Comparison of the mean-field approach and simulation in a peer-to-peer botnet case study

Anna Kolesnichenko; Anne Remke; Pieter-Tjerk de Boer; Boudewijn Haverkort

doi:10.1007/978-3-642-24749-1_11

Comparison of the mean-field approach and simulation in a peer-to-peer botnet case study

Anna Kolesnichenko, Anne Remke, Pieter-Tjerk de Boer, Boudewijn Haverkort

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › Academic › peer-review

16 Citations (Scopus)

43 Downloads (Pure)

Abstract

Peer-to-peer botnets, as exemplified by the Storm Worm and Stuxnet, are a relatively new threat to security on the internet: infected computers automatically search for other computers to be infected, thus spreading the infection rapidly. In a recent paper, such botnets have been modeled using Stochastic Activity Networks, allowing the use of discrete-event simulation to judge strategies for combating their spread. In the present paper, we develop a mean-field model for analyzing botnet behavior and compare it with simulations obtained from the Möbius tool. We show that the mean-field approach provides accurate and orders-of- magnitude faster computation, thus providing very useful insight in spread characteristics and the effectiveness of countermeasures.

Original language	English
Title of host publication	Proceedings of the 8th European Performance Engineering Workshop, EPEW 2011
Editors	N. Thomas
Place of Publication	London
Publisher	Springer
Pages	133-147
Number of pages	15
DOIs	https://doi.org/10.1007/978-3-642-24749-1_11
Publication status	Published - Oct 2011
Event	8th European Performance Engineering Workshop, EPEW 2011 - Borrowdale, United Kingdom Duration: 12 Oct 2011 → 13 Oct 2011 Conference number: 8

Publication series

Name	Lecture Notes in Computer Science
Publisher	Springer Verlag
Volume	6977
ISSN (Print)	0302-9743
ISSN (Electronic)	1611-3349

Conference

Conference	8th European Performance Engineering Workshop, EPEW 2011
Abbreviated title	EPEW
Country/Territory	United Kingdom
City	Borrowdale
Period	12/10/11 → 13/10/11

Keywords

peer-to-peer botnet spread
Mean-field approximation
differential equations
Simulation

Access to Document

10.1007/978-3-642-24749-1_11

Cite this

Kolesnichenko, A., Remke, A., de Boer, P-T., & Haverkort, B. (2011). Comparison of the mean-field approach and simulation in a peer-to-peer botnet case study. In N. Thomas (Ed.), Proceedings of the 8th European Performance Engineering Workshop, EPEW 2011 (pp. 133-147). (Lecture Notes in Computer Science; Vol. 6977). Springer. https://doi.org/10.1007/978-3-642-24749-1_11

@inproceedings{fa1a7fadee3f4635b33c7acff2f425f7,

title = "Comparison of the mean-field approach and simulation in a peer-to-peer botnet case study",

abstract = "Peer-to-peer botnets, as exemplified by the Storm Worm and Stuxnet, are a relatively new threat to security on the internet: infected computers automatically search for other computers to be infected, thus spreading the infection rapidly. In a recent paper, such botnets have been modeled using Stochastic Activity Networks, allowing the use of discrete-event simulation to judge strategies for combating their spread. In the present paper, we develop a mean-field model for analyzing botnet behavior and compare it with simulations obtained from the M{\"o}bius tool. We show that the mean-field approach provides accurate and orders-of- magnitude faster computation, thus providing very useful insight in spread characteristics and the effectiveness of countermeasures.",

keywords = "peer-to-peer botnet spread, Mean-field approximation, differential equations, Simulation",

author = "Anna Kolesnichenko and Anne Remke and {de Boer}, Pieter-Tjerk and Boudewijn Haverkort",

year = "2011",

month = oct,

doi = "10.1007/978-3-642-24749-1_11",

language = "English",

series = "Lecture Notes in Computer Science",

publisher = "Springer",

pages = "133--147",

editor = "N. Thomas",

booktitle = "Proceedings of the 8th European Performance Engineering Workshop, EPEW 2011",

note = "8th European Performance Engineering Workshop, EPEW 2011, EPEW ; Conference date: 12-10-2011 Through 13-10-2011",

}

Kolesnichenko, A, Remke, A , de Boer, P-T & Haverkort, B 2011, Comparison of the mean-field approach and simulation in a peer-to-peer botnet case study. in N Thomas (ed.), Proceedings of the 8th European Performance Engineering Workshop, EPEW 2011. Lecture Notes in Computer Science, vol. 6977, Springer, London, pp. 133-147, 8th European Performance Engineering Workshop, EPEW 2011, Borrowdale, United Kingdom, 12/10/11. https://doi.org/10.1007/978-3-642-24749-1_11

Comparison of the mean-field approach and simulation in a peer-to-peer botnet case study. / Kolesnichenko, Anna; Remke, Anne ; de Boer, Pieter-Tjerk et al.

Proceedings of the 8th European Performance Engineering Workshop, EPEW 2011. ed. / N. Thomas. London : Springer, 2011. p. 133-147 (Lecture Notes in Computer Science; Vol. 6977).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › Academic › peer-review

TY - GEN

T1 - Comparison of the mean-field approach and simulation in a peer-to-peer botnet case study

AU - Kolesnichenko, Anna

AU - Remke, Anne

AU - de Boer, Pieter-Tjerk

AU - Haverkort, Boudewijn

N1 - Conference code: 8

PY - 2011/10

Y1 - 2011/10

N2 - Peer-to-peer botnets, as exemplified by the Storm Worm and Stuxnet, are a relatively new threat to security on the internet: infected computers automatically search for other computers to be infected, thus spreading the infection rapidly. In a recent paper, such botnets have been modeled using Stochastic Activity Networks, allowing the use of discrete-event simulation to judge strategies for combating their spread. In the present paper, we develop a mean-field model for analyzing botnet behavior and compare it with simulations obtained from the Möbius tool. We show that the mean-field approach provides accurate and orders-of- magnitude faster computation, thus providing very useful insight in spread characteristics and the effectiveness of countermeasures.

AB - Peer-to-peer botnets, as exemplified by the Storm Worm and Stuxnet, are a relatively new threat to security on the internet: infected computers automatically search for other computers to be infected, thus spreading the infection rapidly. In a recent paper, such botnets have been modeled using Stochastic Activity Networks, allowing the use of discrete-event simulation to judge strategies for combating their spread. In the present paper, we develop a mean-field model for analyzing botnet behavior and compare it with simulations obtained from the Möbius tool. We show that the mean-field approach provides accurate and orders-of- magnitude faster computation, thus providing very useful insight in spread characteristics and the effectiveness of countermeasures.

KW - peer-to-peer botnet spread

KW - Mean-field approximation

KW - differential equations

KW - Simulation

U2 - 10.1007/978-3-642-24749-1_11

DO - 10.1007/978-3-642-24749-1_11

M3 - Conference contribution

T3 - Lecture Notes in Computer Science

SP - 133

EP - 147

BT - Proceedings of the 8th European Performance Engineering Workshop, EPEW 2011

A2 - Thomas, N.

PB - Springer

CY - London

T2 - 8th European Performance Engineering Workshop, EPEW 2011

Y2 - 12 October 2011 through 13 October 2011

ER -

Comparison of the mean-field approach and simulation in a peer-to-peer botnet case study

Abstract

Publication series

Conference

Keywords

Access to Document

Fingerprint

Cite this