Malicious software (malware) has become a serious concern for all types of communications networks and their users, from the laymen to the more experienced administrators. The proliferation of sophisticated portable devices, especially smartphones and tablets, and their increased capabilities, have propelled the intensity of malware dissemination and increased its consequences in social life and the global economy. This book is concerned with the theoretical aspects of such malware dissemination, generically denoted as malware diffusion, and presents modeling approaches that describe the behavior and dynamics of malware diffusion in various types of complex communications networks and especially wireless ones.
The main objective of this book is to classify and present in adequate detail and analysis, families of state-of-the-art mathematical methodologies that can be used for modeling generically malware diffusion, especially in wireless complex networks. However, with minor and straightforward adaptations, these techniques can be further extended and applied in other types of complex networks as well.
In addition, the book covers holistically the mathematical modeling of malware diffusion, starting from the early emergence of such attempts, up to the latest, advanced and cross-discipline based frameworks that combine diverse analytic tools. Starting from the basic epidemics models that are based on systems of ordinary differential equations, the content proceeds to more exotic analytic tools founded on queuing systems theory, Markov Random Fields, optimal control and game theoretic formulations, respectively. Numerical and simulation results are provided, in order to validate each framework and demonstrate its potentials, along with system behavior studies. The book also provides a summary of the required mathematical background, which can be useful for the novice reader. Furthermore, it provides guidelines and directions for extending the corresponding approaches in other application domains, demonstrating such possibility by using application models in information dissemination scenarios.
Consequently, this book aspires to stimulate inter-disciplinary research and analysis in the broader area of modeling information diffusion in complex networking environments. It mainly focuses on the diffusion of malicious information (software) over wireless complex networks, however, as will become evident, most of the results can be easily extended and adapted for other types of networks and application domains.
Intended Audience
The content of this book is presented in a fashion aiming mainly at first-year graduate audiences, postdoctoral researchers, professors and the more experienced/interested professional engineers that are involved in computer security research and development. Most of them are assumed already familiar with the practical topics included in the broader research area and the book provides for them a solid quantitative background on the available mathematical malware modeling approaches in a more systematic manner than the works available nowadays (essentially scattered journal/conference papers and surveys), i.e. with formal definitions, references to the mathematical methods and analysis of the advanced techniques. The text presents and analyzes the latest mathematical tools that can be of use in the research and development activities of the above audiences. However, despite its semi-advanced nature, students in their last undergraduate year can also benefit from such a specialized treatment and involved methodologies, by obtaining a solid background of the corresponding area.
The book focuses on the mathematical modeling of malware diffusion dynamics, and as such, some familiarity on basic mathematical techniques, such as probability theory, queuing theory, ordinary differential equations, optimal control and game theory is needed. The required quantitative level will be no higher than that of the first graduate year. Consequently, the book is ideal for graduate students at the beginning of their programs, both for coursework level (graduate textbook) and as a companion in their own research endeavors. Basic elements of the required mathematical tools are presented in the three appendices, providing quick background reference for those not familiar with the corresponding fields.
The main discipline for which this book was developed for is computer science and system engineering. It has been specifically written for those involved in computer and system security. Academics from these fields can use the book in their research and graduate classrooms. The material provided offers a complete set of existing state-of-the art methodologies accompanied by an extensive bibliography and application examples. It provides a coherent perspective of the area of malware diffusion and security, and guidelines for developing and broadening one’s knowledge and research skills in the corresponding areas.
Regarding the application content of the book, the main audience is expected to be scientists and engineers active in the field of communications/computer networks, namely the broader community of computer scientists and electrical engineers, and more specifically, computer and systems security are expected to form the main audience. However, at the same time, a number of researchers and professionals working in other disciplines that study problems sharing several characteristics with the problems emerging in malware diffusion can be also accommodated by the contents of the book, at least partially. Network Science is the most prominent such area that has already brought together disciplines as diverse as sociology, biology, finance, computer science and electrical engineering, in order to jointly study problems and share methods and results. Malware diffusion may be considered in a more generic fashion as information diffusion and professionals from all the aforementioned disciplines studying information dissemination problems are expected to have potential interest. The generic form of the presentation and especially the applications of the presented techniques into practical and diverse problems, such as information dissemination dynamics is suitable for diverse professionals as social scientists, epidemiologists and marketing professionals, as well.
Consequently, the level of the book accommodates practically all levels of expertise, with more emphasis on the intermediate to advanced. The applications are relevant mainly to engineers and scientists in the field of communications and computer science, but also relevant to inter-disciplinary scientists and professionals from the information-related disciplines and Network Science. The book has attempted to balance both depth (technical level) and breadth (application domains) of the included methodologies, originally presented for malware diffusion.
Scope and Outline of the Book
Scope
The topics addressed regarding malware diffusion, are treated in this book from an inter-disciplinary Network Science perspective, and are currently rapidly evolving at rates that other research areas have been enjoying for many years now. Within such framework, some fields of Network Science have already been well-shaped and advanced to a desired degree, e.g. social network analysis (SNA) [125,164], while others still consist of fragmented contributions and scattered results.
Malware diffusion in computer networks in general, and wireless ones in particular, qualifies as one of the latter fields. Until recently, most of the proposed approaches for modeling the dynamics of malicious software dissemination followed more or less the same practices and they were essentially based on some restrictive assumptions. Most of them required the diffusion process to take place first, in order to later develop/fit accurate models based on the observed data afterwards, lacking predictive power for generic anticipated attacks. Thus, it was not possible to holistically capture the behavior of dynamics and predict the outcomes of attacks before they actually take place.
