The author analyzes a technique to prevent multiple simultaneous virus epidemics on any vulnerable computer network with inhomogeneous topology. The technique immunizes a small fraction of the computers and utilizes diverse software platforms to halt the virus outbreaks. The halting technique is of practical interest since a network's detailed topology need not be known. 1. Introduction Malicious software, or malware, on the Internet can cause serious problems, not only for services like email and the web, but for electricity, transport, finance, and healthcare services due to their increasing Internet dependence. Infectious malware like viruses and worms are especially troublesome as they often spread too fast for human-assisted detection and early removal. Because classical signature-based approaches to malware defense do not provide adequate protection [1], there is currently a need for alternative defensive approaches. While authors [2–8] have long debated the benefits of using added software diversity to halt malware, few results [9] actually show when diversity increases a network’s robustness to malware epidemics. We demonstrate that reasonable software diversity prevents malware from controlling much of the information on a network but only when the network’s topology is homogeneous. If a diverse network is inhomogeneous, then malware on the hubs, that is, the nodes with the most connections, can still control much of the information. We show how node immunization and software diversity together can halt infectious malware on inhomogeneous networks. In this paper, the term “virus” denotes any form of infectious malware, and we consider the Internet as a collection of networks infected by many different viruses [10]. The viruses are allowed to reinfect machines because it is important to halt viruses that adapt over time. In the future, adaptive viruses could, with help from their creators, exploit new vulnerabilities and thus reinfect machines even after software patches have been installed. Viruses spread by exploiting vulnerabilities in the operating system and application layers of a network. We build a model simulating multiple simultaneous outbreaks on a single layer. The network of attacked machines is modeled by a graph with different node types representing the software diversity. Since the spreading patterns of viruses vary with the considered layer and the exploited vulnerabilities [11], we model different network topologies to show that the proposed technique can halt viruses with different inhomogeneous spreading patterns. Using the
References
[1]
M. Donner, “Phagocytes in cyberspace,” IEEE Security and Privacy, vol. 8, no. 5, pp. 3–4, 2010.
[2]
D. E. Geer, “Monopoly considered harmful,” IEEE Security and Privacy, vol. 1, no. 6, pp. 14–17, 2003.
[3]
G. Goth, “Addressing the monoculture,” IEEE Security and Privacy, vol. 1, no. 6, pp. 8–10, 2003.
[4]
D. Aucsmith, “Monocultures are hard to find in practice,” IEEE Security and Privacy, vol. 1, no. 6, pp. 15–16, 2003.
[5]
J. A. Whittaker, “No clear answers on monoculture issues,” IEEE Security and Privacy, vol. 1, no. 6, pp. 18–19, 2003.
[6]
M. Stamp, “Risks of monoculture,” Communications of the ACM, vol. 47, no. 3, p. 120, 2004.
[7]
F. B. Schneider and K. P. Birman, “The monoculture risk put into context,” IEEE Security and Privacy, vol. 7, no. 1, pp. 14–17, 2009.
[8]
M. Ranum and B. Schneier, “Is a software monoculture dangerous to computer security?” Information Security Magazine, vol. 12, no. 9, pp. 19–23, 2010.
[9]
A. J. O'Donnell and H. Sethu, “On achieving software diversity for improved network security using distributed coloring algorithms,” in Proceedings of the 11th ACM Conference on Computer and Communications Security (CCS '04), pp. 121–131, Washington, DC, USA, October 2004.
[10]
S. P. Gorman, R. G. Kulkarni, L. A. Schintler, and R. R. Stough, “A predator prey approach to diversity based defenses in heterogeneous networks,” in Proceedings of the Winter International Symposium on Information and Communication Technologies, Cancun, Mexico, January 2004.
[11]
J. Balthrop, S. Forrest, M. E. J. Newman, and M. M. Williamson, “Technological networks and the spread of computer viruses,” Science, vol. 304, no. 5670, pp. 527–529, 2004.
[12]
M. E. J. Newman, “The structure and function of complex networks,” SIAM Review, vol. 45, no. 2, pp. 167–256, 2003.
[13]
J. O. Kephart and S. R. White, “Directed-graph epidemiological models of computer viruses,” in Proceedings of the IEEE Computer Society Symposium on Research in Security and Privacy, pp. 343–358, Oakland, Calif, USA, May 1991.
[14]
Z. Dezs? and A. L. Barabási, “Halting viruses in scale-free networks,” Physical Review E, vol. 65, no. 5, Article ID 055103, 2002.
[15]
R. Cohen, S. Havlin, and D. Ben-Avraham, “Efficient immunization strategies for computer networks and populations,” Physical Review Letters, vol. 91, no. 24, Article ID 247901, 2003.
[16]
P. Holme, B. J. Kim, C. N. Yoon, and S. K. Han, “Attack vulnerability of complex networks,” Physical Review E - Statistical, Nonlinear, and Soft Matter Physics, vol. 65, no. 5, Article ID 056109, pp. 056109/1–056109/14, 2002.
[17]
Y. Chen, G. Paul, S. Havlin, F. Liljeros, and H. E. Stanley, “Finding a better immunization strategy,” Physical Review Letters, vol. 101, no. 5, Article ID 058701, 2008.
[18]
C. M. Schneider, T. Mihaljev, S. Havlin, and H. J. Herrmann, “Suppressing epidemics with a limited amount of immunization units,” Physical Review E, vol. 84, Article ID 061911, 2011.
[19]
M. Franz, “E unibus pluram: Massive-scale software diversity as a defense mechanism,” in Proceedings of the New Security Paradigms Workshop (NSPW '10), pp. 7–16, Concord, Mass, USA, September 2010.
[20]
K. Kravvaritis, D. Mitropoulos, and D. Spinellis, “Cyberdiversity: Measures and initial results,” in Proceedings of the 14th Panhellenic Conference on Informatics (PCI '10), pp. 135–140, Tripoli, Greece, September 2010.
[21]
A. L. Barabási, R. Albert, and H. Jeong, “Scale-free characteristics of random networks: the topology of the world-wide web,” Physica A, vol. 281, no. 1, pp. 69–77, 2000.
[22]
D. J. Watts and S. H. Strogatz, “Collective dynamics of ‘small world’ networks,” Nature, vol. 393, no. 6684, pp. 440–442, 1998.
[23]
S. E. Page, Diversity and Complexity, Princeton University Press, 2011.
[24]
R. Pastor-Satorras and A. Vespignani, “Immunization of complex networks,” Physical Review E, vol. 65, no. 3, Article ID 036104, pp. 036104/1–036104/8, 2002.
[25]
U. Wilensky, NetLogo, Center for Connected Learning and Computer-Based Modeling, Northwestern University, Evanston, Ill, USA, 1999.
[26]
S. N. Dorogovtsev, A. V. Goltsev, and J. F. F. Mendes, “Critical phenomena in complex networks,” Reviews of Modern Physics, vol. 80, no. 4, pp. 1275–1335, 2008.
[27]
R. Pastor-Satorras and A. Vespignani, “Epidemic dynamics and endemic states in complex networks,” Physical Review E, vol. 63, no. 6, Article ID 066117, 2001.
