Security Countermeasures of a SCIRAS Model for Advanced Malware Propagation

Guillén, Jose Diamantino Hernández; Rey, Ángel Martín del; Casado‐Vara, Roberto

doi:10.1109/access.2019.2942809

Cited by 38 publications

(6 citation statements)

References 21 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Xia et al [35] proposed an IDEPSR model for analyzing malware propagation in city IoT, which reflects social features including the propagation and identification abilities of smart devices. Hernandez et al [36] introduced an SCIRAS model for simulating the propagation process of zero-day malware, considering states Susceptible, Carrier, Infectious, Recovered, Attacked, and Susceptible. Li et al [37] proposed a DDSEIR model to analyze CPS malware propagation based on states Disseminate, Discriminate, Spread, Exposed, Ignorant, and Recover.…”

Section: Related Workmentioning

confidence: 99%

SIR₁R₂: Characterizing Malware Propagation in WSNs With Second Immunization

2021

View full text Add to dashboard Cite

As an infrastructure of Internet of Things, WSNs (Wireless Sensor Networks) play a more and more important role. However, WSNs are vulnerable to malware and malware can destroy their data security and integrity, which motivates us to explore the role of malware propagation in WSNs. First, according to the actual propagation characteristics of malware in the WSNs and the process of the density change of all node types, we propose an epidemiology-based malware propagation model in consideration of a secondary immune mechanism. Then we set up differential equations to describe the propagation model. By solving differential equations, we can obtain two kinds of equilibrium points indicating that the density of all node types tends to be stable in the WSNs. One is to achieve an equilibrium where only susceptible nodes exist in the WSNs. The other is that malware always exists in the WSNs. Moreover, we prove the local and global stability of these two equilibrium points. Eventually, we analyze the influence and effect of the secondary immunity, forgetting mechanism and containment mechanism on malware propagation in the WSNs, and validate the proposed model through simulations.

show abstract

Section: Related Workmentioning

confidence: 99%

SIR₁R₂: Characterizing Malware Propagation in WSNs With Second Immunization

2021

View full text Add to dashboard Cite

show abstract

“…Besides, authors in Ref. [13] analyzed a novel theoretical model to simulate the expansion of malware in WSNs. Particularly, they studied a SCIRS model that considers population dynamics, carrier (C) compartment, vaccinations, and possible reinfections.…”

Section: State Of the Artmentioning

confidence: 99%

“…e recovery or malware removal rate could also variate over time depending on the availability of treatment to be applied to infected nodes. At the beginning of a new malware campaign, it is expected that the recovery rate may be low, depending on the grade of the [11] Generalized SIR × × × ✓ Ojha et al [12] SEIQRV × × × × Hernandez Guillen et al [13] SCIRS…”

Section: Recovery Rate C(t)mentioning

confidence: 99%

MalSEIRS: Forecasting Malware Spread Based on Compartmental Models in Epidemiology

et al. 2021

View full text Add to dashboard Cite

Over the last few decades, the Internet has brought about a myriad of benefits to almost every aspect of our daily lives. However, malware attacks have also widely proliferated, mainly aiming at legitimate network users, resulting in millions of dollars in damages if proper protection and response measures are not settled and enforced. In this context, the paper at hand proposes MalSEIRS, a novel dynamic model, to predict malware distribution in a network based on the SEIRS epidemiological model. As a result, the time-dependent rates of infection, recovery, and loss of immunity enable us to capture the complex dynamism of malware spreading behavior, which is influenced by a variety of external circumstances. In addition, we describe both offensive and defensive techniques, based on the proposed MalSEIRS model, through extensive experimentation, as well as disclosing real-life malware campaigns that can be better understood by using the suggested model.

show abstract

“…In this sense, several different compartments can be considered in a specific model: susceptible devices S, weak susceptible devices W, infectious devices I, carrier devices C, recovered devices R, vaccinated devices V, attacked devices A, damaged devices D, etc. In this way, considering the involved compartments and the dynamics between them, the epidemiological models are classified according to their dynamic: SCIRAS model [14], SCIRS model [15], SIRA model [16], SEIRS − V model [17], WSIS model [18], etc. The model introduced in this work is a SIDR model (susceptible-infectious-damaged-recovered).…”

Section: Introductionmentioning

confidence: 99%

“…Very few models have been proposed in the scientific literature to simulate the propagation of the advanced malware used in APTs. In [14], the authors propose a SCIRAS global and deterministic model based on ordinary differential equations. This is a theoretical proposal where the proposed model can simulate the general evolution of its five compartments (susceptible devices, carrier devices, infectious devices, attacked devices and recovered devices).…”

Section: Introductionmentioning

confidence: 99%

Propagation of the Malware Used in APTs Based on Dynamic Bayesian Networks

2021

Self Cite

View full text Add to dashboard Cite

Malware is becoming more and more sophisticated these days. Currently, the aim of some special specimens of malware is not to infect the largest number of devices as possible, but to reach a set of concrete devices (target devices). This type of malware is usually employed in association with advanced persistent threat (APT) campaigns. Although the great majority of scientific studies are devoted to the design of efficient algorithms to detect this kind of threat, the knowledge about its propagation is also interesting. In this article, a new stochastic computational model to simulate its propagation is proposed based on Bayesian networks. This model considers two characteristics of the devices: having efficient countermeasures, and the number of infectious devices in the neighborhood. Moreover, it takes into account four states: susceptible devices, damaged devices, infectious devices and recovered devices. In this way, the dynamic of the model is SIDR (susceptible–infectious–damaged–recovered). Contrary to what happens with global models, the proposed model takes into account both the individual characteristics of devices and the contact topology. Furthermore, the dynamics is governed by means of a (practically) unexplored technique in this field: Bayesian networks.

show abstract

Security Countermeasures of a SCIRAS Model for Advanced Malware Propagation

Cited by 38 publications

References 21 publications

SIR₁R₂: Characterizing Malware Propagation in WSNs With Second Immunization

SIR₁R₂: Characterizing Malware Propagation in WSNs With Second Immunization

MalSEIRS: Forecasting Malware Spread Based on Compartmental Models in Epidemiology

Propagation of the Malware Used in APTs Based on Dynamic Bayesian Networks

Contact Info

Product

Resources

About

Security Countermeasures of a SCIRAS Model for Advanced Malware Propagation

Cited by 38 publications

References 21 publications

SIR1R2: Characterizing Malware Propagation in WSNs With Second Immunization

SIR1R2: Characterizing Malware Propagation in WSNs With Second Immunization

MalSEIRS: Forecasting Malware Spread Based on Compartmental Models in Epidemiology

Propagation of the Malware Used in APTs Based on Dynamic Bayesian Networks

Contact Info

Product

Resources

About

SIR₁R₂: Characterizing Malware Propagation in WSNs With Second Immunization

SIR₁R₂: Characterizing Malware Propagation in WSNs With Second Immunization