However, in the last decade, several advanced modeling methodologies were presented, which are capable of describing more accurately malicious software diffusion over diverse types of networks, and more intelligent attack strategies as well. Generic models have been presented, and when necessary they can be adapted to describe accurately the observed behaviors in other types of networks. Such approaches utilize different mathematical tools for their purposes and capture properly the most important aspects of malicious software diffusion dynamics.
Still, the literature is missing a systematic classification, presentation and analysis of all these advanced methodologies and obtained results, in a manner compatible to the broader scope of the discipline of Network Science and with reference to key legacy approaches as well. This book aspires to fill this gap, by methodically presenting the topic of malware diffusion in complex communications networks. More specifically, the book will focus on malware diffusion modeling techniques especially designed for wireless complex networks. However the presented methodologies are applicable for other types of complex communications and social networks and the wireless network paradigm will be employed mainly for demonstration purposes. The mathematical methodologies that will be presented, due to their generic analytical nature can be easily adapted and used in other types of complex networks, even non-technological ones. Thus, the book will not only present and analyze malicious software modeling methods for wireless complex networks, but also demonstrate how these methods can be extended and applied in other settings as well, e.g. generic information dissemination over complex networks of any type such as human, financial, etc.
In short, this book aspires to become a cornerstone for a systematic organization and mathematical modeling of malicious software and information diffusion modeling within the broader framework of Network Science and complex networks. Furthermore, it aspires to provide long-term reference to the required background for studying in-depth and extending the corresponding field of research.
Outline
This book is organized in three main parts and a set of auxiliary appendices with respect to the core mathematical areas required in order to understand the main contents of the book. The introductory Part 1 consists of Chapters 1–3, and constitutes a thorough introduction to the general malware diffusion modeling framework we consider in this book. Part 2, which includes Chapters 4–8, presents state-of-the-art malware diffusion modeling mathematical methodologies and corresponds to the main and unique contribution of this book in the literature. It presents, while also explaining in detail, malware diffusion modeling mathematical methodologies utilizing alternative, yet powerful analytical tools. Part 3 summarizes the key points of the presented methodologies and presents directions for potential future research. It also sets the presented theoretical knowledge into a broader application perspective, which can be exploited in other disciplines as well. Finally, the appendices contain brief, but complete reviews of the basic mathematical tools employed in this book, namely elements of ordinary differential equations, elements of queuing theory and elements of optimal control theory, which can be very helpful for the non-familiar reader, in order to quickly obtain a solid understanding of the mathematical tools required to understand the presented models and approaches.
In more detail, Chapter 1 serves as a concise introduction to the topics addressed in the book, introducing complex communication networks, malware diffusion, as well as some historical elements of the evolution of networks and malware.
Chapter 2 defines the malware diffusion problem, along with the node infection models that emerge in the literature. It also collects and presents characteristic examples of computer network attacks which are of interest in the study of malware diffusion in the framework of the book.
Chapter 3 provides a concise presentation and quick reference analysis of the malware modeling methods, with respect to the emerging incidents in the early days of modeling malicious software propagation dynamics and by focusing on the wireless scenarios. The content of this chapter will serve as background for some of the state-of-the-art approaches presented later in Part 2.
The following chapters in Part 2 present advanced malware modeling techniques, each dedicated to a family of approaches distinguished by the rest according to the employed mathematical tools. Thus, the first chapter of Part 2, namely Chapter 4, presents approaches modeling malware diffusion by means of queuing theory, and especially queuing networks. The basic idea is that the time spent by each node in a state of an infection model1 can be mapped to the waiting time of a customer in a pure queuing system. Due to the superposition of node behaviors in a network, the corresponding queuing system will be a network of queues for modeling the behavior of malware over the network.
Chapter 5 in its turn presents and analyzes malware modeling approaches that exploit the notion of Markov Random Fields (MRFs). MRFs are sets of random variables that can cumulatively describe the overall state of a system, where in this case, the system is an attacked network. By exploiting several properties of MRFs, it is possible to obtain solutions in a simple manner, without sacrificing important detail, for diverse types of complex networks.
Chapter 6 covers malware modeling approaches that are based on stochastic epidemics and optimal control. Such approaches allow analyzing the robustness potentials of networks and attacks and obtain optimal or semi-optimal policies for dealing with attacks and their outcomes.
Chapter 7 builds on the previous and presents, analyzes and demonstrates malware modeling approaches that exploit principles from game theory to model epidemics. It casts the problems in an interactive framework and combines them with optimal control strategies.
Finally, Chapter 8 provides a qualitative comparison of all the previously (Chapters 4–7) presented approaches with the ulterior goal to reveal the distinct features of each approach in a comparative fashion, allowing selecting the most appropriate one for different applications.
In Part 3, Chapter 9 presents other application areas where the presented models may be applied successfully, thus, exhibiting their potential for creating more holistic information diffusion frameworks. Chapter 10 summarizes the lessons learned, explains the ground covered until now and provides potential directions for future work in the specific topic of malware diffusion modeling and the broader vision of information diffusion. Finally, Chapter 11 concludes this book, highlighting the most important aspects of malware diffusion, in particular, and information dissemination in general.
Appendix A provides background on differential equations, Appendix B on queuing systems theory, and Appendix C on optimal control theory and Hamiltonians, for the interested readers.