https://ebookmass.com/product/malware-diffusion-models-for-
Instant digital products (PDF, ePub, MOBI) ready for you
Download now and discover formats that fit your needs...
Deploying Wireless Sensor Networks. Theory and Practice 1st Edition Mustapha Reda Senouci
https://ebookmass.com/product/deploying-wireless-sensor-networkstheory-and-practice-1st-edition-mustapha-reda-senouci/
ebookmass.com
Hidden Semi-Markov models : theory, algorithms and applications 1st Edition Yu
https://ebookmass.com/product/hidden-semi-markov-models-theoryalgorithms-and-applications-1st-edition-yu/
ebookmass.com
Boolean Networks as Predictive Models of Emergent Biological Behaviors (Elements in the Structure and Dynamics of Complex Networks) Rozum
https://ebookmass.com/product/boolean-networks-as-predictive-modelsof-emergent-biological-behaviors-elements-in-the-structure-anddynamics-of-complex-networks-rozum/ ebookmass.com
Freedom of Speech and Expression: Its History, Its Value, Its Good Use, and Its Misuse Richard Sorabji
https://ebookmass.com/product/freedom-of-speech-and-expression-itshistory-its-value-its-good-use-and-its-misuse-richard-sorabji/ ebookmass.com
Maxi's Moment: An MM Age Play, Age Gap Romance (The Littles Of Cape Daddy Book 6) Zack Wish & Lana Kyle
https://ebookmass.com/product/maxis-moment-an-mm-age-play-age-gapromance-the-littles-of-cape-daddy-book-6-zack-wish-lana-kyle/
ebookmass.com
Outlaws Jen Calonita
https://ebookmass.com/product/outlaws-jen-calonita/
ebookmass.com
Penetration Tester's Open Source Toolkit 4th edition Edition Faircloth
https://ebookmass.com/product/penetration-testers-open-sourcetoolkit-4th-edition-edition-faircloth/
ebookmass.com
Database Systems: A Practical Approach to Design, Implementation, and Management 6th Edition Thomas M. Connolly
https://ebookmass.com/product/database-systems-a-practical-approachto-design-implementation-and-management-6th-edition-thomas-m-connolly/
ebookmass.com
A
History of East African Theatre, Volume 2 Palgrave
https://ebookmass.com/product/a-history-of-east-african-theatrevolume-2-palgrave/
ebookmass.com
Beautiful Unwanted Wildflower (Offspring Legends Book 2)
Hayley Faiman
https://ebookmass.com/product/beautiful-unwanted-wildflower-offspringlegends-book-2-hayley-faiman/
ebookmass.com
MalwareDiffusion ModelsforModern ComplexNetworks TheoryandApplications
MalwareDiffusion ModelsforModern ComplexNetworks TheoryandApplications
VasileiosKaryotis
M.H.R.Khouzani
AcquiringEditor: BrianRomer
EditorialProjectManager: AmyInvernizzi
ProjectManager: PriyaKumaraguruparan
Designer: MarkRogers
MorganKaufmann isanimprintofElsevier 50HampshireStreet,Cambridge,MA02139,USA
Copyright © 2016ElsevierInc.Allrightsreserved.
Nopartofthispublicationmaybereproducedortransmittedinanyformorbyanymeans,electronicor mechanical,includingphotocopying,recording,oranyinformationstorageandretrievalsystem,without permissioninwritingfromthepublisher.Detailsonhowtoseekpermission,furtherinformationabout thePublisher’spermissionspoliciesandourarrangementswithorganizationssuchastheCopyright ClearanceCenterandtheCopyrightLicensingAgency,canbefoundatourwebsite: www.elsevier.com/permissions
ThisbookandtheindividualcontributionscontainedinitareprotectedundercopyrightbythePublisher (otherthanasmaybenotedherein).
Notices
Knowledgeandbestpracticeinthisfieldareconstantlychanging.Asnewresearchandexperience broadenourunderstanding,changesinresearchmethodsorprofessionalpractices,maybecome necessary.
Practitionersandresearchersmustalwaysrelyontheirownexperienceandknowledgeinevaluatingand usinganyinformationormethodsdescribedherein.Inusingsuchinformationormethodstheyshouldbe mindfuloftheirownsafetyandthesafetyofothers,includingpartiesforwhomtheyhaveaprofessional responsibility.
Tothefullestextentofthelaw,neitherthePublishernortheauthors,contributors,oreditors,assumeany liabilityforanyinjuryand/ordamagetopersonsorpropertyasamatterofproductsliability,negligence orotherwise,orfromanyuseoroperationofanymethods,products,instructions,orideascontainedin thematerialherein.
LibraryofCongressCataloging-in-PublicationData
AcatalogrecordforthisbookisavailablefromtheLibraryofCongress
BritishLibraryCataloging-in-PublicationData
AcataloguerecordforthisbookisavailablefromtheBritishLibrary.
ISBN:978-0-12-802714-1
ForinformationonallMorganKaufmannpublications visitourwebsiteat www.mkp.com
CHAPTER4Queuing-basedMalwareDiffusionModeling
4.2.1BasicAssumptions ........................................
4.2.2MappingofMalwareDiffusiontoaQueuing Problem
4.4.1MalwareDiffusionModelsandNetworkChurn .....
