Comparison of the mean-field approach and simulation in a peer-to-peer botnet case study

A.V. Kolesnichenko; Anne Katharina Ingrid Remke; Pieter-Tjerk de Boer; Boudewijn R.H.M. Haverkort; N. Thomas

doi:10.1007/978-3-642-24749-1_11

Comparison of the mean-field approach and simulation in a peer-to-peer botnet case study

A.V. Kolesnichenko, Anne Katharina Ingrid Remke, Pieter-Tjerk de Boer, Boudewijn R.H.M. Haverkort, N. Thomas (Editor)

Research output: Other contribution

16 Citations (Scopus)

Abstract

Peer-to-peer botnets, as exemplified by the Storm Worm and Stuxnet, are a relatively new threat to security on the internet: infected computers automatically search for other computers to be infected, thus spreading the infection rapidly. In a recent paper, such botnets have been modeled using Stochastic Activity Networks, allowing the use of discrete-event simulation to judge strategies for combating their spread. In the present paper, we develop a mean-field model for analyzing botnet behavior and compare it with simulations obtained from the Möbius tool. We show that the mean-field approach provides accurate and orders-of- magnitude faster computation, thus providing very useful insight in spread characteristics and the effectiveness of countermeasures.

Original language	English
Publisher	Springer Verlag
Number of pages	15
Place of Publication	London
DOIs	https://doi.org/10.1007/978-3-642-24749-1_11
Publication status	Published - Oct 2011
Externally published	Yes

Keywords

METIS-281544
IR-78784
peer-to-peer botnet spread
EWI-20735
Mean-field approximation
differential equations
Simulation

Access to Document

10.1007/978-3-642-24749-1_11

Cite this

@misc{f29cf7009d1d4ac8bb44b9ac5d4f5be7,

title = "Comparison of the mean-field approach and simulation in a peer-to-peer botnet case study",

abstract = "Peer-to-peer botnets, as exemplified by the Storm Worm and Stuxnet, are a relatively new threat to security on the internet: infected computers automatically search for other computers to be infected, thus spreading the infection rapidly. In a recent paper, such botnets have been modeled using Stochastic Activity Networks, allowing the use of discrete-event simulation to judge strategies for combating their spread. In the present paper, we develop a mean-field model for analyzing botnet behavior and compare it with simulations obtained from the M{\"o}bius tool. We show that the mean-field approach provides accurate and orders-of- magnitude faster computation, thus providing very useful insight in spread characteristics and the effectiveness of countermeasures.",

keywords = "METIS-281544, IR-78784, peer-to-peer botnet spread, EWI-20735, Mean-field approximation, differential equations, Simulation",

author = "A.V. Kolesnichenko and Remke, \{Anne Katharina Ingrid\} and \{de Boer\}, Pieter-Tjerk and Haverkort, \{Boudewijn R.H.M.\} and N. Thomas",

year = "2011",

month = oct,

doi = "10.1007/978-3-642-24749-1\_11",

language = "English",

publisher = "Springer Verlag",

address = "Germany",

type = "Other",

}

TY - GEN

T1 - Comparison of the mean-field approach and simulation in a peer-to-peer botnet case study

AU - Kolesnichenko, A.V.

AU - Remke, Anne Katharina Ingrid

AU - de Boer, Pieter-Tjerk

AU - Haverkort, Boudewijn R.H.M.

A2 - Thomas, N.

PY - 2011/10

Y1 - 2011/10

N2 - Peer-to-peer botnets, as exemplified by the Storm Worm and Stuxnet, are a relatively new threat to security on the internet: infected computers automatically search for other computers to be infected, thus spreading the infection rapidly. In a recent paper, such botnets have been modeled using Stochastic Activity Networks, allowing the use of discrete-event simulation to judge strategies for combating their spread. In the present paper, we develop a mean-field model for analyzing botnet behavior and compare it with simulations obtained from the Möbius tool. We show that the mean-field approach provides accurate and orders-of- magnitude faster computation, thus providing very useful insight in spread characteristics and the effectiveness of countermeasures.

AB - Peer-to-peer botnets, as exemplified by the Storm Worm and Stuxnet, are a relatively new threat to security on the internet: infected computers automatically search for other computers to be infected, thus spreading the infection rapidly. In a recent paper, such botnets have been modeled using Stochastic Activity Networks, allowing the use of discrete-event simulation to judge strategies for combating their spread. In the present paper, we develop a mean-field model for analyzing botnet behavior and compare it with simulations obtained from the Möbius tool. We show that the mean-field approach provides accurate and orders-of- magnitude faster computation, thus providing very useful insight in spread characteristics and the effectiveness of countermeasures.

KW - METIS-281544

KW - IR-78784

KW - peer-to-peer botnet spread

KW - EWI-20735

KW - Mean-field approximation

KW - differential equations

KW - Simulation

U2 - 10.1007/978-3-642-24749-1_11

DO - 10.1007/978-3-642-24749-1_11

M3 - Other contribution

PB - Springer Verlag

CY - London

ER -

Comparison of the mean-field approach and simulation in a peer-to-peer botnet case study

Abstract

Keywords

Access to Document

Fingerprint

Cite this