Comparison of the mean-field approach and simulation in a peer-to-peer botnet case study

Authors:
Anna Kolesnichenko;Anne Remke;Pieter-Tjerk de Boer;Boudewijn R. Haverkort
Affiliations:
Centre for Telematics & Information Technology, University of Twente, Enschede, The Netherlands;Centre for Telematics & Information Technology, University of Twente, Enschede, The Netherlands;Centre for Telematics & Information Technology, University of Twente, Enschede, The Netherlands;Centre for Telematics & Information Technology, University of Twente, Enschede, The Netherlands
Venue:
EPEW'11 Proceedings of the 8th European conference on Computer Performance Engineering
Year:
2011

Citing 14
Cited 3

Fast simulation of rare events in queueing and reliability models

ACM Transactions on Modeling and Computer Simulation (TOMACS)
Stochastic activity networks: formal definitions and concepts

Lectures on formal methods and performance analysis
The Möbius Framework and Its Implementation

IEEE Transactions on Software Engineering
How to lease the internet in your spare time

ACM SIGCOMM Computer Communication Review
A Generic Mean Field Convergence Result for Systems of Interacting Objects

QEST '07 Proceedings of the Fourth International Conference on Quantitative Evaluation of Systems
Analysis of On-off policies in Sensor Networks Using Interacting Markovian Agents

PERCOM '08 Proceedings of the 2008 Sixth Annual IEEE International Conference on Pervasive Computing and Communications
Analysing distributed Internet worm attacks using continuous state-space approximation of process algebra models

Journal of Computer and System Sciences
Modeling Peer-to-Peer Botnets

QEST '08 Proceedings of the 2008 Fifth International Conference on Quantitative Evaluation of Systems
Analysis of Large Populations of Interacting Objects with Mean Field and Markovian Agents

EPEW '09 Proceedings of the 6th European Performance Engineering Workshop on Computer Performance Engineering
Disaster Propagation in Heterogeneous Media via Markovian Agents

Critical Information Infrastructure Security
Mean-Field Analysis for the Evaluation of Gossip Protocols

QEST '09 Proceedings of the 2009 Sixth International Conference on the Quantitative Evaluation of Systems
Bio-PEPA for Epidemiological Models

Electronic Notes in Theoretical Computer Science (ENTCS)
Hybrid numerical solution of the chemical master equation

Proceedings of the 8th International Conference on Computational Methods in Systems Biology
Automating the Mean-Field Method for Large Dynamic Gossip Networks

QEST '10 Proceedings of the 2010 Seventh International Conference on the Quantitative Evaluation of Systems

Fluid model checking

CONCUR'12 Proceedings of the 23rd international conference on Concurrency Theory
Botnets: A survey

Computer Networks: The International Journal of Computer and Telecommunications Networking
Model checking markov population models by central limit approximation

QEST'13 Proceedings of the 10th international conference on Quantitative Evaluation of Systems

Quantified Score

Hi-index	0.00

Visualization

Abstract

Peer-to-peer botnets, as exemplified by the Storm Worm, and the spreading phase of Stuxnet, are a relatively new threat to security on the internet: infected computers automatically search for other computers to be infected, thus spreading the infection rapidly. In a recent paper, such botnets have been modeled using Stochastic Activity Networks, allowing the use of discrete-event simulation to judge strategies for combating their spread. In the present paper, we develop a mean-field model for analyzing botnet behavior and compare it with simulations obtained from the Moebius tool. We show that the mean-field approach provides accurate and orders-of-magnitude faster computation, thus providing very useful insight in spread characteristics and the effectiveness of countermeasures.