4.4.2OpenQueuingNetworkTheoryforModeling MalwareSpreadinginComplexNetworkswith Churn .........................................................
4.4.3AnalysisofMalwarePropagationinNetworks withChurn...................................................
4.4.4DemonstrationofQueuingFrameworkfor MalwareSpreadinginComplexandWireless Networks
CHAPTER5Malware-PropagativeMarkovRandomFields
5.2 MarkovRandomFieldsBackground
5.2.1MarkovRandomFields .................................
5.2.2GibbsDistributionandRelationtoMRFs..........
5.2.3GibbsSamplingandSimulatedAnnealing ........
5.3 MalwareDiffusionModelingBasedonMRFs
5.4 RegularNetworks ..................................................
5.4.1ChainNetworks ..........................................
5.4.2RegularLattices:FiniteandInfiniteGrids
5.5 ComplexNetworkswithStochasticTopologies
5.5.1RandomNetworks .......................................
5.5.2Small-worldNetworks ..................................
5.5.3Scale-freeNetworks
5.5.4RandomGeometricNetworks .........................
5.5.5ComparisonofMalwareDiffusioninComplex Topologies .................................................
9.1.5RobustnessAnalysisforWirelessMultihop Networks ................................................... 187
9.1.6Conclusions ............................................... 191
9.2 DynamicsofInformationDissemination...................... 192
9.2.1IntroductiontoInformationDissemination ........ 192
9.2.2PreviousWorksonInformationDissemination.... 195
9.2.3Epidemic-basedModelingFrameworkforIDDin WirelessComplexCommunicationNetworks...... 196
9.2.4WirelessComplexNetworksAnalyzedand AssessmentMetrics ..................................... 198
9.2.5Useful-informationDisseminationEpidemic Modeling ................................................... 201
9.3 Malicious-informationPropagationModeling ............... 209
9.3.1SISClosedQueuingNetworkModel ................ 210
CHAPTER10TheRoadAhead
Introduction .........................................................
10.5 OpenProblemsforApplicationsofMalwareDiffusion ModelingFrameworks .............................................
PART 4APPENDICES
APPENDIXASystemsofOrdinaryDifferentialEquations
A.1 InitialDefinitions
A.2 First-orderDifferentialEquations
A.3 ExistenceandUniquenessofaSolution
A.4 LinearOrdinaryDifferentialEquations
A.5 Stability
APPENDIXBElementsofQueuingTheoryandQueuingNetworks
B.1 Introduction .........................................................
B.2 BasicQueuingSystems,Notation,andLittle’sLaw ....... 235
B.2.1ElementsofaQueuingSystem....................... 236
B.2.2FundamentalNotationandQuantitiesofInterest 237
B.2.3RelationBetweenArrival-DepartureProcesses andLittle’sLaw .......................................... 238
B.3 MarkovianSystemsinEquilibrium.............................
B.3.1Discrete-timeMarkovChains
B.3.2Continuous-timeMarkovProcesses
B.3.3Birth-and-DeathProcesses ............................
B.3.4The M/M/1 QueuingSystem
B.3.5The M/M/m SystemandOtherMultiserver QueuingSystems
B.4
B.5
B.6
B.6.1AnalyticalSolutionofTwo-queueClosed
C.1 BasicDefinitions,StateEquationRepresentations,and BasicTypesofOptimalControlProblems
C.2 CalculusofVariations .............................................
C.3 FindingTrajectoriesthatMinimizePerformance
C.3.1FunctionalsofaSingleFunction
C.3.2FunctionalsofSeveralIndependentFunctions...
C.3.3Piecewise-smoothExtremals..........................
C.3.4ConstrainedExtrema
C.4 VariationalApproachforOptimalControlProblems
C.4.1NecessaryConditionsforOptimalControl
C.4.2Pontryagin’sMinimumPrinciple
C.4.3Minimum-timeProblems
C.4.4MinimumControl-effortProblems
C.4.5SingularIntervalsinOptimalControlProblems
C.5 NumericalDeterminationofOptimalTrajectories
C.5.1SteepestDescent
C.5.2VariationofExtremals
C.5.3Quasilinearization........................................
C.5.4GradientProjection......................................
C.6 RelationshipBetweenDynamicProgramming(DP)and MinimumPrinciple ................................................
Preface
Malicioussoftware(malware)hasbecomeaseriousconcernforalltypesofcommunicationsnetworksandtheirusers,fromthelaymentothemoreexperiencedadministrators.Theproliferationofsophisticatedportabledevices,especiallysmartphones andtablets,andtheirincreasedcapabilities,havepropelledtheintensityofmalware disseminationandincreaseditsconsequencesinsociallifeandtheglobaleconomy. Thisbookisconcernedwiththetheoreticalaspectsofsuchmalwaredissemination, genericallydenotedas malwarediffusion,andpresentsmodelingapproachesthat describethebehavioranddynamicsofmalwarediffusioninvarioustypesofcomplex communicationsnetworksandespeciallywirelessones.
Themainobjectiveofthisbookistoclassifyandpresentinadequatedetailand analysis,familiesofstate-of-the-artmathematicalmethodologiesthatcanbeusedfor modelinggenericallymalwarediffusion,especiallyinwirelesscomplexnetworks. However,withminorandstraightforwardadaptations,thesetechniquescanbefurther extendedandappliedinothertypesofcomplexnetworksaswell.
