A Stochastic Framework for Prediction of Malware Spreading in Heterogeneous Networks

  • Sandra KönigEmail author
  • Stefan Schauer
  • Stefan Rass
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 10014)


The infection of ICT systems with malware has become an increasing threat in the past years. In most cases, large-scale cyber-attacks are initiated by the establishment of a botnet, by infecting a large number of computers with malware to launch the actual attacks subsequently with help of the infected victim machines (e.g., a distributed denial-of-service or similar). To prevent such an infection, several methodologies and technical solutions like firewalls, malware scanners or intrusion detection systems are usually applied. Nevertheless, malware becomes more sophisticated and is often able to surpass these preventive actions. Hence, it is more relevant for ICT risk managers to assess the spreading of a malware infection within an organization’s network. In this paper, we present a novel framework based on stochastic models from the field of disease spreading to describe the propagation of malware within a network, with an explicit account for different infection routes (phishing emails, network shares, etc.). This approach allows the user not only to estimate the number of infected nodes in the network but also provides a simple criterion to check whether an infection may grow into a epidemic. Unlike many other techniques, our framework is not limited to a particular communication technology, but can unify different types of infection channels (e.g., physical, logical and social links) within the same model. We will use three simple examples to illustrate the functionalities of the framework.



This work was supported by the European Commission’s Project No. 608090, HyRiM (Hybrid Risk Management for Utility Networks) under the 7th Framework Programme (FP7-SEC-2013-1).


