Comparison of the mean-field approach and simulation in a peer-to-peer botnet case study
conference paper
Peer-to-peer botnets, as exemplified by the Storm Worm, and the spreading phase of Stuxnet, are a relatively new threat to security on the internet: infected computers automatically search for other computers to be infected, thus spreading the infection rapidly. In a recent paper, such botnets have been modeled using Stochastic Activity Networks, allowing the use of discrete-event simulation to judge strategies for combating their spread. In the present paper, we develop a mean-field model for analyzing botnet behavior and compare it with simulations obtained from the Moebius tool. We show that the mean-field approach provides accurate and orders-of-magnitude faster computation, thus providing very useful insight in spread characteristics and the effectiveness of countermeasures.
Topics
Differential equations
Mean-field approximation
Peer-to-peer botnet spread
Simulation
Botnets
Discrete events
Effectiveness of countermeasures
Mean field approach
Mean field models
Moebius
Orders-of-magnitude
Peer to peer
Stochastic activity networks
Computer crime
Differential equations
Distributed computer systems
Technical presentations
Computer simulation
TNO Identifier
954232
DOI
https://dx.doi.org/10.1007/978-3-642-24749-1_11
ISSN
03029743
ISBN
9783642247
Publisher
Springer
Source title
Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), 8th European Performance Engineering Workshop, EPEW 2011, 12 October 2011 through 13 October 2011
Pages
133-147
Files
To receive the publication files, please send an e-mail request to TNO Repository.