Inaddition,thebookcoversholisticallythemathematicalmodelingofmalware diffusion,startingfromtheearlyemergenceofsuchattempts,uptothelatest, advancedandcross-disciplinebasedframeworksthatcombinediverseanalytictools. Startingfromthebasicepidemicsmodelsthatarebasedonsystemsofordinary differentialequations,thecontentproceedstomoreexoticanalytictoolsfoundedon queuingsystemstheory,MarkovRandomFields,optimalcontrolandgametheoretic formulations,respectively.Numericalandsimulationresultsareprovided,inorderto validateeachframeworkanddemonstrateitspotentials,alongwithsystembehavior studies.Thebookalsoprovidesasummaryoftherequiredmathematicalbackground, whichcanbeusefulforthenovicereader.Furthermore,itprovidesguidelines anddirectionsforextendingthecorrespondingapproachesinotherapplication domains,demonstratingsuchpossibilitybyusingapplicationmodelsininformation disseminationscenarios.
Consequently,thisbookaspirestostimulateinter-disciplinaryresearchand analysisinthebroaderareaofmodelinginformationdiffusionincomplexnetworking environments.Itmainlyfocusesonthediffusionofmaliciousinformation(software) overwirelesscomplexnetworks,however,aswillbecomeevident,mostoftheresults canbeeasilyextendedandadaptedforothertypesofnetworksandapplication domains.
IntendedAudience
Thecontentofthisbookispresentedinafashionaimingmainlyatfirstyeargraduateaudiences,postdoctoralresearchers,professorsandthemoreexperienced/interestedprofessionalengineersthatareinvolvedincomputersecurity researchanddevelopment.Mostofthemareassumedalreadyfamiliarwiththe practicaltopicsincludedinthebroaderresearchareaandthebookprovidesforthem asolidquantitativebackgroundontheavailablemathematicalmalwaremodeling
approachesinamoresystematicmannerthantheworksavailablenowadays(essentiallyscatteredjournal/conferencepapersandsurveys),i.e.withformaldefinitions, referencestothemathematicalmethodsandanalysisoftheadvancedtechniques. Thetextpresentsandanalyzesthelatestmathematicaltoolsthatcanbeofusein theresearchanddevelopmentactivitiesoftheaboveaudiences.However,despite itssemi-advancednature,studentsintheirlastundergraduateyearcanalsobenefit fromsuchaspecializedtreatmentandinvolvedmethodologies,byobtainingasolid backgroundofthecorrespondingarea.
Thebookfocusesonthemathematicalmodelingofmalwarediffusiondynamics, andassuch,somefamiliarityonbasicmathematicaltechniques,suchasprobability theory,queuingtheory,ordinarydifferentialequations,optimalcontrolandgame theoryisneeded.Therequiredquantitativelevelwillbenohigherthanthatofthefirst graduateyear.Consequently,thebookisidealforgraduatestudentsatthebeginning oftheirprograms,bothforcourseworklevel(graduatetextbook)andasacompanion intheirownresearchendeavors.Basicelementsoftherequiredmathematicaltools arepresentedinthethreeappendices,providingquickbackgroundreferenceforthose notfamiliarwiththecorrespondingfields.
Themaindisciplineforwhichthisbookwasdevelopedforiscomputerscience andsystemengineering.Ithasbeenspecificallywrittenforthoseinvolvedin computerandsystemsecurity.Academicsfromthesefieldscanusethebookintheir researchandgraduateclassrooms.Thematerialprovidedoffersacompletesetof existingstate-of-theartmethodologiesaccompaniedbyanextensivebibliography andapplicationexamples.Itprovidesacoherentperspectiveoftheareaofmalware diffusionandsecurity,andguidelinesfordevelopingandbroadeningone’sknowledgeandresearchskillsinthecorrespondingareas.
Regardingtheapplicationcontentofthebook,themainaudienceisexpectedto bescientistsandengineersactiveinthefieldofcommunications/computernetworks, namelythebroadercommunityofcomputerscientistsandelectricalengineers,and morespecifically,computerandsystemssecurityareexpectedtoformthemain audience.However,atthesametime,anumberofresearchersandprofessionals workinginotherdisciplinesthatstudyproblemssharingseveralcharacteristicswith theproblemsemerginginmalwarediffusioncanbealsoaccommodatedbythe contentsofthebook,atleastpartially.NetworkScienceisthemostprominent suchareathathasalreadybroughttogetherdisciplinesasdiverseassociology, biology,finance,computerscienceandelectricalengineering,inordertojointlystudy problemsandsharemethodsandresults.Malwarediffusionmaybeconsideredina moregenericfashionasinformationdiffusionandprofessionalsfromalltheaforementioneddisciplinesstudyinginformationdisseminationproblemsareexpected tohavepotentialinterest.Thegenericformofthepresentationandespeciallythe applicationsofthepresentedtechniquesintopracticalanddiverseproblems,such asinformationdisseminationdynamicsissuitablefordiverseprofessionalsassocial scientists,epidemiologistsandmarketingprofessionals,aswell.
