Modelling the Spread of Botnet Malware in IoT-Based Wireless Sensor Networks

The propagation approach of a botnet largely dictates its formation, establishing a foundation of bots for future exploitation. The chosen propagation method determines the attack surface, and consequently, the degree of network penetration, as well as the overall size and the eventual attack potency. It is therefore essential to understand propagation behaviours and influential factors in order to better secure vulnerable systems. Whilst botnet propagation is generally well-studied, newer technologies like IoT have unique characteristics which are yet to be thoroughly explored. In this paper, we apply the principles of epidemic modelling to IoT networks consisting of wireless sensor nodes. We build IoT-SIS, a novel propagation model which considers the impact of IoT-specific characteristics like limited processing power, energy restrictions, and node density on the formation of a botnet. Focusing on worm-based propagation, this model is used to explore the dynamics of spread using numerical simulations and the Monte Carlo method, and to discuss the real-life implications of our findings

SocioBot: Twitter for Command and Control of a Botnet

A botnet is a collection of computers controlled by a botmaster, often used for malicious activity. Social network provides an ideal medium for botnets to spread their reach. In this research, we develop and analyze a botnet that uses Twitter for its command and control channel. We use this botnet to perform a distributed denial of service attack on a web server, and we utilize the biological epidemic models to analyze the spread of the botnet using Twitter

Computer Virus Propagation in a Network Organization: The Interplay between Social and Technological Networks

This paper proposes a holistic view of a network organization's computing environment to examine computer virus propagation patterns. We empirically examine a large-scale organizational network consisting of both social network and technological network. By applying information retrieval techniques, we map nodes in the social network to nodes in the technological network to construct the composite network of the organization. We apply social network analysis to study the topologies of social and technological networks in this organization. We statistically test the impact of the interplay between social and technological network on computer virus propagation using a susceptible-infective-recovered epidemic process. We find that computer viruses propagate faster but reach lower level of infection through technological network than through social network, and viruses propagate the fastest and reach the highest level of infection through the composite network. Overlooking the interplay of social network and technological network underestimates the virus propagation speed and the scale of infection

Do Social Networks Solve Information Problems for Peer-to-Peer Lending?Evidence from Prosper.com

This paper studies peer-to-peer (p2p) lending on the Internet. Prosper.com, the first p2p lending website in the US, matches individual lenders and borrowers for unsecured consumer loans. Using transaction data from June 1, 2006 to July 31, 2008, we examine what information problems exist on Prosper and whether social networks help alleviate the information problems. As we expect, data identifies three information problems on Prosper.com. First, Prosper lenders face extra adverse selection because they observe categories of credit grades rather than the actual credit scores. This selection is partially offset when Prosper posts more detailed credit information on the website. Second, many Prosper lenders have made mistakes in loan selection but they learn vigorously over time. Third, as Stiglitz and Weiss (1981) predict, a higher interest rate can imply lower rate of return because higher interest attracts lower quality borrowers. Micro-finance theories argue that social networks may identify good risks either because friends and colleagues observe the intrinsic type of borrowers ex ante or because the monitoring within social networks provides a stronger incentive to pay off loans ex post. We find evidence both for and against this argument. For example, loans with friend endorsements and friend bids have fewer missed payments and yield significantly higher rates of return than other loans. On the other hand, the estimated returns of group loans are significantly lower than those of non-group loans. That being said, the return gap between group and non-group loans is closing over time. This convergence is partially due to lender learning and partially due to Prosper eliminating group leader rewards which motivated leaders to fund lower quality loans in order to earn the rewards

The right to privacy through the development of smart technologies : how our personal health data is affected

L’évolution de la technologie, nonobstant ses apports, peut enfreindre certains de nos droits fondamentaux puisqu’elle se développe plus rapidement que ces derniers. Ce mémoire vise à relever les défis que les technologies intelligentes peuvent poser tant sur la santé des communautés que sur les droits fondamentaux. La thèse porte sur les contraintes juridiques, présentes et à venir, notamment sur le droit à la vie privée à travers le développement et l’usage des technologies intelligentes qui captent notre information personnelle en lien avec la santé. Plus précisément, ce travail analyse si les bénéfices de l’accès à notre information à travers les technologies intelligentes en vue d’améliorer la santé et la sécurité des populations surpassent les conséquences juridiques. Ce travail explore, entre autres, le potentiel des technologies intelligentes, leurs avantages individuels et collectifs, notamment en matière de santé publique, et les violations des droits de l’Homme que leur usage peut générer. Mais encore, il présente des innovations technologiques qui permettent d’améliorer les systèmes de santé étatiques afin d’être en mesure de mieux réagir aux futures épidémies, notamment au niveau international, comme à l’OMS. Ces données, suivies des autres complications possibles du fait d’un usage accru des technologies intelligentes qui restreignent notre vie privée, permettront de conclure si une telle intrusion peut être justifiée dans une société libre et démocratique. Finalement, ce travail regarde les limites de l’acceptabilité sociale de l’intrusion dans la vie privée en échange à de meilleures conditions de santé afin que les organes étatiques et supraétatiques puissent prendre des décisions éclairées, sans que les droits constitutionnels soient violés. Ce travail permettra de comprendre les enjeux que notre système judiciaire inévitablement devra surmonter en proposant des stratégies visant la prévention des maladies et autres problèmes de santé à travers l’usage des technologies intelligentes. Une des solutions principales proposées est la création de bases de données nationale et internationale à l’OMS qui captent les données des appareils intelligents portables.The evolution of technology, notwithstanding its benefits, can negatively impact some of our fundamental rights as it develops faster than the latter. Indeed, this thesis aims to meet challenges generated by smart technologies and the impact they can have on the health of communities as well as on our fundamental rights. This thesis focuses on the legal constraints, present and to come, including the right to privacy, through the development and use of smart technologies that seize our personal health information. More specifically, this work seeks to analyze whether the benefits of accessing our information through smart technologies to improve the health and safety of populations outweigh the legal consequences. This work explores the potential of smart technologies, the interest in using them individually and collectively, especially in the public health sector, and the human rights violations their use can generate. Moreover, it looks at technological innovations that help improve State health systems to be able to better respond to future epidemics, particularly at the international level, such as at the WHO. These data, followed by other possible complications due to the increased use of intelligent technologies that restrict our privacy, will allow us to conclude whether such an intrusion in our right to privacy can be justified in a free and democratic society. Finally, this work examines the limits of the social acceptability of the invasion of privacy in exchange for better health conditions so that States and supra-State bodies can make informed decisions, without violating constitutional rights. This work will help us understand the issues that our judicial system will inevitably face while proposing strategies for the prevention of diseases and other health problems through the use of smart technologies. One of the main proposed solutions is the creation of a national and international database at the WHO generated by the data of smart health devices

