Comparison of the mean-field approach and simulation in a peer-to-peer botnet case study

A.V. Kolesnichenko, Anne Katharina Ingrid Remke, Pieter-Tjerk de Boer, Boudewijn R.H.M. Haverkort, N. Thomas (Editor)

Research output: Other contributionOther research output

Abstract

Peer-to-peer botnets, as exemplified by the Storm Worm and Stuxnet, are a relatively new threat to security on the internet: infected computers automatically search for other computers to be infected, thus spreading the infection rapidly. In a recent paper, such botnets have been modeled using Stochastic Activity Networks, allowing the use of discrete-event simulation to judge strategies for combating their spread. In the present paper, we develop a mean-field model for analyzing botnet behavior and compare it with simulations obtained from the Möbius tool. We show that the mean-field approach provides accurate and orders-of- magnitude faster computation, thus providing very useful insight in spread characteristics and the effectiveness of countermeasures.
Original languageEnglish
PublisherSpringer Verlag
Number of pages15
Place of PublicationLondon
DOIs
Publication statusPublished - Oct 2011
Externally publishedYes

Fingerprint

Discrete event simulation
Internet
Botnet

Keywords

  • METIS-281544
  • IR-78784
  • peer-to-peer botnet spread
  • EWI-20735
  • Mean-field approximation
  • differential equations
  • Simulation

Cite this

Kolesnichenko, A. V., Remke, A. K. I., de Boer, P-T., Haverkort, B. R. H. M., & Thomas, N. (Ed.) (2011, Oct). Comparison of the mean-field approach and simulation in a peer-to-peer botnet case study. London: Springer Verlag. https://doi.org/10.1007/978-3-642-24749-1_11
Kolesnichenko, A.V. ; Remke, Anne Katharina Ingrid ; de Boer, Pieter-Tjerk ; Haverkort, Boudewijn R.H.M. ; Thomas, N. (Editor). / Comparison of the mean-field approach and simulation in a peer-to-peer botnet case study. 2011. London : Springer Verlag. 15 p.
@misc{f29cf7009d1d4ac8bb44b9ac5d4f5be7,
title = "Comparison of the mean-field approach and simulation in a peer-to-peer botnet case study",
abstract = "Peer-to-peer botnets, as exemplified by the Storm Worm and Stuxnet, are a relatively new threat to security on the internet: infected computers automatically search for other computers to be infected, thus spreading the infection rapidly. In a recent paper, such botnets have been modeled using Stochastic Activity Networks, allowing the use of discrete-event simulation to judge strategies for combating their spread. In the present paper, we develop a mean-field model for analyzing botnet behavior and compare it with simulations obtained from the M{\"o}bius tool. We show that the mean-field approach provides accurate and orders-of- magnitude faster computation, thus providing very useful insight in spread characteristics and the effectiveness of countermeasures.",
keywords = "METIS-281544, IR-78784, peer-to-peer botnet spread, EWI-20735, Mean-field approximation, differential equations, Simulation",
author = "A.V. Kolesnichenko and Remke, {Anne Katharina Ingrid} and {de Boer}, Pieter-Tjerk and Haverkort, {Boudewijn R.H.M.} and N. Thomas",
year = "2011",
month = "10",
doi = "10.1007/978-3-642-24749-1_11",
language = "English",
publisher = "Springer Verlag",
address = "Germany",
type = "Other",

}

Comparison of the mean-field approach and simulation in a peer-to-peer botnet case study. / Kolesnichenko, A.V.; Remke, Anne Katharina Ingrid; de Boer, Pieter-Tjerk; Haverkort, Boudewijn R.H.M.; Thomas, N. (Editor).

15 p. London : Springer Verlag. 2011, .

Research output: Other contributionOther research output

TY - GEN

T1 - Comparison of the mean-field approach and simulation in a peer-to-peer botnet case study

AU - Kolesnichenko, A.V.

AU - Remke, Anne Katharina Ingrid

AU - de Boer, Pieter-Tjerk

AU - Haverkort, Boudewijn R.H.M.

A2 - Thomas, N.

PY - 2011/10

Y1 - 2011/10

N2 - Peer-to-peer botnets, as exemplified by the Storm Worm and Stuxnet, are a relatively new threat to security on the internet: infected computers automatically search for other computers to be infected, thus spreading the infection rapidly. In a recent paper, such botnets have been modeled using Stochastic Activity Networks, allowing the use of discrete-event simulation to judge strategies for combating their spread. In the present paper, we develop a mean-field model for analyzing botnet behavior and compare it with simulations obtained from the Möbius tool. We show that the mean-field approach provides accurate and orders-of- magnitude faster computation, thus providing very useful insight in spread characteristics and the effectiveness of countermeasures.

AB - Peer-to-peer botnets, as exemplified by the Storm Worm and Stuxnet, are a relatively new threat to security on the internet: infected computers automatically search for other computers to be infected, thus spreading the infection rapidly. In a recent paper, such botnets have been modeled using Stochastic Activity Networks, allowing the use of discrete-event simulation to judge strategies for combating their spread. In the present paper, we develop a mean-field model for analyzing botnet behavior and compare it with simulations obtained from the Möbius tool. We show that the mean-field approach provides accurate and orders-of- magnitude faster computation, thus providing very useful insight in spread characteristics and the effectiveness of countermeasures.

KW - METIS-281544

KW - IR-78784

KW - peer-to-peer botnet spread

KW - EWI-20735

KW - Mean-field approximation

KW - differential equations

KW - Simulation

U2 - 10.1007/978-3-642-24749-1_11

DO - 10.1007/978-3-642-24749-1_11

M3 - Other contribution

PB - Springer Verlag

CY - London

ER -