Consequently,thelevelofthebookaccommodatespracticallyalllevelsof expertise,withmoreemphasisontheintermediatetoadvanced.Theapplicationsare
relevantmainlytoengineersandscientistsinthefieldofcommunicationsandcomputerscience,butalsorelevanttointer-disciplinaryscientistsandprofessionalsfrom theinformation-relateddisciplinesandNetworkScience.Thebookhasattemptedto balancebothdepth(technicallevel)andbreadth(applicationdomains)oftheincluded methodologies,originallypresentedformalwarediffusion.
ScopeandOutlineoftheBook
Scope
Thetopicsaddressedregardingmalwarediffusion,aretreatedinthisbookfrom aninter-disciplinaryNetworkScienceperspective,andarecurrentlyrapidlyevolving atratesthatotherresearchareashavebeenenjoyingformanyyearsnow.Within suchframework,somefieldsofNetworkSciencehavealreadybeenwell-shapedand advancedtoadesireddegree,e.g.socialnetworkanalysis(SNA)[125, 164],while othersstillconsistoffragmentedcontributionsandscatteredresults.
Malwarediffusionincomputernetworksingeneral,andwirelessonesinparticular,qualifiesasoneofthelatterfields.Untilrecently,mostoftheproposedapproaches formodelingthedynamicsofmalicioussoftwaredisseminationfollowedmoreorless thesamepracticesandtheywereessentiallybasedonsomerestrictiveassumptions. Mostofthemrequiredthediffusionprocesstotakeplacefirst,inordertolater develop/fitaccuratemodelsbasedontheobserveddataafterwards,lackingpredictive powerforgenericanticipatedattacks.Thus,itwasnotpossibletoholisticallycapture thebehaviorofdynamicsandpredicttheoutcomesofattacksbeforetheyactually takeplace.
However,inthelastdecade,severaladvancedmodelingmethodologieswere presented,whicharecapableofdescribingmoreaccuratelymalicioussoftware diffusionoverdiversetypesofnetworks,andmoreintelligentattackstrategies aswell.Genericmodelshavebeenpresented,andwhennecessarytheycanbe adaptedtodescribeaccuratelytheobservedbehaviorsinothertypesofnetworks. Suchapproachesutilizedifferentmathematicaltoolsfortheirpurposesandcapture properlythemostimportantaspectsofmalicioussoftwarediffusiondynamics.
Still,theliteratureismissingasystematicclassification,presentationandanalysis ofalltheseadvancedmethodologiesandobtainedresults,inamannercompatibleto thebroaderscopeofthedisciplineofNetworkScienceandwithreferencetokey legacyapproachesaswell.Thisbookaspirestofillthisgap,bymethodicallypresentingthetopicofmalwarediffusionincomplexcommunicationsnetworks.More specifically,thebookwillfocusonmalwarediffusionmodelingtechniquesespecially designedforwirelesscomplexnetworks.Howeverthepresentedmethodologiesare applicableforothertypesofcomplexcommunicationsandsocialnetworksandthe wirelessnetworkparadigmwillbeemployedmainlyfordemonstrationpurposes.The mathematicalmethodologiesthatwillbepresented,duetotheirgenericanalytical naturecanbeeasilyadaptedandusedinothertypesofcomplexnetworks,even non-technologicalones.Thus,thebookwillnotonlypresentandanalyzemalicious
softwaremodelingmethodsforwirelesscomplexnetworks,butalsodemonstrate howthesemethodscanbeextendedandappliedinothersettingsaswell,e.g. genericinformationdisseminationovercomplexnetworksofanytypesuchashuman, financial,etc.
Inshort,thisbookaspirestobecomeacornerstoneforasystematicorganizationandmathematicalmodelingofmalicioussoftwareandinformationdiffusion modelingwithinthebroaderframeworkofNetworkScienceandcomplexnetworks. Furthermore,itaspirestoprovidelong-termreferencetotherequiredbackgroundfor studyingin-depthandextendingthecorrespondingfieldofresearch.
Outline
Thisbookisorganizedinthreemainpartsandasetofauxiliaryappendices withrespecttothecoremathematicalareasrequiredinordertounderstandthemain contentsofthebook.Theintroductory Part1 consistsof Chapters1–3,andconstitutes athoroughintroductiontothegeneralmalwarediffusionmodelingframeworkwe considerinthisbook. Part2,whichincludes Chapters4–8,presentsstate-of-theartmalwarediffusionmodelingmathematicalmethodologiesandcorrespondsto themainanduniquecontributionofthisbookintheliterature.Itpresents,while alsoexplainingindetail,malwarediffusionmodelingmathematicalmethodologies utilizingalternative,yetpowerfulanalyticaltools. Part3 summarizesthekeypoints ofthepresentedmethodologiesandpresentsdirectionsforpotentialfutureresearch. Italsosetsthepresentedtheoreticalknowledgeintoabroaderapplicationperspective, whichcanbeexploitedinotherdisciplinesaswell.Finally,theappendicescontain brief,butcompletereviewsofthebasicmathematicaltoolsemployedinthisbook, namelyelementsofordinarydifferentialequations,elementsofqueuingtheoryand elementsofoptimalcontroltheory,whichcanbeveryhelpfulforthenon-familiar reader,inordertoquicklyobtainasolidunderstandingofthemathematicaltools requiredtounderstandthepresentedmodelsandapproaches.
Inmoredetail, Chapter1 servesasaconciseintroductiontothetopicsaddressed inthebook,introducingcomplexcommunicationnetworks,malwarediffusion,as wellassomehistoricalelementsoftheevolutionofnetworksandmalware.
