently, available analytic results cover wireless multihop networks and for fixed topologies complex networks as well. Lesson 11.2
MRFs and Malware
The MRF framework is a very powerful and generic framework that is capable to describe malware dynamics and information dissemination in broader cases, even when correlations emerge between information/malware and recoveries or between nodes. The framework has been demonstrated for all types of complex networks. It is a simple approach, even though of suboptimal nature.
Lesson 11.3
Optimal Control and Malware
The optimal control framework presented inChapter 6is also a very powerful framework, which can be used almost identically for malware diffusion and information dissemination modeling. It can span many different scenarios and types of objective functions and operational scenarios. Furthermore, stochastic optimal control can be further exploited on the specific basis for more generic modeling approaches. We showed that tradeoffs in reaching an objective do not necessarily imply an intermediate value of control, but rather, when the degree of freedom of having a time-dependent decision is introduced, the tradeoffs imply different decisions at different times as the state of the system is evolved. We showed that by exploring the necessary conditions that an optimal control has to satisfy, significant insights about the structure of the solution can be obtained even before the closed-form or numerical solution is obtained. Qualitatively, we showed that static behavior of a new malware should not be interpreted as its natural trait, as there is a possibility that this behavior is part of a dynamic strategy of the worm, and will be changed at a later optimal time.
Lesson 11.4
Game Theory and Malware
InChapter 7, we showed how to use differential game theory to model a situation when the worm as well as the network defender can dynamically manipulate the state of the nodes with respect to spread of the malware. We introduce the notion of saddle-point strategies as a reasonable expectation of how the game will be played as mutually optimal responses over the course of the diffusion. As in the optimal control case, we showed through an example how investigation of the necessary conditions that saddle-point strategies need to satisfy can be used to extract key structural properties of the solution, helping both in providing insight and in the computation of such strategies. Lesson 11.5
Malware Spreading and Propagation
Malware has been segregated in two categories: spreading and propagative. The presented frameworks cover either both or one type, but extensions to both cases are possible. Thus, when studying specific malware, it is important to first identify the correct type and then choose the most appropriate framework, while also taking into account the behavior required to model, e.g. churn, mobility, energy, and control.
Lesson 11.6
Malware Diffusion and Network Churn
Network churn is a process observed rather frequently in practical scenarios. The queuing framework presented inChapter 4can be effectively used to model malware diffusion in networks with churn. On the other hand, the MRF-based approach faces several convergence issues when the nodes of the network vary. The same holds for the game theory based framework, while the optimal control framework can be potentially extended to cover such cases. Thus, for networks with churn, the queuing approach seems to be currently the most suitable. However, one needs to carefully examine the churn type, since, e.g. the MRF approach may accommodate edge churn easily, and investigate whether a specific framework can cope with the specific features of churn needed to model. Lesson 11.7
Complexity and Resources
Computational and resource requirements can be decisive for the type of modeling approach to use. Among the four state-of-the-art frameworks presented, the MRF one is the less demanding of all from all perspectives, while the optimal control and game theory based can be rather demanding. In general, such aspects should be considered early when developing a malware modeling approach, since typically the scale of operation of malware in practice is very rapid and the framework one develops will need to take such scales into account.
Lesson 11.8
Mobility and Energy
Mobility and energy features are essential elements of wireless mobile networks. However, they are rather problematic in terms of modeling and analysis of their impact on network operations and malware diffusion. All four frameworks presented exhibit various difficulties and complications taking into account mobility or energy constraints, and thus more dedicated research is required toward this direction.
Lesson 11.9
Malware and Control
Malware diffusion and control is a topic extensively covered in this book. The optimal control, game theory, and queuing theory based approaches all are capable of addressing one form or another of control on the malware they model. The MRF framework can be also extended to do so. Thus, a very broad spectrum of control techniques is available. Consequently, researchers should take these into account, carefully analyze the objectives they want to attain, and select the control technique appropriately. Furthermore, the guidelines obtained in various parts of the book can be extrapolated and used for potentially developing more intelligent frameworks and studying new malware dynamics.
Lesson 11.10
Malware and Network Robustness
The presented frameworks allow comparing the robustness of the analyzed networks against malware by assessing the expected damage a specific parameterization of malware can cause. This was feasible for the queuing and MRF-based frameworks, but extending the two to different types of complex networks should also be viable. From the obtained results, it is thus possible to characterize the robustness of complex networks and take it into account in future studies. Thus, random networks have emerged as the most robust, followed by scale-free, which in turn are tightly followed by small-world. The random geometric (multihop) seems to have the worse performance, while regular is between small-world and random geometric.
Lesson 11.11
Malware and Connectivity
Among all the frameworks and models presented, a common emerging trend is that the average connectivity of a complex network is very critical for malware diffusion dynamics and their eventual outcome. It can essentially determine whether an epidemic will become pandemic, endemic, or die out completely, and thus should be always one of the employed assessment factors.
Lesson 11.12
Malware Modeling Frameworks and Flexibility
For each of the four frameworks presented inPart 2, various settings were employed and results were obtained. At the same time, several directions for further extending these frameworks, analytically or in terms of applications, have been identified. Among all, the MRF framework appears as the most flexible, requiring less effort to extend it mathematically and in applications. The rest require various simple or more complex modifications, or they can even face fundamental difficulties, e.g. ergodicity in the queuing-based approach. In terms of extending each framework, careful analysis of the malware features (spreading-propagation, homogeneity of mixing, infection-recovery processes, etc.) and network structure (topology type, churn, etc.) is needed to evaluate properly the modification that will be required to the corresponding framework, and its feasibility.