Abstract
Self-propagating malware (SPM) has led to huge financial losses, major data breaches, and widespread service disruptions in recent years. In this paper, we explore the problem of developing cyber resilient systems capable of mitigating the spread of SPM attacks. We begin with an in-depth study of a well-known self-propagating malware, WannaCry, and present a compartmental model called SIIDR that accurately captures the behavior observed in real-world attack traces. Next, we investigate ten cyber defense techniques, including existing edge and node hardening strategies, as well as newly developed methods based on reconfiguring network communication (NodeSplit) and isolating communities. We evaluate all defense strategies in detail using six real-world communication graphs collected from a large retail network and compare their performance across a wide range of attacks and network topologies. We show that several of these defenses are able to efficiently reduce the spread of SPM attacks modeled with SIIDR. For instance, given a strong attack that infects 97% of nodes when no defense is employed, strategically securing a small number of nodes (0.08%) reduces the infection footprint in one of the networks down to 1%.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
The eigen-score of an edge \(e = (i, j)\) equals to the product of the i-th and j-th elements of the left and right eigenvectors corresponding to \(\lambda _1\), i.e. \(u(i) \times v(j)\).
- 2.
Modularity is defined as the number of edges falling within groups minus the expected number in the null model of the network (i.e., an equivalent network with edges placed at random) [29].
- 3.
References
Akaike, H.: Information theory and an extension of the maximum likelihood principle. In: Parzen, E., Tanabe, K., Kitagawa, G. (eds.) Selected Papers of Hirotugu Akaike. Springer Series in Statistics. Springer, New York (1998). https://doi.org/10.1007/978-1-4612-1694-0_15
Albert, R., Jeong, H., Barabási, A.L.: Error and attack tolerance of complex networks. Nature 406, 376–382 (2000)
Alstott, J., Bullmore, E., Plenz, D.: Powerlaw: a python package for analysis of heavy-tailed distributions (2013). http://arxiv.org/abs/1305.0215
Anjum, I., et al.: Removing the reliance on perimeters for security using network views. In: ACM SACMAT, pp. 151–162 (2022)
Baig, M.B., Akoglu, L.: Correlation of node importance measures: an empirical study through graph robustness. In: WWW, pp. 275–281 (2015)
Brauer, F.: Compartmental models in epidemiology. In: Mathematical Epidemiology. LNM, vol. 1945, pp. 19–79. Springer, Heidelberg (2008). https://doi.org/10.1007/978-3-540-78911-6_2
Chakrabarti, D., Wang, Y., Wang, C., Leskovec, J., Faloutsos, C.: Epidemic thresholds in real networks. ACM Trans. Inf. Syst. Secur. 10(4), 1:1-1:26 (2008)
Chan, H., Akoglu, L.: Optimizing network robustness by edge rewiring: a general framework. Data Min. Knowl. Discov. 30(5), 1395–1425 (2016). https://doi.org/10.1007/s10618-015-0447-5
Chen, P., Choudhury, S., Rodriguez, L., III, A.O.H., Ray, I.: Enterprise cyber resiliency against lateral movement: a graph theoretic approach. CoRR (2019)
Chen, Z., Tong, H., Ying, L.: Realtime robustification of interdependent networks under cascading attacks. In: 2018 IEEE International Conference on Big Data (Big Data), pp. 1347–1356 (2018)
Chernikova, A., Gozzi, N., Boboila, S., Perra, N., Eliassi-Rad, T., Oprea, A.: Modeling self-propagating malware with epidemiological models (2022)
Chung, F., Lu, L., Vu, V.: Eigenvalues of random power law graphs. Ann. Comb. 7, 21–33 (2003)
Cloudflare: Inside the infamous Mirai IoT Botnet. https://blog.cloudflare.com/inside-mirai-the-infamous-iot-botnet-a-retrospective-analysis/. Accessed Apr 2022
Coresecurity: What is Ryuk Ransomware? (2022). https://www.coresecurity.com/core-labs/articles/what-is-ryuk-ransomware
Freitas, S., Wicker, A., Chau, D.H.P., Neil, J.: D\({}^{\text{2}}\)M: dynamic defense and modeling of adversarial movement in networks. In: SDM, pp. 541–549. SIAM (2020)
Freitas, S., Yang, D., Kumar, S., Tong, H., Horng (Polo) Chau, D.: Graph vulnerability and robustness: a survey. TKDE (2022)
Gan, C., Feng, Q., Zhang, X., Zhang, Z., Zhu, Q.: Dynamical propagation model of malware for cloud computing security. IEEE Access 8, 20325–20333 (2020)
GitHub: Open-source code for investigating cyber network resilience (2022). https://github.com/neu-nds2/cyber-resilience
Guillen, J.H., Del Rey, A.M., Casado-Vara, R.: Security countermeasures of a SCIRAS model for advanced malware propagation. IEEE Access 7, 135472–135478 (2019)
Le, L.T., Eliassi-Rad, T., Tong, H.: MET: A fast algorithm for minimizing propagation in large graphs with small eigen-gaps. In: SDM, pp. 694–702 (2015)
Levy, N., Rubin, A., Yom-Tov, E.: Modeling infection methods of computer malware in the presence of vaccinations using epidemiological models: an analysis of real-world data. Int. J. Data Sci. Anal. 10(4), 349–358 (2020). https://doi.org/10.1007/s41060-020-00225-1
