XiaoMing Wang,ZaoBo He,XueQing Zhao,Chuang Lin,Yi Pan,ZhiPeng Cai

DOI: https://doi.org/10.1007/s11432-013-4977-4

2013-01-01

Science China Information Sciences

Abstract:Mobile Wireless Sensor Networks (MWSNs) are employed in many fields, such as intelligent transportation, community health monitoring, and animal behavior monitoring. However, MWSNs may be vulnerable to malicious interference because of the large-scale characteristics. One of the threats is to inject malware into some nodes, especially mobile nodes. When a contaminated node communicates with its neighbors, multiple copies of the malware are transmitted to its neighbors, which may destroy nodes, block regular communications, or even damage the integrity of regular data packets. This work develops a modeling framework which mathematically characterizes the process of malware propagation in MWSNs based on the theory of reaction-diffusion equation. Our proposed model can efficiently predict the temporal dynamic behavior and spatial distribution of malware propagation over time, so that targeted immunization measures can be taken on infected nodes, whereas most of the existing models for malware propagation can only predict the temporal dynamic behavior rather than the spatial distribution of malware propagation over time. We conduct extensive simulations on large-scale MWSNs to evaluate the proposed model. The simulation results indicate that the proposed model and method are efficient, and that the mobile speed, communication range, and packet transmission rate of nodes are the main factors affecting malware propagation in MWSNs.

Xuejin Zhu,Jie Huang,Chunyang Qi

DOI: https://doi.org/10.1109/jsyst.2023.3269158

IF: 4.802

2023-01-01

IEEE Systems Journal

Abstract:With the rapid development and application of Internet of Things (IoT) technology, a large number of various types of IoT devices with security vulnerabilities have been connected to the public network. Attackers only need to use malware to successfully infect a few types of IoT devices to generate large-scale propagation in the network and capture a large number of broilers, which in turn lays the foundation for subsequent attacks. In this study, an innovative malware propagation model [i.e., IoT-susceptible-latent-propagated-recovered (IoT-SLPR)] based on epidemiological theory is developed for malware propagation in multiple IoT heterogeneous devices. The proposed model incorporates the propagation mechanism of malware in real IoT networks, and considers heterogeneous devices with different infection rates and recovery rates. This study calculates and proves the basic reproductive rate of malware and the stability of equilibrium points for different types of devices. In addition, this study designs a dynamic recovery rate optimal defense strategy, which comprehensively considers the cost and the overall infection rate of the device. The experimental results show that the proposed propagation model can effectively reflect the propagation dynamics of malware in multiple heterogeneous devices, and the achieved dynamic recovery rate defense strategy performs better than the static strategy regarding the overall results.

Zaobo He,Xiaoming Wang

DOI: https://doi.org/10.1007/978-3-642-33050-6_6

2012-01-01

Abstract:Mobile wireless sensor networks (MWSNs) have important applications in many fields. However, MWSNs are becoming attacked targets due to its large-scale applications. The focus of this work is to develop a modeling framework and mathematical model for characterizing the process of malware propagation in MWSNs from two aspects of time and space. It is important to understand malware’s potential damages, and to develop counter-measures. Firstly, we develop a formal model for describing the process of malware propagation in MWSNs based on the reaction-diffusion equations. Then, we derive the threshold for predicting whether a malware propagates or not in MWSNs as time passes. Finally, we propose the spatial pattern based method to analyze and predict the spatial distribution of nodes infected by malwares as time passes. Both theoretical analysis and extensive simulation results show that the movement speed of nodes and the communication radius of nodes have a significant effect on the malware propagation in MWSNs.

Hong Zhang,Shigen Shen,Qiying Cao,Xiaojun Wu,Shaofeng Liu

DOI: https://doi.org/10.1177/1550147720972944

IF: 1.938

2020-11-01

International Journal of Distributed Sensor Networks

Abstract:Wireless sensor networks, as a multi-hop self-organized network system formed by wireless communication, are vulnerable to malware diffusion by breaking the data confidentiality and service availability, owing to their low configuration and weak defense mechanism. To reveal the rules of malware diffusion in the really deployed wireless sensor networks, we propose a model called Malware Diffusion Based on Cellular Automaton to describe the dynamics of malware diffusion based on cellular automaton. According to the model, we first analyze and obtain the differential equations, which can reflect the various state dynamics of sensor nodes with cellular automaton. Then, we attain the equilibrium points of the model Malware Diffusion Based on Cellular Automaton to determine the threshold for whether malware will diffuse or die out in wireless sensor networks. Furthermore, we compute the basic regeneration number of the model Malware Diffusion Based on Cellular Automaton using the next-generation matrix and prove the stability of the equilibrium points. Finally, via experimental simulation, we verify the effectiveness of the model Malware Diffusion Based on Cellular Automaton, which can provide administrators with the theoretical guidance on suppressing malware diffusion in wireless sensor networks.

