An Information-Theoretical View of Network-Aware Malware Attacks
Z. Chen, и C. Ji. (2008)cite arxiv:0805.0802
Comment: 14 pages, extension from a preliminary version appeared in IEEE
INFOCOM 2007.
Аннотация
This work investigates three aspects: (a) a network vulnerability as the
non-uniform vulnerable-host distribution, (b) threats, i.e., intelligent
malwares that exploit such a vulnerability, and (c) defense, i.e., challenges
for fighting the threats. We first study five large data sets and observe
consistent clustered vulnerable-host distributions. We then present a new
metric, referred to as the non-uniformity factor, which quantifies the
unevenness of a vulnerable-host distribution. This metric is essentially the
Renyi information entropy and better characterizes the non-uniformity of a
distribution than the Shannon entropy. Next, we analyze the propagation speed
of network-aware malwares in view of information theory. In particular, we draw
a relationship between Renyi entropies and randomized epidemic malware-scanning
algorithms. We find that the infection rates of malware-scanning methods are
characterized by the Renyi entropies that relate to the information bits in a
non-unform vulnerable-host distribution extracted by a randomized scanning
algorithm. Meanwhile, we show that a representative network-aware malware can
increase the spreading speed by exactly or nearly a non-uniformity factor when
compared to a random-scanning malware at an early stage of malware propagation.
This quantifies that how much more rapidly the Internet can be infected at the
early stage when a malware exploits an uneven vulnerable-host distribution as a
network-wide vulnerability. Furthermore, we analyze the effectiveness of
defense strategies on the spread of network-aware malwares. Our results
demonstrate that counteracting network-aware malwares is a significant
challenge for the strategies that include host-based defense and IPv6.
Описание
An Information-Theoretical View of Network-Aware Malware Attacks
%0 Generic
%1 Chen2008
%A Chen, Zesheng
%A Ji, Chuanyi
%D 2008
%K antivirus malware security
%T An Information-Theoretical View of Network-Aware Malware Attacks
%U http://arxiv.org/abs/0805.0802
%X This work investigates three aspects: (a) a network vulnerability as the
non-uniform vulnerable-host distribution, (b) threats, i.e., intelligent
malwares that exploit such a vulnerability, and (c) defense, i.e., challenges
for fighting the threats. We first study five large data sets and observe
consistent clustered vulnerable-host distributions. We then present a new
metric, referred to as the non-uniformity factor, which quantifies the
unevenness of a vulnerable-host distribution. This metric is essentially the
Renyi information entropy and better characterizes the non-uniformity of a
distribution than the Shannon entropy. Next, we analyze the propagation speed
of network-aware malwares in view of information theory. In particular, we draw
a relationship between Renyi entropies and randomized epidemic malware-scanning
algorithms. We find that the infection rates of malware-scanning methods are
characterized by the Renyi entropies that relate to the information bits in a
non-unform vulnerable-host distribution extracted by a randomized scanning
algorithm. Meanwhile, we show that a representative network-aware malware can
increase the spreading speed by exactly or nearly a non-uniformity factor when
compared to a random-scanning malware at an early stage of malware propagation.
This quantifies that how much more rapidly the Internet can be infected at the
early stage when a malware exploits an uneven vulnerable-host distribution as a
network-wide vulnerability. Furthermore, we analyze the effectiveness of
defense strategies on the spread of network-aware malwares. Our results
demonstrate that counteracting network-aware malwares is a significant
challenge for the strategies that include host-based defense and IPv6.
@misc{Chen2008,
abstract = { This work investigates three aspects: (a) a network vulnerability as the
non-uniform vulnerable-host distribution, (b) threats, i.e., intelligent
malwares that exploit such a vulnerability, and (c) defense, i.e., challenges
for fighting the threats. We first study five large data sets and observe
consistent clustered vulnerable-host distributions. We then present a new
metric, referred to as the non-uniformity factor, which quantifies the
unevenness of a vulnerable-host distribution. This metric is essentially the
Renyi information entropy and better characterizes the non-uniformity of a
distribution than the Shannon entropy. Next, we analyze the propagation speed
of network-aware malwares in view of information theory. In particular, we draw
a relationship between Renyi entropies and randomized epidemic malware-scanning
algorithms. We find that the infection rates of malware-scanning methods are
characterized by the Renyi entropies that relate to the information bits in a
non-unform vulnerable-host distribution extracted by a randomized scanning
algorithm. Meanwhile, we show that a representative network-aware malware can
increase the spreading speed by exactly or nearly a non-uniformity factor when
compared to a random-scanning malware at an early stage of malware propagation.
This quantifies that how much more rapidly the Internet can be infected at the
early stage when a malware exploits an uneven vulnerable-host distribution as a
network-wide vulnerability. Furthermore, we analyze the effectiveness of
defense strategies on the spread of network-aware malwares. Our results
demonstrate that counteracting network-aware malwares is a significant
challenge for the strategies that include host-based defense and IPv6.
},
added-at = {2010-11-26T05:49:20.000+0100},
author = {Chen, Zesheng and Ji, Chuanyi},
biburl = {https://www.bibsonomy.org/bibtex/292b7d4134837449c71bc324c6c9be793/malwaresig},
description = {An Information-Theoretical View of Network-Aware Malware Attacks},
interhash = {de4ef9e3ae60e6dbe19c8cac645c1fd5},
intrahash = {92b7d4134837449c71bc324c6c9be793},
keywords = {antivirus malware security},
note = {cite arxiv:0805.0802
Comment: 14 pages, extension from a preliminary version appeared in IEEE
INFOCOM 2007},
timestamp = {2010-11-26T05:49:21.000+0100},
title = {An Information-Theoretical View of Network-Aware Malware Attacks},
url = {http://arxiv.org/abs/0805.0802},
year = 2008
}