Chapter2 definesthemalwarediffusionproblem,alongwiththenodeinfection modelsthatemergeintheliterature.Italsocollectsandpresentscharacteristic examplesofcomputernetworkattackswhichareofinterestinthestudyofmalware diffusionintheframeworkofthebook.
Chapter3 providesaconcisepresentationandquickreferenceanalysisofthe malwaremodelingmethods,withrespecttotheemergingincidentsintheearly daysofmodelingmalicioussoftwarepropagationdynamicsandbyfocusingonthe wirelessscenarios.Thecontentofthischapterwillserveasbackgroundforsomeof thestate-of-the-artapproachespresentedlaterin Part2.
Thefollowingchaptersin Part2 presentadvancedmalwaremodelingtechniques, eachdedicatedtoafamilyofapproachesdistinguishedbytherestaccordingtothe employedmathematicaltools.Thus,thefirstchapterof Part2,namely Chapter4,
presentsapproachesmodelingmalwarediffusionbymeansofqueuingtheory,and especiallyqueuingnetworks.Thebasicideaisthatthetimespentbyeachnodein astateofaninfectionmodel1 canbemappedtothewaitingtimeofacustomerina purequeuingsystem.Duetothesuperpositionofnodebehaviorsinanetwork,the correspondingqueuingsystemwillbeanetworkofqueuesformodelingthebehavior ofmalwareoverthenetwork.
Chapter5 initsturnpresentsandanalyzesmalwaremodelingapproachesthat exploitthenotionofMarkovRandomFields(MRFs).MRFsaresetsofrandom variablesthatcancumulativelydescribetheoverallstateofasystem,whereinthis case,thesystemisanattackednetwork.ByexploitingseveralpropertiesofMRFs, itispossibletoobtainsolutionsinasimplemanner,withoutsacrificingimportant detail,fordiversetypesofcomplexnetworks.
Chapter6 coversmalwaremodelingapproachesthatarebasedonstochastic epidemicsandoptimalcontrol.Suchapproachesallowanalyzingtherobustness potentialsofnetworksandattacksandobtainoptimalorsemi-optimalpoliciesfor dealingwithattacksandtheiroutcomes.
Chapter7 buildsonthepreviousandpresents,analyzesanddemonstrates malwaremodelingapproachesthatexploitprinciplesfromgametheorytomodel epidemics.Itcaststheproblemsinaninteractiveframeworkandcombinesthemwith optimalcontrolstrategies.
Finally, Chapter8 providesaqualitativecomparisonofallthepreviously(Chapters4–7)presentedapproacheswiththeulteriorgoaltorevealthedistinctfeaturesof eachapproachinacomparativefashion,allowingselectingthemostappropriateone fordifferentapplications.
In Part3, Chapter9 presentsotherapplicationareaswherethepresentedmodels maybeappliedsuccessfully,thus,exhibitingtheirpotentialforcreatingmoreholistic informationdiffusionframeworks. Chapter10 summarizesthelessonslearned, explainsthegroundcovereduntilnowandprovidespotentialdirectionsforfuture workinthespecifictopicofmalwarediffusionmodelingandthebroadervisionof informationdiffusion.Finally, Chapter11 concludesthisbook,highlightingthemost importantaspectsofmalwarediffusion,inparticular,andinformationdissemination ingeneral.
AppendixA providesbackgroundondifferentialequations, AppendixB onqueuingsystemstheory,and AppendixC onoptimalcontroltheoryandHamiltonians,for theinterestedreaders.
1Theinfectionmodelwillbeexplainedin Chapter2 anditdescribeshownodesofanetworkchangestates withrespecttomalwareandtheirownbehavior.
ListofFigures
Fig.1.1Simplearchitecturemodelofacellularnetworkandterminologyemployed (cell,terminal,basestation,coveragearea). 10
Fig.1.2Networkformationtradeoff:costversusbenefitofcollaboration.Forthe networktradeoff,thetotalcostandtotalgain,summedoverallentitiesare considered. 17
Fig.2.1Examplesofnodeinfectionmodelsofinterest. 38
Fig.3.1Simpleepidemicmodel:SIinfectionparadigmforeachmemberofthe population.