computer science, information systems,telecommunications

Xiaochen Wang,Xuefei Zhang,Shengfeng Wang,Jinghua Xiao,Xiaofeng Tao

DOI: https://doi.org/10.1109/tifs.2023.3284214

IF: 7.231

2023-01-01

IEEE Transactions on Information Forensics and Security

Abstract:In heterogeneous Internet of Things (IoT) networks, various communication technologies lead to different transmission ranges of nodes, and they can cooperatively provide seamless communication. Unfortunately, the flexible communication mode offers more chances for malware to invade the IoT devices. To maintain its cyber security, two key issues, i.e. the critical threshold of the onset of malware propagation and the lowest-cost defense strategy after it occurs, need to be addressed. To solve the first challenge, we construct a dynamics model by using the degree-based mean-field theory and point process theory, to study the malware propagation-defense process among heterogeneous IoT devices. We analytically derive the closed-form expression of the critical malware transmission rate which can be used to predict whether the malware can propagate or not. For the latter problem, we investigate the equivalent conditions of degree-related patching strategies in defense effectiveness, which can be used to determine the lowest-cost one more directly. In addition, We compare different transmission ways of malware, and find that the malware infection is hard to avoid under the way of centralized transmission, but the decentralized transmission has a greater risk of large-scale infection. We also explore how the immunization measures and the different communication frequencies affect malware propagation. The results show that it is significant to identify important devices for immunization and infected cluster may form in some cases. Our results offer a theoretical foundation to predict and defense malware propagation in heterogeneous IoT networks.

Shuai Fu,Chang-guang Wang,Li-jing Bai,Qing-yang Hu,Jian-feng Ma

DOI: https://doi.org/10.1109/wicom.2009.5302223

2009-01-01

Abstract:The growing popularity of short-range wireless networks makes them increasingly attractive to malware writers, and malware targeting portable wireless-enabled devices such as Bluetooth-enabled smart phones has already begun to appear. In this paper, using the theories of epidemics, we present a propagation model of malware in short-range wireless networks and investigate the propagating behaviors of the malware in such networks by means of simulations. This model can better reflect the specific characteristics of devices mobility, patterns of nodes aggregation and the wireless nature of malware transmission. The simulation results show that the agreement between malware spread in mobile devices and this model is good.

Zaobo He,Yaguang Lin,Yi Liang,Xiaoming Wang,Akshita Maradapu Vera Venkata Sai,Zhipeng Cai

DOI: https://doi.org/10.1007/978-3-030-16194-1_10

2019-01-01

Abstract:Modeling malware propagation dynamics and developing prevention methods are very imperative with flourishing and advancement of WSN technologies in a variety of fields, such as smart cities. In the last decade, a lot of effort has been put into designing effective models to characterize the propagation dynamics of malware and developing effective prevention methods, with different focuses such as spatial-temporal model, pulse immunization, trade-off model between prevention cost and network utility, etc. This chapter reviews the state-of-the-art malware modeling and prevention method to present a comprehensive guide on how to choose a more appropriate approach for different applications. First, the application background and definitions of WSNs and malware are introduced, followed by the challenges of modeling malware propagation dynamics and developing prevention methods. Second, the recent advances in modeling and prevention methods are summarized. Third, four recently published papers that focus on spatial-temporal modeling, pulse immunization, and cost-efficiency trade-off are introduced. Finally, this chapter is ended by pointing out some possible future research directions.

