Anna Kolesnichenko scite author profile

Remke

Boer

et al. 2011

Peer-to-peer botnets, as exemplified by the Storm Worm and Stuxnet, are a relatively new threat to security on the internet: infected computers automatically search for other computers to be infected, thus spreading the infection rapidly. In a recent paper, such botnets have been modeled using Stochastic Activity Networks, allowing the use of discreteevent simulation to judge strategies for combating their spread. In the present paper, we develop a mean-field model for analyzing botnet behavior and compare it with simulations obtained from the Moebius tool. We show that the mean-field approach provides accurate and ordersof-magnitude faster computation, thus providing very useful insight in spread characteristics and the effectiveness of countermeasures.

A logic for model-checking mean-field models

Boer

Remke

et al. 2013

Applying Mean-Field Approximation to Continuous Time Markov Chains

Senni

Pourranjabar

et al. 2014

Abstract. The mean-field analysis technique is used to perform analysis of a systems with a large number of components to determine the emergent deterministic behaviour and how this behaviour modifies when its parameters are perturbed. The computer science performance modelling and analysis community has found the mean-field method useful for modelling large-scale computer and communication networks. Applying mean-field analysis from the computer science perspective requires the following major steps: (1) describing how the agents populations evolve by means of a system of differential equations, (2) finding the emergent deterministic behaviour of the system by solving such differential equations, and (3) analysing properties of this behaviour either by relying on simulation or by using logics. Depending on the system under analysis, performing these steps may become challenging. Often, modifications of the general idea are needed. In this tutorial we consider illustrating examples to discuss how the mean-field method is used in different application areas. Starting from the application of the classical technique, moving to cases where additional steps have to be used, such as systems with local communication. Finally we illustrate the application of the simulation and fluid model checking analysis techniques.

Fitting a code-red virus spread model: An account of putting theory into practice

Haverkort

Remke

et al. 2016

This paper is about fitting a model for the spreading of a computer virus to measured data, contributing not only the fitted model, but equally important, an account of the process of getting there. Over the last years, there has been an increased interest in epidemic models to study the speed of virus spread. But parameterising such models is hard, because due to the unexpected nature of real outbreaks, there is not much solid measurement data available, and the data may often have imperfections. We propose a mean-field model for computer virus spread, and use parameter fitting techniques to set the model's parameter values based on measured data. We discuss a number of steps that had to be taken to make the fitting work, including preprocessing and interpreting the measurement data, and restructuring the model based on the available data. We show that the resulting parameterised model closely mimics real system behaviour, with a relative squared error of 0.7%.

Model-checking mean-field models : algorithms & applications

Kolesnichenko¹

Large systems of interacting objects are highly prevalent in today's world. Such system usually consist of a large number of relatively simple identical objects, and can be observed in many different field as, e.g., physics (interactions of molecules in gas), chemistry (chemical reactions), epidemiology (spread of the infection), etc. In this thesis we primarily address large systems of interacting objects in computer science, namely, computer networks. Analysis of such large systems is made difficult by the state space explosion problem, i.e., the number of states of the model grows exponentially with the number of interacting objects. In this thesis we tackle the state-space explosion problem by applying meanfield approximation, which was originally developed for models in physics, like the interaction of molecules in a gas. The mean-field method works by not considering the state of each individual object separately, but only their average, i.e., what fraction of the objects are in each possible state at any time. It allows to compute the exact limiting behaviour of an infinite population of identical objects, and this limiting behaviour is a good approximation, even when the number of objects is not infinite but sufficiently large. In this thesis we provide the theoretical background necessary for applying the mean-field method and illustrate the approach by a peer-to-peer Botnet case study. This thesis aims at formulating and analysing advanced properties of large systems of interacting objects using fast, efficient, and accurate algorithms. We propose to apply model-checking techniques to mean-field models. This allows (i) defining advanced properties of mean-field models, such as survivability, steady-state availability, conditional instantaneous availability using logic; and (ii) automatically checking these properties using model-checking algorithms. Existing model-checking logics and algorithms can not directly be applied to mean-field models since the model consist of two layers: the local level, describing the behaviour of a randomly chosen individual object in a large system, and the global level, which addresses the overall system of all viii interacting objects. Therefore, we motivate and define two logics, called Mean Field Continuous Stochastic Logic (MF-CSL), and Mean-Field Logic (MFL), for describing properties of systems composed of many identical interacting objects, on both the local and the global level. We present model-checking algorithms for checking both MF-CSL and MFL properties, and illustrated these algorithms using an extensive example on virus propagation in a computer network. We discuss the differences in the expressiveness of these two logics as well as their possible combination. Additionally, we combine the mean-field method with parameter fitting techniques in order to model real-world large systems, and obtain a better understanding of the behaviour of such systems. We explain how to build a mean-field model of the system, and how to estimate the corresponding parameter valu...