42
Fig.3.2Simpleepidemicmodel:Percentageofinfectedhostsasatimefunction. 43
Fig.3.3Kermack-McKendrick:Underlyinginfectionmodel. 44
Fig.3.4Statetransitionsinthetwo-factorspreadingmodel. 47
Fig.3.5Two-factormodel:numbersofinfectedandremovedhosts. 49
Fig.3.6Generalepidemicsinfectionmodel—statetransitiondiagram. 56
Fig.4.1Mappingofmalwarediffusionproblemtothebehaviorofaqueuingsystem. Theshadednodesaresusceptiblelegitimateneighborsofnode i.Thecolored nodesareeithermaliciousnodesorlegitimatealreadyinfectedneighborsof i.Node i isconsideredsusceptibleatthemoment. 66
Fig.4.2ClosedqueuingsystemsmodelingmalwarediffusionoverawirelessSIS network. 68
Fig.4.3TheNortonequivalentmodelformalwarepropagationincommunications networks.Thefigureshowstheinstancewhere k nodesarecurrentlyinfected. 70
Fig.4.4Statediagramfortheanalysisofthetwo-queueclosednetworkandfor obtainingtheexpressionofthesteady-statedistribution. 73
Fig.4.5Probabilityofnoinfectednodes πI (0). 77
Fig.4.6Probabilityofallnodesinfected πI ( N ) 77
Fig.4.7Averagenumberofinfectednodes E [L I ] versus λ/µ. 78
Fig.4.8Averagenumberofinfectednodes E [L I ] versuslegitimate N andmalicious M nodes. 79
Fig.4.9Averagethroughputofnoninfectedqueue E [γS ] versuslegitimate N and malicious M nodes. 80
Fig.4.10Averagethroughputofnoninfectedqueue E [γS ] versusinfection λ and recovery µ rate. 81
Fig.4.11Nortonequivalentoftheclosedqueuingnetworkmodelforapropagative system.Comparedto Fig.4.3,thereisadifferenceintheinfectionratedue totheimpactofattacker. 82
Fig.4.12Probabilityofzeronodesinfected πI (0) (accurate-approximated). 85
Fig.4.13Probabilityofallnodesinfected πI ( N ) versus λ/µ 86
Fig.4.14Probabilityofallnodesinfected πI ( N ) versus R. 87
Fig.4.15Averagenumberofinfectednodes E [L I ] versus λ/µ 88
Fig.4.16Averagenumberofinfectednodes E [L I ] versus R 89
Fig.4.17Averagenumberofinfectednodes E [L I ] versus N . 90
Fig.4.18Averagethroughputofthenoninfectedqueue E [γS ] versus λ. 91
Fig.4.19Averagethroughputofthenoninfectedqueue E [γS ] versus R 92
Fig.4.20Averagethroughputofthenoninfectedqueue E [γS ] versus N 93
Fig.4.21State-transitiondiagramforlegitimatenodesinanetworkwithchurn. 95
Fig.4.22Queuingmodelsformalwarespreadinginnetworkswithchurn. 97
Fig.4.23Percentageofsusceptibleandinfectednodesversusnetworkinfection/recoverystrengthandcomparisonwithnetworkswithnochurnfor complexnetworks. 102
Fig.4.24Expectedpercentageofsusceptible,infected,andrecoveringnodesversus infection/recoverystrength(simulation)forcomplexnetworkswith400and 800initialnodes. 103
Fig.4.25Percentagesofsusceptibleandinfectednodesasafunctionofinfectionto recoverystrength(numerical)forwirelessdistributed(multihop)networks. 104
Fig.4.26Expectednumberofnodesineachstateofawirelessdistributed(multihop) networkwithrespecttonetworkdensity. 105
Fig.4.27Expectednumberofnodesineachstateofawirelessdistributed(multihop) networkwithrespecttoinfection/recoveryrates. 106
Fig.4.28Expectedpercentagevariationofthetotalnumberofnodeswithrespect tonodedensityandinfection/recoverystrengthforwirelessdistributed (multihop)networks. 106
Fig.5.1RandomField(RF)terminologyoverarandomnetworkof n + 1sitesand threephases. 109
Fig.5.2Examplesofcomplexnetworktopologiesofinterest. 116
Fig.5.3Examplesofneighborhoodforthedarklyblueshaded(blackinprint versions)node(site) s intopologiesofinterest. 118
Fig.5.4SISmalware-propagativechainnetworkandMRFnotation. 119
Fig.5.5Steady-statesystemdistributionsfor T / J = 0.2. 123
Fig.5.6Expectednumberofinfectednodes. 124
Fig.5.7LatticenetworkandMRFmalwarediffusionmodelnotation. 126
Fig.5.8ERrandomnetworksandmalwaremodelingMRFs. 130
Fig.5.9MRFmalwarediffusionmodelingforWSSWnetworks. 131
Fig.5.10MRFmalwarediffusionmodelingforSFnetworks. 132
Fig.5.11MRFmalwarediffusionmodelingforrandomgeometric(multihop)networks. 133
Fig.5.12Scalingofpercentageofinfectednodeswithrespecttonetworkdensity:the sparsenetworkregime. 135
Fig.5.13Scalingofpercentageofinfectednodeswithrespecttonetworkdensity:the moderate-densityregime. 135
Fig.5.14Scalingofpercentageofinfectednodeswithrespecttonetworkdensity:the densenetworkregime. 136
Fig.6.1Transitions: S, I, R, D,respectively,representfractionofthesusceptible, infective,recovered,anddead. ν(t ) isthedynamiccontrolparameterofthe malware. 144
Fig.6.2Evaluationoftheoptimalcontrollerandthecorrespondingstatesasfunctions oftime.Theparametersaretimehorizon: T = 10,initialinfectionfraction: I0 = 0 1,contactrate: β = 0 9,instantaneousrewardrateofinfectionforthe malware: f (I ) = 0 1I,rewardpereachkillednode: κ = 1.Also,wehave taken Q(S, I ) ≡ 0.2,and B(S, I ) ≡ 0intheleftand B(S, I ) ≡ 0.2intheright figures.Thatis,intheleftfigure,patchescanonlyimmunizethesusceptible nodesbutintherightfigure,thesamepatchcansuccessfullyremovethe infection,ifany,andimmunizethenodeagainstfutureinfection.Wecansee thatwhenpatchingcanrecovertheinfectivenodestoo(rightfigure),then themalwarestartsthekillingphaseearlier.Thismakessenseasdeferringthe killinginthehopeoffindinganewsusceptibleisnowmuchriskier. 149
