Mathematical model on vulnerability characterization and its impact on network epidemics

被引：6

作者：

Haldar K. ^{[1
]}

Mishra B.K. ^{[1
]}

机构：

[1] Department of Mathematics, Birla Institute of Technology, Mesra, Ranchi

来源：

Mishra, Bimal Kumar (drbimalmishra@gmail.com) | 2017年 / Springer卷 / 08期

关键词：

Epidemic; Malware; Model; Network; Vulnerability;

D O I：

10.1007/s13198-016-0441-3

中图分类号：

学科分类号：

摘要：

Mathematical modeling and accurate representation of malware spread in a network is a difficult process because of our lack of understanding of several features that form the basis of such spread. Models have been used to analyze and predict the behavior of epidemic spread in networks over the years, to gain a better understanding of the process. The aim of this paper is to understand the process of emergence of vulnerabilities and its relationship with a network epidemic. Eighteen years of vulnerability emergence data has been used in this work. The data includes the total count of vulnerabilities emerging every month. The pattern reveals several important characteristics of the process including frequency peaks at seasonal locations. A steady state distribution of the process is defined. The transition of vulnerability into an exploit is characterized. Finally an interface between this vulnerability model and epidemic models is established through a description of the relationship between the epidemic force of infection and types of vulnerabilities. The paper concludes with several results that can be useful in our attempts to better approximate the spread of malware in networks. © 2016, The Society for Reliability Engineering, Quality and Operations Management (SREQOM), India and The Division of Operation and Maintenance, Lulea University of Technology, Sweden.

引用

页码：378 / 392

页数：14

共 28 条

[1] Bencsath B., Pek G., Buttyan L., Felegyhazi M., Duqu: a Stuxnet-like malware found in the wild, Technical report, (2011)
[2] Cohen F., Computer viruses. Ph.D. thesis, University of Southern California, (1985)
[3] Cooke R.M., Goossens L.H.J., Expert judgment elicitation for risk assessments of critical infrastructures, J Risk Res, 7, 6, pp. 643-656, (2004)
[4] Coulthard A., Vuori T.A., Computer viruses: a quantitative analysis, Logist Inf Manag, 15, 5-6, pp. 400-409, (2002)
[5] Cutter S.L., Barnes L., Berry M., Burton C., Evans E., Tate E., Webb J., A place-based model for understanding community resilience to natural disasters, Glob Environ Change, 18, 4, pp. 598-606, (2008)
[6] Eusgeld I., Kroger W., Sansavini G., Schlapfer M., Zio E., The role of network theory and object-oriented modeling within a framework for the vulnerability analysis of critical infrastructures, Reliab Eng Syst Saf, 94, 5, pp. 954-963, (2009)
[7] Ezell B.C., Infrastructure vulnerability assessment model (I-VAM), Risk Anal, 27, 3, pp. 571-583, (2007)
[8] Filiol E., Helenius M., Zanero S., Open problems in computer virology, J Comput Virol, 1, 3-4, pp. 55-66, (2006)
[9] Garnett O., Mandelbaum A., Reiman M., Designing a call center with impatient customers, Manuf Serv Oper Manag, 4, 3, (2002)
[10] Haldar K., Mishra B.K., A mathematical model for a distributed attack on targeted resources in a computer network, Commun Nonlinear Sci Numer Simulat, 19, pp. 3149-3160, (2014)

← 1 2 3 →