Document Type

Article

Publication Date

9-2009

Publication Source

IEEE Transactions on Information Forensics and Security

Volume

4

Issue

3

Inclusive pages

530 - 541

DOI

10.1109/TIFS.2009.2025847

Publisher

IEEE

ISBN/ISSN

1556-6021

Abstract

This work provides an information-theoretic view to better understand the relationships between aggregated vulnerability information viewed by attackers and a class of randomized epidemic scanning algorithms. In particular, this work investigates three aspects: 1) a network vulnerability as the nonuniform vulnerable-host distribution, 2) threats, i.e., intelligent malwares that exploit such a vulnerability, and 3) defense, i.e., challenges for fighting the threats. We first study five large data sets and observe consistent clustered vulnerable-host distributions. We then present a new metric, referred to as the nonuniformity factor, that quantifies the unevenness of a vulnerable-host distribution. This metric is essentially the Renyi information entropy that unifies the nonuniformity of a vulnerable-host distribution with different malware-scanning methods. Next, we draw a relationship between Renyi entropies and randomized epidemic scanning algorithms. We find that the infection rates of malware-scanning methods are characterized by the Renyi entropies that relate to the information bits in a nonunform vulnerable-host distribution extracted by a randomized scanning algorithm. Meanwhile, we show that a representative network-aware malware can increase the spreading speed by exactly or nearly a nonuniformity factor when compared to a random-scanning malware at an early stage of malware propagation. This quantifies that how much more rapidly the Internet can be infected at the early stage when a malware exploits an uneven vulnerable-host distribution as a network-wide vulnerability. Furthermore, we analyze the effectiveness of defense strategies on the spread of network-aware malwares. Our results demonstrate that counteracting network-aware malwares is a significant challenge for the strategies that include host-based defenses and IPv6.

Keywords

Computer worms, Intelligent networks, Clustering algorithms, Information entropy, Data mining, IP networks, Measurement, Computer viruses, Monitoring, Social network services, IP networks, computer networks, entropy, Internet, invasive software, IPv6, information-theoretic view, network-aware Malware attacks, vulnerability information, randomized epidemic scanning algorithms, network vulnerability, nonuniform vulnerable-host distribution, intelligent malwares, nonuniformity factor, Renyi information entropy, malware-scanning methods, random-scanning malware, malware propagation, Internet, performance metrics, Attack models, network security

Disciplines

Computer Sciences

Share

COinS
 
 

Link to Original Published Item

https://arxiv.org/pdf/0805.0802.pdf