Fig.6.3Thejump(up)pointofoptimal ν,i.e.thestartingtimeoftheslaughterperiod, fordifferentvaluesofthepatchingandrates.Forbothcurves,wehavetaken therecoveryrateofthesusceptiblenodes,i.e. Q(S, I ) as γ,andtherecovery rateoftheinfectivenodes,i.e. B(S, I ),onceaszeroandonceasthesameas Q(S, I ) where γ isvariedfrom0 02to0 7withstepsof0 02.Therestofthe parametersare f (I ) = 0.1I, κ = 1, T = 10, β = 0.9,and I0 = 0.1.Notethat when B(S, I ) ≡ γ,thenfor γ ≥ 0.6,themalwarestartskillingtheinfective nodesfromtimezero. 150
Fig.7.1Statetransitions. uNi (t ) and uNr (t ) arethecontrolparametersofthenetwork while uM (t ) isthecontrolparameterofthemalware. 159
Fig.7.2Stateevolutionandsaddle-pointstrategies.Theparametersofthegameare asfollows: κ I = 10,κ D = 13,κu = 10,κr = 5, KI = KD = 0, β2 = β1 = β0 = 4 47,π = 1,andinitialfractions I0 = 0 15, R0 = 0 1, D0 = 0, and T = 4. 167
Fig.9.1Methodologyforstudyingoptimalattacks. 183
Fig.9.2Zero-levelcontoursof g( x1, x2 ). 187
Fig.9.3Optimal E [L I ] versus λ/µ 188
Fig.9.4Optimal E [L I ] versus N 189
Fig.9.5Optimal E [γS ] versus(λ,µ). 190
Fig.9.6Optimal E [γS ] versus N . 191
Fig.9.7Contemporarywirelesscomplexcommunicationnetworkarchitecturedepictingalltheconsideredandconvergedtypesofnetworks,including interconnectionstowiredbackhauls. 194
Fig.9.8IDDinregularlattice(HoMPC; pw = 0),ER(HoMEC; pw = 1),SF (HeMUC),andSW(HoMUC)networksfordifferent pw withmeandegree equalto10, λ = 0.01,and N = 2500. 203
Fig.9.9IDDindynamicMANETwith R = 2m, λ = 1,and k = 2.51, 1.26, 0.63,and 0.13,respectively. 206
Fig.9.10TheIDDinwirelesscomplexnetworks(cyber-physicalsystems)consisting ofbothlong-rangeandbroadcastdisseminationpatterns. 208
Fig.9.11IDDinhybrid(HoMECandHoMPC)complexnetworksofpropagating informationinbothdelocalizedandbroadcastfashions,where ke = 6, kb = 3,and λ = 0.05. 209
Fig.9.12Averagenumberofinfectedusersofthelegitimatenetwork E [L I ] asa functionof λ/µ 212
Fig.9.13Averagenumberofinfectednodes E [L I ] asafunctionof N (numerical result). 213
Fig.B.1Agenericindependentqueuingsystem. 236
Fig.B.2Graphicalpresentationoftherelationbetweenthearrival-departurecounting processesandvisualexplanationofLittle’slaw. 239
Fig.B.3Statediagramforthebirth-deathprocess. 243
Fig.B.4Twoqueuesintandem. 249
Fig.B.5Asimpletwo-queueclosednetwork. 251
Fig.B.6Statediagramofatwo-queueclosedqueuingnetworkwithstate-dependent servicerates. 253
Fig.C.1Analogybetweenfunctions,functionals,andextremevalues. 260
ListofTables
Table1.1ExamplesofComplexNetworkClassesBasedontheOriginoftheirFormation 19
Table1.2ComplexNetworkClassificationBasedonTopologyStructure 20
Table2.1MalwareDiffusionCategoriesandtheirCoverageinthisBook.Symbols‘+, -,*’MeantheCorrespondingCategoryisAddressed,NotAddressed,Only TouchedUponintheBook,Respectively 30
Table2.2ANon-exhaustiveClassificationofMalwareTypeswithExamples
Table2.3MappingofMalwareThreatstoMalwareAttackTypes
Table2.4LegitimateNodeStatesintheConsideredNodeInfectionModelsandtheir Interpretation
Table2.5ClassificationofNodeInfectionModels
Table8.1QualitativeComparisonofState-of-the-ArtMalwareModelingFrameworks 177
Table9.1TypesofDiffusingInformationandtheirFeatures
Table9.2ComplexNetworkClassification
TableB.1Arrival-ServiceDisciplineCharacterizationinKendallNotation
Fundamentalsof complex communications networks
1.1 INTRODUCTIONTOCOMMUNICATIONS NETWORKSANDMALICIOUSSOFTWARE
Incomplexnetworks[7, 164, 165]andthebroaderareaofNetworkScience1 [125, 155],modernanalysismethodologiesdevelopedlatelyhaveidentifiedmultiple anddiversetypesofinteractionsbetweenandamongpeerentities.Suchinteractions regardinghumans,computerdevices,cells,animals,andingeneral,whateverone mightthinkof,varyintheirdegreeofcriticality.Peerinteractionshavebeenholisticallymodeledbyvariousresearchdisciplines,e.g.inengineering,socialsciences, biology,andfinancialsciencesandlatelysystematicallywithintheframeworkof NetworkScience,asdifferenttypesofnetworkstructures,i.e.communications, social,biological,andfinancialnetworks.Thesenetworkstructuresbeardistinct andcharacteristicpropertiesofbroaderinterestforscienceanddailyhumanlives. Thekeyfeatureacrossallsuchdifferentnetworksistheflowofinformation,which typicallytakesplacespontaneously,e.g.inbiologicaltypesofnetworks,orinspecific casesinanon-demandmanner,e.g.incommunicationsnetworks.Theinformation disseminationprocessesovernetworksareusuallycontrolled,andtypicallytheyare ofusefulnatureforallpeersparticipatinginthecorrespondingnetwork.However, frequently,andespeciallyintheprospectofpotentialfinancialbenefit,information disseminationovernetworkscantakeamaliciousform,eitherfortheentitiesofthe networkindividuallyorthewholenetworkcumulatively.
