Modelling the Spread of Botnet Malware in IoT-Based Wireless Sensor Networks

The propagation approach of a botnet largely dictates its formation, establishing a foundation of bots for future exploitation. The chosen propagation method determines the attack surface, and consequently, the degree of network penetration, as well as the overall size and the eventual attack potency. It is therefore essential to understand propagation behaviours and influential factors in order to better secure vulnerable systems. Whilst botnet propagation is generally well-studied, newer technologies like IoT have unique characteristics which are yet to be thoroughly explored. In this paper, we apply the principles of epidemic modelling to IoT networks consisting of wireless sensor nodes. We build IoT-SIS, a novel propagation model which considers the impact of IoT-specific characteristics like limited processing power, energy restrictions, and node density on the formation of a botnet. Focusing on worm-based propagation, this model is used to explore the dynamics of spread using numerical simulations and the Monte Carlo method, and to discuss the real-life implications of our findings

Efficient Attack Graph Analysis through Approximate Inference

Attack graphs provide compact representations of the attack paths that an attacker can follow to compromise network resources by analysing network vulnerabilities and topology. These representations are a powerful tool for security risk assessment. Bayesian inference on attack graphs enables the estimation of the risk of compromise to the system's components given their vulnerabilities and interconnections, and accounts for multi-step attacks spreading through the system. Whilst static analysis considers the risk posture at rest, dynamic analysis also accounts for evidence of compromise, e.g. from SIEM software or forensic investigation. However, in this context, exact Bayesian inference techniques do not scale well. In this paper we show how Loopy Belief Propagation - an approximate inference technique - can be applied to attack graphs, and that it scales linearly in the number of nodes for both static and dynamic analysis, making such analyses viable for larger networks. We experiment with different topologies and network clustering on synthetic Bayesian attack graphs with thousands of nodes to show that the algorithm's accuracy is acceptable and converge to a stable solution. We compare sequential and parallel versions of Loopy Belief Propagation with exact inference techniques for both static and dynamic analysis, showing the advantages of approximate inference techniques to scale to larger attack graphs.Comment: 30 pages, 14 figure

Influence Robustness of Nodes in Multiplex Networks against Attacks

Recent advances have focused mainly on the resilience of the monoplex network in attacks targeting random nodes or links, as well as the robustness of the network against cascading attacks. However, very little research has been done to investigate the robustness of nodes in multiplex networks against targeted attacks. In this paper, we first propose a new measure, MultiCoreRank, to calculate the global influence of nodes in a multiplex network. The measure models the influence propagation on the core lattice of a multiplex network after the core decomposition. Then, to study how the structural features can affect the influence robustness of nodes, we compare the dynamics of node influence on three types of multiplex networks: assortative, neutral, and disassortative, where the assortativity is measured by the correlation coefficient of the degrees of nodes across different layers. We found that assortative networks have higher resilience against attack than neutral and disassortative networks. The structure of disassortative networks tends to break down quicker under attack