Bo-Rui Chen,Shin-Ming Cheng,Maina Bernard Mwangi

DOI: https://doi.org/10.1109/access.2022.3213032

IF: 3.9

2022-10-19

IEEE Access

Abstract:With the rapid advancement of technology, IoT has become inseparable from human lives. IoT is extensively used in transport, healthcare, and manufacturing, among other sectors. However, this technology lacks sufficient security defense capabilities, thus becoming a highway for malicious actors. IoT networks use infrastructure-based (INF) and device-to-device (D2D) communications to propagate data. The INF communication utilizes technologies such as WLAN, LTE, GPRS, and GSM to relay information from source to destination. The D2D paradigm, on the other hand, is a close-proximity communication in which sensors exchange data in a multi-hop manner. Since malware can utilize both D2D and INF links to spread out, IoT networks are exceptionally vulnerable to attacks. Therefore, we propose Susceptible-Exposed-Infected-Recovered-Dead (SEIRD) model to examine the dynamics of IoT malware spread via INF and D2D communications. We analyze the impacts of mobility on infection propagation and illustrate that our model adequately captures IoT malware spread behaviors through mathematical analysis and simulations. We also compute the malware transmission threshold, which can be used as a guideline to mitigate and suppress an attack.

computer science, information systems,telecommunications,engineering, electrical & electronic

Shuhao Li,Xiaochun Yun,Zhiyu Hao,Yongzheng Zhang,Xiang Cui,Yipeng Wang

DOI: https://doi.org/10.1007/978-3-642-30436-1_22

2012-01-01

Abstract:In recent years, widely spreading botnets in social networks are becoming a major security threat to both social networking services and the privacy of their users. In order to have a better understanding of the dynamics of these botnets, defenders should model the process of their propagation. However, previous studies on botnet propagation model have tended to focus solely on characterizing the vulnerability propagation on one infection domain, and left two key properties (cross-domain mobility and user dynamics) untouched. In this paper, we formalize a new propagation model to reveal the general infection process of social engineering botnets in multiple social networks. This proposed model is based on stochastic process, and investigates two important factors involved in botnet propagation: (i) bot spreading across multiple domains, and (ii) user behaviors in social networks. Furthermore, with statistical data obtained from four real-world social networks, a botnet simulation platform is built based on OMNeT++ to test the validity of our model. The experimental results indicate that our model can accurately predict the infection process of these new advanced botnets with less than 5% deviation.

Xuejin Zhu,Jie Huang

DOI: https://doi.org/10.7717/peerj-cs.728

2021-01-01

PeerJ Computer Science

Abstract:Due to limited resources, wireless sensor network (WSN) nodes generally possess weak defense capabilities and are often the target of malware attacks. Attackers can capture or infect specific sensor nodes and propagate malware to other sensor nodes in WSNs through node communication. This can eventually infect an entire network system and even cause paralysis. Based on epidemiological theory, the present study proposes a malware propagation model suitable for cluster-based WSNs to analyze the propagation dynamic of malware. The model focuses on the data-transmission characteristics between different nodes in a cluster-based network and considers the actual application parameters of WSNs, such as node communication radius, node distributed density, and node death rate. In addition, an attack and defense game between malware and defending systems is also established, and the infection and recovery rates of malware propagation under the mixed strategy Nash equilibrium condition are given. In particular, the basic reproductive number, equilibrium point, and stability of the model are derived. These studies revealed that a basic reproductive number of less than 1 leads to eventual disappearance of malware, which provides significant insight into the design of defense strategies against malware threats. Numerical experiments were conducted to validate the theory proposed, and the influence of WSN parameters on malware propagation was examined.

Chang-guang WANG,Jian-feng MA

2007-01-01

Tien Tzu Hsueh Pao/Acta Electronica Sinica

Abstract:A malware propagation model in wireless ad hoc networks is presented and the propagating behaviors of the malware in these networks are investigated by means of simulations. The study results show that the threshold of the malware in wireless ad hoc networks is greatly higher than the value found in the Internet while the propagation speed is remarkably slower than that in the Internet. It is also found that the active MAC protocol can affect the propagating properties of the malware.

Ying Zhou,Yan Wang,Kai Zhou,Shou-Feng Shen,Wen-Xiu Ma

DOI: https://doi.org/10.3389/fphy.2023.1198410

IF: 3.718

2023-05-06

Frontiers in Physics

Abstract:To explore malware propagation mechanisms in networks and to develop optimal strategies for controlling the spread of malware, we propose a susceptible-unexposed-infected-isolation-removed epidemic model. First, we establish a non-linear dynamic equation of malware propagation. Then, the basic reproductive number is derived by using the next-generation method. Finally, we carry out numerical simulations to observe the malware spreading in WSNs to verify the obtained theoretical results. Furthermore, we investigate the communication range of the nodes to make the results more complete. The optimal range of the nodes is designed to control malware propagation.

