Toward early warning against Internet worms based on critical-sized networks
Article first published online: 21 MAR 2012
Copyright © 2012 John Wiley & Sons, Ltd.
Security and Communication Networks
Volume 6, Issue 1, pages 78–88, January 2013
How to Cite
Magkos, E., Avlonitis, M., Kotzanikolaou, P. and Stefanidakis, M. (2013), Toward early warning against Internet worms based on critical-sized networks. Security Comm. Networks, 6: 78–88. doi: 10.1002/sec.534
- Issue published online: 26 DEC 2012
- Article first published online: 21 MAR 2012
- monitoring worm propagation;
- stochastic models;
- critical-size networks;
- early warning
In this paper, we build on a recent worm propagation stochastic model, in which random effects during worm spreading were modeled by means of a stochastic differential equation. On the basis of this model, we introduce the notion of the critical size of a network, which is the least size of a network that needs to be monitored, in order to correctly project the behavior of a worm in substantially larger networks. We provide a method for the theoretical estimation of the critical size of a network in respect to a worm with specific characteristics. Our motivation is the requirement in real systems to balance the needs for accuracy (i.e., monitoring a network of a sufficient size in order to reduce false alarms) and performance (i.e., monitoring a small-scale network to reduce complexity). In addition, we run simulation experiments in order to experimentally validate our arguments. Finally, based on notion of critical-sized networks, we propose a logical framework for a distributed early warning system against unknown and fast-spreading worms. In the proposed framework, propagation parameters of an early detected worm are estimated in real time by studying a critical-sized network. In this way, security is enhanced as estimations generated by a critical-sized network may help large-scale networks to respond faster to new worm threats. Copyright © 2012 John Wiley & Sons, Ltd.