The SIC botnet lifecycle model: A step beyond traditional epidemiological models
نویسندگان
چکیده
Botnets, overlay networks built by cyber criminals from numerous compromised network-accessible devices, have become a pressing security concern in the Internet world. Availability of accurate mathematical models of population size evolution enables security experts to plan ahead and deploy adequate resources when responding to a growing threat of an emerging botnet. In this paper, we introduce the Susceptible-Infected-Connected (SIC) botnet model. Prior botnet models are largely the same as the models for the spread of malware among computers and disease among humans. The SIC model possesses some key improvements over earlier models: (1) keeping track of only key node stages (Infected and Connected), hence being applicable to a larger set of botnets; and (2) being a Continuous-Time Markov Chain-based model, it takes into account the stochastic nature of population size evolution. The SIC model helps the security experts with the following two key analyses: (1) estimation of the global botnet size during its initial appearance based on local measurements; and (2) comparison of botnet mitigation strategies such as disinfection of nodes and attacks on botnet’s Command and Control (C&C) structure. The analysis of the mitigation strategies has been strengthened by the development of an analytical link between the SIC model and the P2P botnet mitigation strategies. Specifically, one can analyze how a random sybil attack on a botnet can be fine-tuned based on the insight drawn from the use of the SIC model. We also show that derived results may be used to model the sudden growth and size fluctuations of real-world botnets.
منابع مشابه
BotOnus: an online unsupervised method for Botnet detection
Botnets are recognized as one of the most dangerous threats to the Internet infrastructure. They are used for malicious activities such as launching distributed denial of service attacks, sending spam, and leaking personal information. Existing botnet detection methods produce a number of good ideas, but they are far from complete yet, since most of them cannot detect botnets in an early stage ...
متن کاملApplication of Discrete 3-level Nested Logit Model in Travel Demand Forecasting as an Alternative to Traditional 4-Step Model
This paper aims to introduce a new modelling approach that represents departure time, destination and travel mode choice under a unified framework. Through it, it is possible to overcome shortages of the traditional 4-step model associated with the lack of introducing actual travellers’ behaviours. This objective can be achieved through adopting discrete 3-level Nested Logit model that represen...
متن کاملOptimal Attack Strategies in a Dynamic Botnet Defense Model
Since the number of compromised computers, or botnet, continues to grow, the cyber security problem has become increasingly important and challenging to both academic researchers and industry practitioners. A respect to combat botnet propagation is to understand the attacker’s behaviors based on the whole operation of a system that can be modeled with population models used in epidemiological s...
متن کاملAnalaysis of IFLA Library Refrence Model’s Entities and Attrbutes For Iranian Traditional Music Resources (Case study: Morq-e sahar Song)
Background and Aim: The object of the study was to Analyze IFLA Library Reference Model (LRM) Entities and Attributes for Iranian Traditional Music Resources, Case Study: Morq-e Sahar Song. Method: The study inherits an applied content analysis method. All Entities and Attributes of IFlA LRM Model based on two checklists include: Final report of IFlA LRM on August 2017 and Transition Mappi...
متن کاملEarly Stage Botnet Detection and Containment via Mathematical Modeling and Prediction of Botnet Propagation Dynamics
The research that we discuss in this technical report shows that mathematical models of botnet propagation dynamics are a viable means of detecting early stage botnet infections in an enterprise network, and thus an effective tool for containing those botnet infections in a timely fashion. The main idea that underlies this research is to localize weakly connected subgraphs within a graph that m...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
- Computer Networks
دوره 57 شماره
صفحات -
تاریخ انتشار 2013