physics, multidisciplinary

Bo Liu,Wanlei Zhou,Longxiang Gao,HaiBo Zhou,Tom H. Luan,Sheng Wen

DOI: https://doi.org/10.1109/tdsc.2016.2642191

2016-01-01

IEEE Transactions on Dependable and Secure Computing

Abstract:Accurate malware propagation modeling in wireless ad hoc networks (WANETs) represents a fundamental and open research issue which shows distinguished challenges due to complicated access competition, severe channel interference, and dynamic connectivity. As an effort towards the issue, in this paper, we investigate the malware propagation under two spread schemes including Unicast and Broadcast, in Spread Mode and Communication Mode, respectively. We highlight our contributions in three-fold in the light of previous literature works. First, a bound of malware infection rate for each scheme is provided by applying the wireless network capacity theories. Second, the impact of mobility on malware propagations has been studied. Third, discussion of the relationship between different schemes and practical applications is provided. Numerical simulations and detailed performance analysis show that the Broadcast Scheme with Spread Mode is most dangerous in the sense of malware propagation speed in WANETs, and mobility will greatly increase the risk further. The results achieved in this paper not only provide insights on the malware propagation characteristics in WANETs, but also serve as fundamental guidelines on designing defense schemes.

Zijian Fang,Peng Zhao,Maochao Xu,Shouhuai Xu,Taizhong Hu,Xing Fang

DOI: https://doi.org/10.1080/02664763.2020.1845621

IF: 1.416

2020-01-01

Journal of Applied Statistics

Abstract:Modeling cyber threats, such as the computer malicious software (malware) propagation dynamics in cyberspace, is an important research problem because models can deepen our understanding of dynamical cyber threats. In this paper, we study the statistical modeling of the macro-level evolution of dynamical cyber attacks. Specifically, we propose a Bayesian structural time series approach for modeling the computer malware propagation dynamics in cyberspace. Our model not only possesses the parsimony property (i.e. using few model parameters) but also can provide the predictive distribution of the dynamics by accommodating uncertainty. Our simulation study shows that the proposed model can fit and predict the computer malware propagation dynamics accurately, without requiring to know the information about the underlying attack-defense interaction mechanism and the underlying network topology. We use the model to study the propagation of two particular kinds of computer malware, namely the Conficker and Code Red worms, and show that our model has very satisfactory fitting and prediction accuracies.

Linhe Zhu,Hongyong Zhao,Xiaoming Wang

DOI: https://doi.org/10.1016/j.camwa.2015.02.004

IF: 3.218

2015-01-01

Computers & Mathematics with Applications

Abstract:Mobile wireless sensor networks (MWSNs) have become an area of intense research activity due to technical advances in sensors, wireless communications and networking, and signal processing. Many applications, including environment monitoring, battlefield surveillance, and urban search and rescue especially in hazardous situations, are envisaged. However, MWSNs may be vulnerable to malicious interference because of the large-scale characteristics. When a contaminated node communications with its neighbors, multiple copies of the malware are transmitted to its neighbors, which may destroy, block regular communications, or even damage the integrity of regular data packets. Modeling spatial distribution of malware propagation over time is the first step to predict the trend of malware propagation in MWSNs. We propose a novel wireless malware propagation model with the discrete time delay based on reaction–diffusion equations in mobile wireless sensor networks, and study its dynamic behaviors. By analyzing the stability and Hopf bifurcation of the equilibrium of our model, we search for the sufficient conditions, which leads to the malware propagation disappears or continues. Furthermore, we demonstrate that oscillations in this model occur through the destabilization of the stationary solution at a Hopf bifurcation point. And formulas for determining the stability of the bifurcating periodic oscillations are derived by applying the normal form method and center manifold theorem. Finally, we conduct extensive simulations on large-scale MWSNs to evaluate the proposed model. Numerical evidence shows that the spatial–temporal dynamic characteristics of malware propagation in MWSNs are closely related to the packet transmission rate, the communication rang and the mobile behavior of nodes.