SARS-CoV-2, a Threat to Privacy?

The global SARS-CoV-2 pandemic is currently putting a massive strain on the world's critical infrastructures. With healthcare systems and internet service providers already struggling to provide reliable service, some operators may, intentionally or unintentionally, lever out privacy-protecting measures to increase their system's efficiency in fighting the virus. Moreover, though it may seem all encouraging to see the effectiveness of authoritarian states in battling the crisis, we, the authors of this paper, would like to raise the community's awareness towards developing more effective means in battling the crisis without the need to limit fundamental human rights. To analyze the current situation, we are discussing and evaluating the steps corporations and governments are taking to condemn the virus by applying established privacy research

Statistical model checker for Epidemics Progression on Complex Network

In this thesis uses the susceptible-infected-recovered (SIR) model to show how the epi-demic spread over the complex network, which can be used for the early prediction for epidemic spread, so we can determine the proper cause of the action. The propagation of epidemics on a small-world network with and without immunization has been shown. Immunization helps to control the outbreaks of the epidemics. Our approach is to using the modeling the SIR model with Discrete event simulation which is one way to simulate the complex systems, which allows us to ask the interesting queries regarding how the epidemics spread over the time, at what time will be the peak time for spread and many more. In this work we uses the one of java lib. i.e. Graph Stream for our purpose to generate the small world network and we have also uses MultiVesta tool which is a Statical model checker tool. This work can be use in application of modeling the human disease as well as modeling the computer malware because it has similarity with spreading the human disease as the computer viruses

Regulating Cyber-security

The conventional wisdom is that this country’s privately owned critical infrastructure—banks, telecommunications networks, the power grid, and so on—is vulnerable to catastrophic cyber-attacks. The existing academic literature does not adequately grapple with this problem, however, because it conceives of cyber-security in unduly narrow terms: most scholars understand cyber-attacks as a problem of either the criminal law or the law of armed conflict. Cyber-security scholarship need not run in such established channels. This Article argues that, rather than thinking of private companies merely as potential victims of cyber-crimes or as possible targets in cyber-conflicts, we should think of them in administrative law terms. Many firms that operate critical infrastructure tend to underinvest in cyber-defense because of problems associated with negative externalities, positive externalities, free riding, and public goods— the same sorts of challenges the modern administrative state faces in fields like environmental law, antitrust law, products liability law, and public health law. These disciplines do not just yield a richer analytical framework for thinking about cyber-security; they also expand the range of possible responses. Understanding the problem in regulatory terms allows us to adapt various regulatory solutions—such as monitoring and surveillance to detect malicious code, hardening vulnerable targets, and building resilient and recoverable systems—for the cyber-security context. In short, an entirely new conceptual approach to cyber-security is needed

Criminal Liability for Violation of the Quarantine Regime in the Conditions of the COVID-19 Pandemic

Infectio us diseases is the subject of increased attention, which causes concern in society throughout the world. In this context, and in order to implement preventive measures, democratisation and protection of human rights are increasingly combined with measures of state coercion. The new challenge today is the COVID-19 pandemic, recognised by the World Health Organisation. Today is pandemic has forced a qualitative rethink of approaches to responding to the health challenges of both individuals and nations. States have gradually begun to use a variety of health measures, including policy and legal instruments, to control the spread and effects of COVID-19. Some states have resorted to criminal law to apply it to health care to prevent infection with COVID-19. A comparative analysis of the features of criminal liability for violating the quarantine regime in the European Union and Ukraine showed the variability of the structures of crimes, however, the unity of difficulties in qualifying socially dangerous acts and, as a result, the impossibility of effective prosecution. It was stated that there was an urgent need for States to recognise that the new coronavirus was a serious health emergency, but that the criminalisation related to COVID-19 was a worrying trend towards prolonging human rights restrictions. Experts are increasingly questioning, in particular, the feasibility and effectiveness of existing criminal law measures on health care and their fragmentary compliance with internationally declared human rights standards, which in the long run will be the basis for the abolition of new criminalised components of crimes