Comparison of the mean-field approach and simulation in a peer-to-peer botnet case study
conference paper
Peer-to-peer botnets, as exemplified by the Storm Worm, and the spreading phase of Stuxnet, are a relatively new threat to security on the internet: infected computers automatically search for other computers to be infected, thus spreading the infection rapidly. In a recent paper, such botnets have been modeled using Stochastic Activity Networks, allowing the use of discrete-event simulation to judge strategies for combating their spread. In the present paper, we develop a mean-field model for analyzing botnet behavior and compare it with simulations obtained from the Moebius tool. We show that the mean-field approach provides accurate and orders-of-magnitude faster computation, thus providing very useful insight in spread characteristics and the effectiveness of countermeasures.
Topics
Differential equationsMean-field approximationPeer-to-peer botnet spreadSimulationBotnetsDiscrete eventsEffectiveness of countermeasuresMean field approachMean field modelsMoebiusOrders-of-magnitudePeer to peerStochastic activity networksComputer crimeDifferential equationsDistributed computer systemsTechnical presentationsComputer simulation
TNO Identifier
954232
ISSN
03029743
ISBN
9783642247
Publisher
Springer
Source title
Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), 8th European Performance Engineering Workshop, EPEW 2011, 12 October 2011 through 13 October 2011
Pages
133-147
Files
To receive the publication files, please send an e-mail request to TNO Repository.