Mousa Tayseer Jafar,Lu-Xing Yang,Gang Li,Xiaofan Yang

2024-01-20

Abstract:The rapid proliferation of Internet of Things (IoT) devices in recent years has resulted in a significant surge in the number of cyber-attacks targeting these devices. Recent data indicates that the number of such attacks has increased by over 100 percent, highlighting the urgent need for robust cybersecurity measures to mitigate these threats. In addition, a cyber-attack will begin to spread malware across the network once it has successfully compromised an IoT network. However, to mitigate this attack, a new patch must be applied immediately. In reality, the time required to prepare and apply the new patch can vary significantly depending on the nature of the cyber-attack. In this paper, we address the issue of how to mitigate cyber-attacks before the new patch is applied by formulating an optimal control strategy that reduces the impact of malware propagation and minimise the number of infected devices across IoT networks in the smart home. A novel node-based epidemiological model susceptible, infected high, infected low, recover first, and recover complete(SI_HI_LR_FR_C) is established with immediate response state for the restricted environment. After that, the impact of malware on IoT devices using both high and low infected rates will be analyzed. Finally, to illustrate the main results, several numerical analyses are carried out in addition to simulate the real-world scenario of IoT networks in the smart home, we built a dataset to be used in the experiments.

Cryptography and Security

Hui Xia,Li,Xiangguo Cheng,Xiuzhen Cheng,Tie Qiu

DOI: https://doi.org/10.1109/jiot.2020.2984662

IF: 10.6

2020-01-01

IEEE Internet of Things Journal

Abstract:The existence of botnet puts people in an extremely insecure environment, which has seriously affected the development of Internet of Things (IoT). In order to prevent the formation of a botnet, it is necessary to understand the propagation behaviors and influence factors. As IoT devices become more intelligent, they can gradually generate social characteristics by mimicking human behaviors. However, in the process of coping with the botnet problem, little consideration has been given to the potential social characteristics of IoT. In this article, we build a dynamic botnet propagation model (i.e., IoT-BSI model) to study the influences of two social characteristics (i.e., device's spread capability and device's identification ability) on botnet formation. First, in terms of device's spread capability, this article makes great improvements on the K- shell decomposition algorithm and calculates this characteristic more accurately. Second, this article divides the device's identification ability into the rational identification ability and the irrational identification ability based on the sociological theory, and the calculation of the former is mainly realized by utilizing the PageRank idea. Third, this article applies the mean-field equation theory to analyze the dynamic characteristics of botnet propagation theoretically. Finally, the comprehensive results show that our model is not merely more consistent with the actual situation but also performs better than four compared models.

Wanping Liu,Chao Liu,Zheng Yang,Xiaoyang Liu,Yihao Zhang,Zuxue Wei

DOI: https://doi.org/10.1016/j.cnsns.2016.01.019

IF: 4.186

2016-01-01

Communications in Nonlinear Science and Numerical Simulation

Abstract:•A complex-network-based model for mobile malware spread is newly developed.•The impact of network topology on malware spread is considered in the novel model.•We analyze the parameter sensitivity on the propagation threshold of the model.•Research results show networks with higher heterogeneity conduce to malware spread.

Li,Jufu Cui,Rui Zhang,Hui Xia,Xiangguo Cheng

DOI: https://doi.org/10.1109/access.2020.2984668

IF: 3.9

2020-01-01

IEEE Access

Abstract:While cyber physics system (CPS) provides forward-looking and personalized services for users, it also creates conditions for the spread of malware. Therefore, it's critical for us to analyse affecting factors and study the propagation characteristics of malware. On the basis of the difference of intelligent device's dissemination capacity and discriminant ability, a dynamic malware propagation model (Disseminate&Discriminate-Spread-Exposed-Ignorant-Recover, DDSEIR) is proposed. First, intelligent devices are classified into different groups according to the level of dissemination capability by hierarchical mechanism, which takes the networks topology into account. And subsequently, intelligent device's discriminant ability can be evaluated by sender's identity and information attributes. Then, the mean field equation is constructed to analyze the dynamic characteristics of DDSEIR and the factors that influence malware propagation, which is used to further derive the malware propagation scale and threshold value of diffusion. Finally, this paper uses Live Journal dataset to verify the effectiveness of DDSEIR. The experiments illustrate that intelligent device's dissemination capacity and discriminant ability have significant influences on malware propagation.

FU Shuai,WANG Chang-guang,MA Jian-feng

DOI: https://doi.org/10.3969/j.issn.1000-3428.2011.03.046

2011-01-01

Abstract:A SIR/WS model of malware propagation in Wireless Sensor Network(WSN) is proposed after the model of WSN is obtained.Based on IEEE 802.15.4 and epidemic theories,the model considers the mechanism of saving energy and describes the broadcasting process of malware in the WSN.It is found that the propagation of malware in the WSN can be restrained by increasing the recovery rate and decreasing the infection rate.Simulation results show that the model works well.