Inordertoexplainthelatterbetter,nowadays,itisoftenobservedthatthe disseminatedinformationcanbeharmful,oritcouldbecontrolledbymalicious peers,notthelegitimateinformationowners/producers/consumers.Especiallyin communicationnetworks,usersexperiencealmostonadailybasisseveraltypesof malicioussoftware(malware),usuallysufferingpersonal,industrial,and/orfinancial consequences.Similarly,inbiologicalnetworks,virusescanbetransferringmalicious signalsthroughvariousbloodcellsornervenetworksofalivingorganism,leading eventuallytodiseaseswithsometimeslethalconsequences,e.g.extremecasesof thefluvirusandmalaria.Also,thisisespeciallyevidentinclassiccasesofvirus
1BothconceptsofNetworkScienceandcomplexnetworkswillbeexplainedindetaillaterinthischapter.
spreadingbetweenhumans,fromthesimplestseasonalfluscenariostothemore seriousscenariosof,e.g.HIVandmalaria.[87, 99, 160].
Especiallyforbiologicalnetworks,theirrobustnessagainsttheaforementioned threatsisverycriticalforsustainingallformsoflife,whileforscience,suchafeature isveryfascinatingwithrespecttothesustainabilitythatthesenetworksexhibit tothevariousformsofthreatsthroughoutsomanyyearsofevolutionandvirus spreads.Similarly,thestudyandanalysisofmalwarebehaviorincommunication networksareratherimportantformaintainingthecoherencyofmoderninformationbasedsocietiesandtheefficiencyoftheunderlyingnetworkinginfrastructures.The mostfrequentconsequencesofsuchmalwareinfectionsrendercomputerhostsat leastdysfunctional,thuspreventingtheexecutionofroutineorimportanttasks, whileinmoreserioussituations,theincurredcostmaybemuchhigheranddiverse. Frequently,thetargetsofmaliciousattacksarepublicutilitynetworks,e.g.waterand electricitygrids,orsocialnetworks,e.g.socialnetwork(facebook,twitter,instagram, linkedin,etc.)accountsandemailaccounts.Foralltheseexamples,theunderlying computer/communicationsnetworkoperationsareimplicitlyorexplicitlytargetedby themaliciousattacks.
Motivatedbytheaforementionedobservations,themainobjectiveofthisbookis topresent,classify,analyze,andcomparethestate-of-the-artmethodsformodeling malwarediffusionincomplexcommunicationsnetworksandespeciallywireless ones.Theterm malwarediffusion cumulativelyreferstoalltypesofmalicious softwaredisseminatinginvarioustypesofnetworksandcouldalsobeextended tocharacterizecumulativelyalltypesofmaliciousinformationdisseminationin complexnetworks,aswillbeexplainedinthefollowingsection.Ontheother hand,theterm complexnetwork characterizesgenericallythepotentialstructure thatanetworkmighthaveandinthisbookwewillpresentandanalyzemodeling frameworksformalwarediffusionthatareapplicabletomultipletypesofdiverse networkstructures.Thus,allofthepresentedapproachescouldbeusedtomodel malwareorinformationdisseminationinmultipleanddiversetypesofnetworks,e.g. communications,social,andbiological.
Themainfocusandapplicationdomainofthebookwillbefocusedonwireless complexnetworks,atermwhichincludesalltypesofwirelessnetworkscumulatively. Wirelesscomplexnetworkscanbecharacterizedbythepresenceorabsenceofcentral infrastructure,e.g.cellular[168], adhoc [39],sensor,mesh,andvehicularnetworks [5],inmostofwhichnodesoperateinapeerfashion,actingasbothroutersandrelays [5].Thepresentedmethodologiesarealsoapplicabletonetworkswithcentralized organization,e.g.wiredtypesofnetworktopologies,viastraightforwardextension ofthecorrespondingapproachesinvolvingdistributednetworkoperations.Similarly tothescopeofthisbook,forthesetypesofnetworks,ratherdiversemodeling approacheshaveemergedlatelyaimingatmodelingmalwarediffusionspeciallyin wirelessdecentralizednetworks.Suchapproachesyieldsimilarresultswithrespectto thetrendsofmalwarediffusiondynamics,butmorerestrictedintermsofgenerality orcontrolpotentialcomparedtotheresultsprovidedbytheapproachesthatwillbe describedinthisbook.
