The application of epidemiology to computer viruses
Computers and Security
IPTPS '01 Revised Papers from the First International Workshop on Peer-to-Peer Systems
Markovian Modeling and Analysis of Internet Worm Propagation
ISSRE '05 Proceedings of the 16th IEEE International Symposium on Software Reliability Engineering
Honeypot-Aware Advanced Botnet Construction and Maintenance
DSN '06 Proceedings of the International Conference on Dependable Systems and Networks
On the performance of internet worm scanning strategies
Performance Evaluation
Peer-to-peer botnets: overview and case study
HotBots'07 Proceedings of the first conference on First Workshop on Hot Topics in Understanding Botnets
My botnet is bigger than yours (maybe, better than yours): why size estimates remain challenging
HotBots'07 Proceedings of the first conference on First Workshop on Hot Topics in Understanding Botnets
QEST '08 Proceedings of the 2008 Fifth International Conference on Quantitative Evaluation of Systems
A Survey of Botnet Technology and Defenses
CATCH '09 Proceedings of the 2009 Cybersecurity Applications & Technology Conference for Homeland Security
Automating analysis of large-scale botnet probing events
Proceedings of the 4th International Symposium on Information, Computer, and Communications Security
A Systematic Study on Peer-to-Peer Botnets
ICCCN '09 Proceedings of the 2009 Proceedings of 18th International Conference on Computer Communications and Networks
Propagation Model for Botnet Based on Conficker Monitoring
ISISE '09 Proceedings of the 2009 Second International Symposium on Information Science and Engineering
A probabilistic population study of the Conficker-C botnet
PAM'10 Proceedings of the 11th international conference on Passive and active measurement
A statistical approach to botnet virulence estimation
Proceedings of the 6th ACM Symposium on Information, Computer and Communications Security
Characterizing internet worm infection structure
LEET'11 Proceedings of the 4th USENIX conference on Large-scale exploits and emergent threats
The probability model of peer-to-peer botnet propagation
ICA3PP'11 Proceedings of the 11th international conference on Algorithms and architectures for parallel processing - Volume Part I
Computer Networks: The International Journal of Computer and Telecommunications Networking
| Hi-index | 0.00 |
Botnets, overlay networks built by cyber criminals from numerous compromised network-accessible devices, have become a pressing security concern in the Internet world. Availability of accurate mathematical models of population size evolution enables security experts to plan ahead and deploy adequate resources when responding to a growing threat of an emerging botnet. In this paper, we introduce the Susceptible-Infected-Connected (SIC) botnet model. Prior botnet models are largely the same as the models for the spread of malware among computers and disease among humans. The SIC model possesses some key improvements over earlier models: (1) keeping track of only key node stages (Infected and Connected), hence being applicable to a larger set of botnets; and (2) being a Continuous-Time Markov Chain-based model, it takes into account the stochastic nature of population size evolution. The SIC model helps the security experts with the following two key analyses: (1) estimation of the global botnet size during its initial appearance based on local measurements; and (2) comparison of botnet mitigation strategies such as disinfection of nodes and attacks on botnet's Command and Control (C&C) structure. The analysis of the mitigation strategies has been strengthened by the development of an analytical link between the SIC model and the P2P botnet mitigation strategies. Specifically, one can analyze how a random sybil attack on a botnet can be fine-tuned based on the insight drawn from the use of the SIC model. We also show that derived results may be used to model the sudden growth and size fluctuations of real-world botnets.