WAP: Models and metrics for the assessment of critical-infrastructure-targeted malware campaigns

Ensuring system survivability in the wake of advanced persistent threats is a big challenge that the security community is facing to ensure critical infrastructure protection. In this paper, we define metrics and models for the assessment of coordinated massive malware campaigns targeting critical infrastructure sectors. First, we develop an analytical model that allows us to capture the effect of neighborhood on different metrics (infection probability and contagion probability). Then, we assess the impact of putting operational but possibly infected nodes into quarantine. Finally, we study the implications of scanning nodes for early detection of malware (e.g., worms), accounting for false positives and false negatives. Evaluating our methodology using a small four-node topology, we find that malware infections can be effectively contained by using quarantine and appropriate rates of scanning for soft impacts.

[1]  Mark Newman,et al.  Networks: An Introduction , 2010 .

[2]  Xiaofeng Liao,et al.  Dynamical analysis and control strategies on malware propagation model , 2013 .

[3]  George J. Pappas,et al.  Analysis and Control of Epidemics: A Survey of Spreading Processes on Complex Networks , 2015, IEEE Control Systems.

[4]  Dong Seong Kim,et al.  Scalable optimal countermeasure selection using implicit enumeration on attack countermeasure trees , 2012, IEEE/IFIP International Conference on Dependable Systems and Networks (DSN 2012).

[5]  William H. Sanders,et al.  Adversary-driven state-based system security evaluation , 2010, MetriSec '10.

[6]  George J. Pappas,et al.  Stability analysis of generalized epidemic models over directed networks , 2014, 53rd IEEE Conference on Decision and Control.

[7]  Donald F. Towsley,et al.  On the performance of Internet worm scanning strategies , 2006, Perform. Evaluation.

[8]  Laura Carnevali,et al.  Survivability Evaluation of Gas, Water and Electricity Infrastructures , 2015, Electron. Notes Theor. Comput. Sci..

[9]  Eitan Altman,et al.  Rejuvenation and the Spread of Epidemics in General Topologies , 2014, 2014 IEEE International Symposium on Software Reliability Engineering Workshops.

[10]  Eitan Altman,et al.  Complete game-theoretic characterization of SIS epidemics protection strategies , 2014, 53rd IEEE Conference on Decision and Control.

[11]  Kishor S. Trivedi,et al.  Performance Assurance via Software Rejuvenation: Monitoring, Statistics and Algorithms , 2006, International Conference on Dependable Systems and Networks (DSN'06).

[12]  Min Ouyang,et al.  Review on modeling and simulation of interdependent critical infrastructure systems , 2014, Reliab. Eng. Syst. Saf..

[13]  Elaine J. Weyuker,et al.  Using performance signatures and software rejuvenation for worm mitigation in tactical MANETs , 2007, WOSP '07.

[14]  Kash Barker,et al.  Static and dynamic resource allocation models for recovery of interdependent systems: application to the Deepwater Horizon oil spill , 2016, Ann. Oper. Res..

[15]  Bharat B. Madan,et al.  A method for modeling and quantifying the security attributes of intrusion tolerant systems , 2004, Perform. Evaluation.

[16]  Fernando M. V. Ramos,et al.  Towards secure and dependable software-defined networks , 2013, HotSDN '13.

[17]  Elaine J. Weyuker,et al.  Monitoring for security intrusion using performance signatures , 2010, WOSP/SIPEW '10.