Abstract
Peer-to-peer botnets, as exemplified by the Storm Worm, and the spreading phase of Stuxnet, are a relatively new threat to security on the internet: infected computers automatically search for other computers to be infected, thus spreading the infection rapidly. In a recent paper, such botnets have been modeled using Stochastic Activity Networks, allowing the use of discrete-event simulation to judge strategies for combating their spread. In the present paper, we develop a mean-field model for analyzing botnet behavior and compare it with simulations obtained from the Moebius tool. We show that the mean-field approach provides accurate and orders-of-magnitude faster computation, thus providing very useful insight in spread characteristics and the effectiveness of countermeasures.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
Similar content being viewed by others
References
Bakhshi, R., Cloth, L., Fokkink, W., Haverkort, B.: Mean-Field Analysis for the Evaluation of Gossip Protocols. In: 6th Int. Conference on Quantitative Evaluation of Systems (QEST 2009), pp. 247–256. IEEE CS Press, Los Alamitos (2009)
Bakhshi, R., Endrullis, J., Endrullis, S., Fokkink, W., Haverkort, B.: Automating the mean-field method for large dynamic gossip networks. In: 7th Int. Conference on Quantitative Evaluation of Systems (QEST 2010). IEEE CS Press, Los Alamitos (2010)
Bradley, J., Gilmore, S., Hillston, J.: Analysing distributed internet worm attacks using continuous state-space approximation of process algebra models. Journal of Computer and System Sciences 74(6), 1013–1032 (2008)
Calder, M., Gilmore, S., Hillston, J.: Automatically deriving ODEs from process algebra models of signalling pathways. In: Proceedings of Computational Methods in Systems Biology (CMSB 2005), pp. 204–215 (2005)
Cerotti, D., Gribaudo, M., Bobbio, A.: Disaster propagation in heterogeneous media via markovian agents. In: Setola, R., Geretshuber, S. (eds.) CRITIS 2008. LNCS, vol. 5508, pp. 328–335. Springer, Heidelberg (2009)
Ciocchetta, F., Hillston, J.: Bio-PEPA for epidemiological models. Electronic Notes in Theoretical Computer Science 261, 43–69 (2010)
Deavours, D., Clark, G., Courtney, T., Daly, D., Derisavi, S., Doyle, J., Sanders, W., Webster, P.: The Mobius framework and its implementation. IEEE Transactions on Software Engineering 28(10), 956–969 (2002)
Feamster, N., Gao, L., Rexford, J.: How to lease the internet in your spare time. SIGCOMM Comput. Commun. Rev. 37, 61–64 (2007), http://doi.acm.org/10.1145/1198255.1198265
Garetto, M., Gong, W., Towsley, D.: Modeling malware spreading dynamics. In: Twenty-Second Annual Joint Conference of the IEEE Computer and Communications, INFOCOM 2003, IEEE Societies, March-3 April 2003, vol. 3, pp. 1869–1879 (2003)
Gribaudo, M.: Analysis of large populations of interacting objects with mean field and markovian agents. In: Bradley, J.T. (ed.) EPEW 2009. LNCS, vol. 5652, pp. 218–219. Springer, Heidelberg (2009)
Gribaudo, M., Cerotti, D., Bobbio, A.: Analysis of on-off policies in sensor networks using interacting markovian agents. In: Sixth Annual IEEE International Conference on Pervasive Computing and Communications, PerCom 2008, pp. 300–305. IEEE, Los Alamitos (2008)
Heidelberger, P.: Fast simulation of rare events in queueing and reliability models. ACM Transactions on Modeling and Computer Simulation 5, 43–85 (1995)
Henzinger, T.A., Mateescu, M., Mikeev, L., Wolf, V.: Hybrid Numerical Solution of the Chemical Master Equation. In: Proceedings of Computational Methods in Systems Biology, CMSB 2010 (2010); preprint arXiv:1005.0747
Le Boudec, J.-Y., McDonald, D., Mundinger, J.: A generic mean field convergence result for systems of interacting objects. In: 4th Int. Conference on Quantitative Evaluation of SysTems (QEST 2007), pp. 3–18. IEEE CS Press, Los Alamitos (2007)
Rohloff, K., Basar, T.: Stochastic behavior of random constant scanning worms. In: Proceedings. 14th International Conference on Computer Communications and Networks, ICCCN 2005, pp. 339–344 (October 2005)
van Ruitenbeek, E., Sanders, W.H.: Modeling peer-to-peer botnets. In: 5th Int. Conference on Quantitative Evaluation of SysTems (QEST 2008), pp. 307–316. IEEE CS Press, Los Alamitos (2008)
Sanders, W., Meyer, J.: Stochastic Activity Networks: Formal Definitions and Concepts? Lectures on Formal Methods and Performance Analysis, 315–343 (2001)
Wolfram Research, Inc.: Mathematica tutorial (2010), http://reference.wolfram.com/mathematica/tutorial/IntroductionToManipulate.html
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2011 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Kolesnichenko, A., Remke, A., de Boer, PT., Haverkort, B.R. (2011). Comparison of the Mean-Field Approach and Simulation in a Peer-to-Peer Botnet Case Study. In: Thomas, N. (eds) Computer Performance Engineering. EPEW 2011. Lecture Notes in Computer Science, vol 6977. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-24749-1_11
Download citation
DOI: https://doi.org/10.1007/978-3-642-24749-1_11
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-24748-4
Online ISBN: 978-3-642-24749-1
eBook Packages: Computer ScienceComputer Science (R0)