Special Issue Paper
Agent-based modeling of malware dynamics in heterogeneous environments
Version of Record online: 25 FEB 2011
Copyright © 2011 John Wiley & Sons, Ltd.
Security and Communication Networks
Volume 6, Issue 12, pages 1576–1589, December 2013
How to Cite
Bose, A. and Shin, K. G. (2013), Agent-based modeling of malware dynamics in heterogeneous environments. Security Comm. Networks, 6: 1576–1589. doi: 10.1002/sec.298
- Issue online: 28 NOV 2013
- Version of Record online: 25 FEB 2011
- malware models;
- mobile viruses;
- agent-based modeling;
- hybrid propagation;
- infection strategies
The increasing convergence of power-law networks such as social networking and peer-to-peer applications, web-delivered applications, and mobile platforms makes today's users highly vulnerable to entirely new generations of malware that exploit vulnerabilities in web applications and mobile platforms for new infections, while using the power-law connectivity for finding new victims. The traditional epidemic models based on assumptions of homogeneity, average-degree distributions, and perfect-mixing are inadequate to model this type of malware propagation. In this paper, we study four aspects crucial to modeling malware propagation: application-level interactions among users of such networks, local network structure, user mobility, and network coordination of malware such as botnets. Since closed-form solutions of malware propagation considering these aspects are difficult to obtain, we describe an open-source, flexible agent-based emulation framework that can be used by malware researchers for studying today's complex malware. The framework, called Agent-Based Malware Modeling (AMM), allows different applications, network structure, network coordination, and user mobility in either a geographic or a logical domain to study various infection and propagation scenarios. In addition to traditional worms and viruses, the framework also allows modeling network coordination of malware such as botnets. The majority of the parameters used in the framework can be derived from real-life network traces collected from a network, and therefore, represent realistic malware propagation and infection scenarios. As representative examples, we examine two well-known malware spreading mechanisms: (i) a malicious virus such as Cabir spreading among the subscribers of a cellular network using Bluetooth and (ii) a hybrid worm that exploit email and file-sharing to infect users of a social network. In both cases, we identify the parameters most important to the spread of the epidemic based upon our extensive simulation results. Copyright © 2011 John Wiley & Sons, Ltd.