Liao, C.M., Liu, W., Tang, S., Xiao, Y.: Model selection and evaluation based on emerging infectious disease data sets including A/H1N1 and Ebola. Comput. Math. Methods Med. (2015)
Louzada, V.H.P., Daolio, F., Herrmann, H.J., Tomassini, M.: Smart rewiring for network robustness. J. Complex Networks 1(2), 150–159 (2013)
McKinley, T.J., et al.: Approximate Bayesian computation and simulation-based inference for complex stochastic epidemic models. Stat. Sci. 33(1), 4–18 (2018)
Microsoft Azure: Traffic Manager documentation (2022). https://docs.microsoft.com/en-us/azure/traffic-manager/
Mike Azzara: What is wannacry ransomware and how does it work? https://www.mimecast.com/blog/all-you-need-to-know-about-wannacry-ransomware/
Minter, A., Retkute, R.: Approximate Bayesian computation for infectious disease modelling. Epidemics 29, 100368 (2019)
Mishra, B.K., Pandey, S.K.: Dynamic model of worm propagation in computer network. Appl. Math. Model. 38(7–8), 2173–2179 (2014)
Newman, M.E.J.: Modularity and community structure in networks. Proc. Natl. Acad. Sci. 103(23), 8577–8582 (2006)
Newman, M.: The structure and function of complex networks. SIAM Rev. 45(2), 167–256 (2003)
Ojha, R.P., Srivastava, P.K., Sanyal, G., Gupta, N.: Improved model for the stability analysis of wireless sensor network against malware attacks. Wireless Pers. Commun. 116(3), 2525–2548 (2021)
Zlotnik, O.: System hardening guidelines for 2022 (2021). https://www.hysolate.com/blog/system-hardening-guidelines-best-practices/
Ongun, T., et al.: PORTFILER: port-level network profiling for self-propagating malware detection. In: IEEE CNS, pp. 182–190 (2021)
Pastor-Satorras, R., Vespignani, A.: Epidemics and immunization in scale-free networks. In: Handbook of Graphs and Networks. Wiley-VCH (2003)
Pastor-Satorras, R., Castellano, C., Van Mieghem, P., Vespignani, A.: Epidemic processes in complex networks. Rev. Mod. Phys. 87, 925–979 (2015)
Prakash, B., Chakrabarti, D., Faloutsos, M., Valler, N., Faloutsos, C.: Threshold conditions for arbitrary cascade models on arbitrary networks. Knowl. Inf. Syst. 33, 537–546 (2011)
Requiao Da Cunha, B., González-Avella, J., Gonçalves, S.: Fast fragmentation of networks using module-based attacks. PLoS ONE (2015)
Rey, A.: Mathematical modeling of the propagation of malware: a review. Secur. Commun. Networks 8 (2015)
Seals, Tara: Innovative PureLocker ransomware emerges in targeted attacks (2019). https://threatpost.com/purelocker-ransomware-targeted-attacks/150229/
Stocks, T., Britton, T., Hohle, M.: Model selection and parameter estimation for dynamic epidemic models via iterated filtering: application to rotavirus in Germany. Biostatistics 21(3), 400–416 (2018)
Tong, H., Prakash, B.A., Eliassi-Rad, T., Faloutsos, M., Faloutsos, C.: Gelling, and melting, large graphs by edge manipulation. In: CIKM, pp. 245–254 (2012)
Tong, H., Prakash, B.A., Tsourakakis, C., Eliassi-Rad, T., Faloutsos, C., Chau, D.H.: On the vulnerability of large graphs. In: IEEE ICDM, pp. 1091–1096 (2010)
Torres, L., Chan, K., Tong, H., Eliassi-Rad, T.: Nonbacktracking eigenvalues under node removal: X-centrality and targeted immunization. SIAM J. Math. Data Sci. 3, 656–675 (2021)
Toutonji, O.A., Yoo, S.M., Park, M.: Stability analysis of VEISV propagation modeling for network worm attack. Appl. Math. Model. 36(6), 2751–2761 (2012)
Traag, V.A., Waltman, L., van Eck, N.J.: From Louvain to Leiden: guaranteeing well-connected communities. Sci. Rep. 9(1), 5233 (2019)
Vespignani, A.: Modelling dynamical processes in complex socio-technical systems. Nat. Phys. 8(1), 32–39 (2012)
Wikipedia: Structural holes. https://en.wikipedia.org/wiki/Structural_holes. Accessed Apr 2022
Zhu, Q., Yang, X., Ren, J.: Modeling and analysis of the spread of computer virus. Commun. Nonlinear Sci. Numer. Simul. 17(12), 5117–5124 (2012)
Acknowledgements
This research was sponsored by PricewaterhouseCoopers LLP and the U.S. Army Combat Capabilities Development Command Army Research Laboratory (DEVCOM ARL) under Cooperative Agreement Number W911NF-13-2-0045. The views and conclusions contained in this document are those of the authors and should not be interpreted as representing the official policies, either expressed or implied, of DEVCOM ARL or the U.S. Government. The U.S. Government is authorized to reproduce and distribute reprints for Government purposes notwithstanding any copyright notation here on.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2022 The Author(s), under exclusive license to Springer Nature Switzerland AG
About this paper
Cite this paper
Chernikova, A. et al. (2022). Cyber Network Resilience Against Self-Propagating Malware Attacks. In: Atluri, V., Di Pietro, R., Jensen, C.D., Meng, W. (eds) Computer Security – ESORICS 2022. ESORICS 2022. Lecture Notes in Computer Science, vol 13554. Springer, Cham. https://doi.org/10.1007/978-3-031-17140-6_26
Download citation
DOI: https://doi.org/10.1007/978-3-031-17140-6_26
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-17139-0
Online ISBN: 978-3-031-17140-6
eBook Packages: Computer ScienceComputer Science (R0)