Peer-to-peer botnets, as exemplified by the Storm Worm and Stuxnet, are a relatively new threat to security on the internet: infected computers automatically search for other computers to be infected, thus spreading the infection rapidly. In a recent paper, such botnets have been modeled using Stochastic Activity Networks, allowing the use of discrete-event simulation to judge strategies for combating their spread. In the present paper, we develop a mean-field model for analyzing botnet behavior and compare it with simulations obtained from the Möbius tool. We show that the mean-field approach provides accurate and orders-of- magnitude faster computation, thus providing very useful insight in spread characteristics and the effectiveness of countermeasures.
- peer-to-peer botnet spread
- Mean-field approximation
- differential equations
Kolesnichenko, A. V., Remke, A. K. I., de Boer, P-T., Haverkort, B. R. H. M., & Thomas, N. (Ed.) (2011, Oct). Comparison of the mean-field approach and simulation in a peer-to-peer botnet case study. London: Springer Verlag. https://doi.org/10.1007/978-3-642-24749-1_11