“…The contact graph is a directed graph with a set of nodes and edges at time t . If there is a network flow between two nodes at that time, an edge is inserted between these nodes in the graph. - Altarelli et al have used a certain number of features of propagation characteristics, including the recovery probability for each node, the probability by which two nodes infect each other, the distribution of recovery time, and the transmission delay distribution.
- In another study, historical diffusion traces were available, and the following features were extracted: which nodes got infected and when did this happen.
- Zhu et al have defined the following features: the time elapsed before the subnet gets worm duplication, the number of infected hosts in each subnet at a moment, the bandwidth consumed by the worm inside subnet i to attack the outside ( bandwidth _ out ), the bandwidth consumed by the worm outside subnet i to attack the subnet ( bandwidth _ in ), and the bandwidth consumed by the worm inside subnet i to attack the subnet ( bandwidth _ inside ) are used as features.
- In the previous research, to predict the number of malware infections in a country the following features have been defined: the time when a file becomes infected with a malware, antivirus signature release time, and the patch release time.
- In another study, 323 features were collected from a monitored computer, which could be classified into the following 11 main categories to detect worm activity in computers: ICMP, IP, memory, network interface, physical disk, process, processor, system, Transport Control Protocol TCP, thread, UDP.
- In an investigation by Tabish, instructions or call sequences of an executable program have been mapped to a graph. Features were extracted from the constructed graph at the three following levels: vertex level, subgraph level, and graph level.
…”