  1. 1.
    Karnouskos, S.: Stuxnet worm impact on industrial cyber-physical system security. In: IECON 2011–37th Annual Conference of the IEEE Industrial Electronics Society (IECON), pp. 4490–4494. IEEE (2011)Google Scholar
  2. 2.
    Zetter, K.: Inside the cunning, unprecedented hack of ukraines power grid (2016).
  3. 3.
    Gosk, S., Winter, T., Connor, T.: Iranian hackers claim cyber attack on New York dam (2015).
  4. 4.
    Francescani, C.: U.S. infrastructure can be hacked with google, simple passwords (2016).
  5. 5.
    SCADAhacker: Cyber security for critical infrastructure protection - scadahacker (2016).
  6. 6.
    Microsoft: Zeroing in on malware propagation methods (2011)Google Scholar
  7. 7.
    Grimmett, G.: Percolation. Springer, New York (1989)zbMATHGoogle Scholar
  8. 8.
    Newman, M.E.J.: The spread of epidemic disease on networks. Phys. Rev. E 66, 016128 (2002)MathSciNetCrossRefGoogle Scholar
  9. 9.
    Poggi, S., Neri, F., Deytieux, V., Bates, A., Otten, W., Gilligan, C., Bailey, D.: Percolation-based risk index for pathogen invasion: application to soilborne disease in propagation systems. Phytopathology 103(10), 1012–1019 (2013)CrossRefGoogle Scholar
  10. 10.
    Zou, C.C., Gong, W., Towsley, D.: Code red worm propagation modeling and analysis. In: Proceedings of 9th ACM Conference on Computer and Communication Security, pp. 138–147 (2002)Google Scholar
  11. 11.
    Moore, D., Shannon, C., Voelker, G.M., Savage, S.: Internet quarantine: requirements for containing self-propagating code. In: Proceedings of INFOCOM 2003, vol. 3, pp. 1901–1910 (2003)Google Scholar
  12. 12.
    Ganesh, A., Massoulie, L., Towsley, D.: The effect of network topology on the spread of epidemics. In: Proceedings of INFOCOM 2005, vol. 2, pp. 1455–1466 (2005)Google Scholar
  13. 13.
    Zou, C.C., Towsley, D., Gong, W.: Modeling and simulation study of the propagation and defense of internet e-mail worms. IEEE Trans. Dependable Secure Comput. 4(2), 105–118 (2007)CrossRefGoogle Scholar
  14. 14.
    Chen, Z., Ji, C.: Spatial-temporal modeling of malware propagation in networks. IEEE Trans. Neural Netw. 16(5), 1291–1303 (2005)MathSciNetCrossRefGoogle Scholar
  15. 15.
    Miller, J.C.: Bounding the size and probability of epidemics on networks. Appl. Probab. Trust 45, 498–512 (2008)MathSciNetCrossRefzbMATHGoogle Scholar
  16. 16.
    Sellke, S.H., Shroff, N.B., Bagchi, S.: Modeling and automated containment of worms. IEEE Trans. Dependable and Secure Comput. 5(2), 71–86 (2008)CrossRefGoogle Scholar
  17. 17.
    Yan, G., Eidenbenz, S.: Modeling propagation dynamics of bluetooth worms (extended version). IEEE Trans. Mob. Comput. 8(3), 353–368 (2009)CrossRefGoogle Scholar
  18. 18.
    Gao, C., Liu, J.: Modeling and restraining mobile virus propagation. IEEE Trans. Mob. Comput. 12(3), 529–541 (2013)CrossRefGoogle Scholar
  19. 19.
    Yu, S., Gu, G., Barnawi, A., Guo, S., Stojmenovic, I.: Malware propagation in large-scale networks. IEEE Trans. Knowl. Data Eng. 27(1), 170–179 (2015)CrossRefGoogle Scholar
  20. 20.
    Miller, J.C., Volz, E.M.: Incorporating disease and population structure into models of SIR disease in contact networks. PLoS ONE 8(8), 1–14 (2013)Google Scholar
  21. 21.
    Callaway, D.S., Newman, M.E.J., Strogatz, S.H., Watts, D.J.: Network robustness, fragility: percolation on random graphs. Phys. Rev. Lett. 85(25), 5468 (2000)CrossRefGoogle Scholar
  22. 22.
    Sander, L.M., Warren, C.P., Sokolov, I.M., Simon, C., Koopman, J.: Percolation on heterogeneous networks as a model for epidemics. Math. Biosci. 180, 293–305 (2002)MathSciNetCrossRefzbMATHGoogle Scholar
  23. 23.
    Kenah, E., Robins, M.: Second look at spread of epidemics on networks. Phys. Rev. E 76, 036113 (2007)MathSciNetCrossRefGoogle Scholar
  24. 24.
    Slathe, M., Jones, J.H.: Dynamics and control of diseases in networks with community structure. PLoS Comput. Biol. 4(6), e1000736 (2010)MathSciNetCrossRefGoogle Scholar
  25. 25.
    Schwartz, N., Cohen, R., ben-Avraham, D., Barabasi, A.L., Havlin, S.: Percolation in directed scale-free networks. Phys. Rev. E 66, 015104 (2002)MathSciNetCrossRefGoogle Scholar
  26. 26.
    Cohen, R., ben Avraham, D., Havlin, S.: Percolation critical exponents in scale-free networks. Phys. Rev. E 66, 036113 (2002)CrossRefGoogle Scholar
  27. 27.
    Cohen, R., Erez, K., ben Avraham, D., Havlin, S.: Resilience of the internet to random breakdowns. Phys. Rev. Lett. 85(21), 4626 (2000)CrossRefGoogle Scholar
  28. 28.
    Cohen, R., Erez, K., ben-Avraham, D., Havlin, S.: Breakdown of the internet under intentional attack. Phys. Rev. Lett. 86, 3682–3685 (2001)CrossRefGoogle Scholar
  29. 29.
    Newman, M.E.J., Ferrario, C.R.: Competing epidemics on complex networks. Phys. Rev. E 84, 036106 (2011)CrossRefGoogle Scholar
  30. 30.
    Newman, M.E., Ferrario, C.R.: Interacting epidemics and coinfection on contact networks. PLoS ONE 8(8), e71321 (2013)CrossRefGoogle Scholar
  31. 31.
    Green, B., Prince, D., Roedig, U., Busby, J., Hutchison, D.: Socio-technical security analysis of industrial control systems (ICS). In: 2nd International Symposium for ICS and SCADA Cyber Security Research 2014 (ICS-CSR 2014), vol. 9 (2014)Google Scholar
  32. 32.
    Meyers, L.A., Newman, M.E.J., Pourbohloul, B.: Predicting epidemics on directed contact networks. J. Theoret. Biol. 240(3), 400–418 (2006)MathSciNetCrossRefGoogle Scholar
  33. 33.
    König, S.: Error propagation through a network with non-uniform failure (2016). arXiv: 1604.03558
  34. 34.
    Wilf, H.S.: Generatingfunctionology. Academic Press, Cambridge (1994)zbMATHGoogle Scholar
  35. 35.
    Newman, M.E.J., Strogatz, S.H., Watts, D.J.: Random graphs with arbitrary degree distributions and their applications. Phys. Rev. E 64, 026118 (2001)CrossRefGoogle Scholar
  36. 36.
    Beck, A.: Entwicklung einer Metrik zur automatisierten Analyse und Bewertung von Bedrohungsszenarien mit Hilfe neuraler Netzwerke (2016)Google Scholar
  37. 37.
    Erdős, P., Rényi, A.: On random graphs. Publicationes Mathematicae 6, 290–297 (1959)MathSciNetzbMATHGoogle Scholar
  38. 38.
    Corless, R.M., Gonnet, G.H., Hare, D.E.G., Jeffrey, D.J., Knuth, D.E.: On the Lambert W function. Comput. Math. 5, 329–359 (1996)MathSciNetzbMATHGoogle Scholar
  39. 39.
    König, S., Rass, S., Schauer, S., Beck, A.: Risk propagation analysis and visualization using percolation theory. Int. J. Adv. Comput. Sci. Appl. (IJACSA), 7(1) (2016)Google Scholar
  40. 40.
    Rass, S.: On Game-Theoretic Risk Management (Part One) - Towards a Theory of Games with Payoffs that are Probability-Distributions. ArXiv e-prints, June 2015.
  41. 41.
    Rass, S.: On game-theoretic risk management (part two) - algorithms to compute nash-equilibria in games with distributions as payoffs (2015). arXiv: 1511.08591

Copyright information

© Springer International Publishing AG 2016

Authors and Affiliations

  1. 1.Digital Safety and Security DepartmentAustrian Institute of Technology GmbHKlagenfurtAustria
  2. 2.System Security Group, Institute of Applied InformaticsUniversität KlagenfurtKlagenfurtAustria

Personalised recommendations