The Opportunistic Transmission of Wireless Worms between Mobile Devices

The ubiquity of portable wireless-enabled computing and communications devices has stimulated the emergence of malicious codes (wireless worms) that are capable of spreading between spatially proximal devices. The potential exists for worms to be opportunistically transmitted between devices as they move around, so human mobility patterns will have an impact on epidemic spread. The scenario we address in this paper is proximity attacks from fleetingly in-contact wireless devices with short-range communication range, such as Bluetooth-enabled smart phones. An individual-based model of mobile devices is introduced and the effect of population characteristics and device behaviour on the outbreak dynamics is investigated. We show through extensive simulations that in the above scenario the resulting mass-action epidemic models remain applicable provided the contact rate is derived consistently from the underlying mobility model. The model gives useful analytical expressions against which more refined simulations of worm spread can be developed and tested.Comment: Submitted for publicatio

Worm Epidemics in Wireless Adhoc Networks

A dramatic increase in the number of computing devices with wireless communication capability has resulted in the emergence of a new class of computer worms which specifically target such devices. The most striking feature of these worms is that they do not require Internet connectivity for their propagation but can spread directly from device to device using a short-range radio communication technology, such as WiFi or Bluetooth. In this paper, we develop a new model for epidemic spreading of these worms and investigate their spreading in wireless ad hoc networks via extensive Monte Carlo simulations. Our studies show that the threshold behaviour and dynamics of worm epidemics in these networks are greatly affected by a combination of spatial and temporal correlations which characterize these networks, and are significantly different from the previously studied epidemics in the Internet

Malware "Ecology" Viewed as Ecological Succession: Historical Trends and Future Prospects

The development and evolution of malware including computer viruses, worms, and trojan horses, is shown to be closely analogous to the process of community succession long recognized in ecology. In particular, both changes in the overall environment by external disturbances, as well as, feedback effects from malware competition and antivirus coevolution have driven community succession and the development of different types of malware with varying modes of transmission and adaptability.Comment: 13 pages, 3 figure

Modelling the Spread of Botnet Malware in IoT-Based Wireless Sensor Networks

The propagation approach of a botnet largely dictates its formation, establishing a foundation of bots for future exploitation. The chosen propagation method determines the attack surface, and consequently, the degree of network penetration, as well as the overall size and the eventual attack potency. It is therefore essential to understand propagation behaviours and influential factors in order to better secure vulnerable systems. Whilst botnet propagation is generally well-studied, newer technologies like IoT have unique characteristics which are yet to be thoroughly explored. In this paper, we apply the principles of epidemic modelling to IoT networks consisting of wireless sensor nodes. We build IoT-SIS, a novel propagation model which considers the impact of IoT-specific characteristics like limited processing power, energy restrictions, and node density on the formation of a botnet. Focusing on worm-based propagation, this model is used to explore the dynamics of spread using numerical simulations and the Monte Carlo method, and to discuss the real-life implications of our findings

Epidemic Thresholds with External Agents

We study the effect of external infection sources on phase transitions in epidemic processes. In particular, we consider an epidemic spreading on a network via the SIS/SIR dynamics, which in addition is aided by external agents - sources unconstrained by the graph, but possessing a limited infection rate or virulence. Such a model captures many existing models of externally aided epidemics, and finds use in many settings - epidemiology, marketing and advertising, network robustness, etc. We provide a detailed characterization of the impact of external agents on epidemic thresholds. In particular, for the SIS model, we show that any external infection strategy with constant virulence either fails to significantly affect the lifetime of an epidemic, or at best, sustains the epidemic for a lifetime which is polynomial in the number of nodes. On the other hand, a random external-infection strategy, with rate increasing linearly in the number of infected nodes, succeeds under some conditions to sustain an exponential epidemic lifetime. We obtain similar sharp thresholds for the SIR model, and discuss the relevance of our results in a variety of settings.Comment: 12 pages, 2 figures (to appear in INFOCOM 2014

Epidemic Spreading with External Agents

We study epidemic spreading processes in large networks, when the spread is assisted by a small number of external agents: infection sources with bounded spreading power, but whose movement is unrestricted vis-\`a-vis the underlying network topology. For networks which are `spatially constrained', we show that the spread of infection can be significantly speeded up even by a few such external agents infecting randomly. Moreover, for general networks, we derive upper-bounds on the order of the spreading time achieved by certain simple (random/greedy) external-spreading policies. Conversely, for certain common classes of networks such as line graphs, grids and random geometric graphs, we also derive lower bounds on the order of the spreading time over all (potentially network-state aware and adversarial) external-spreading policies; these adversarial lower bounds match (up to logarithmic factors) the spreading time achieved by an external agent with a random spreading policy. This demonstrates that random, state-oblivious infection-spreading by an external agent is in fact order-wise optimal for spreading in such spatially constrained networks

Hybrid Epidemics - A Case Study on Computer Worm Conficker

Conficker is a computer worm that erupted on the Internet in 2008. It is unique in combining three different spreading strategies: local probing, neighbourhood probing, and global probing. We propose a mathematical model that combines three modes of spreading, local, neighbourhood and global to capture the worm's spreading behaviour. The parameters of the model are inferred directly from network data obtained during the first day of the Conifcker epidemic. The model is then used to explore the trade-off between spreading modes in determining the worm's effectiveness. Our results show that the Conficker epidemic is an example of a critically hybrid epidemic, in which the different modes of spreading in isolation do not lead to successful epidemics. Such hybrid spreading strategies may be used beneficially to provide the most effective strategies for promulgating information across a large population. When used maliciously, however, they can present a dangerous challenge to current internet security protocols