Abstract | ||
---|---|---|
This work provides an information-theoretic view to better understand the relationships between aggregated vulnerability information viewed by attackers and a class of randomized epidemic scanning algorithms. In particular, this work investigates three aspects: 1) a network vulnerability as the nonuniform vulnerable-host distribution, 2) threats, i.e., intelligent malwares that exploit such a vulnerability, and 3) defense, i.e., challenges for fighting the threats. We first study five large data sets and observe consistent clustered vulnerable-host distributions. We then present a new metric, referred to as the nonuniformity factor, that quantifies the unevenness of a vulnerable-host distribution. This metric is essentially the Renyi information entropy that unifies the nonuniformity of a vulnerable-host distribution with different malware-scanning methods. Next, we draw a relationship between Renyi entropies and randomized epidemic scanning algorithms. We find that the infection rates of malware-scanning methods are characterized by the Renyi entropies that relate to the information bits in a nonunform vulnerable-host distribution extracted by a randomized scanning algorithm. Meanwhile, we show that a representative network-aware malware can increase the spreading speed by exactly or nearly a nonuniformity factor when compared to a random-scanning malware at an early stage of malware propagation. This quantifies that how much more rapidly the Internet can be infected at the early stage when a malware exploits an uneven vulnerable-host distribution as a network-wide vulnerability. Furthermore, we analyze the effectiveness of defense strategies on the spread of network-aware malwares. Our results demonstrate that counteracting network-aware malwares is a significant challenge for the strategies that include host-based defenses and IPv6. |
Year | DOI | Venue |
---|---|---|
2009 | 10.1109/TIFS.2009.2025847 | Information Forensics and Security, IEEE Transactions |
Keywords | DocType | Volume |
ip networks,renyi entropy,invasive software,network security,network-aware malwares,ipv6,vulnerable-host distribution,renyi information entropy,attack models,network-aware malware attack,uneven vulnerable-host distribution,information-theoretic view,aggregated vulnerability information,malware-scanning methods,vulnerability information,network vulnerability,nonuniformity factor,randomized epidemic scanning algorithms,early stage,nonuniform vulnerable-host distribution,computer networks,random-scanning malware,internet,intelligent malwares,randomized epidemic,nonunform vulnerable-host distribution,entropy,network-aware malware attacks,malware propagation,performance metrics,information entropy,clustering algorithms,computer worms,intelligent networks,data mining,measurement,computer viruses | Journal | 4 |
Issue | ISSN | Citations |
3 | 1556-6013 | 15 |
PageRank | References | Authors |
0.73 | 27 | 2 |
Name | Order | Citations | PageRank |
---|---|---|---|
Zesheng Chen | 1 | 292 | 23.18 |
Chuanyi Ji | 2 | 812 | 124.04 |