Thwarting Worm Spread in Heterogeneous Networks With Diverse Variant Placement

Many existing works assign diverse variants to routing nodes in the network to prevent security threat (e.g., worm attack). However, the works assume no common vulnerabilities among diverse variants, which is not always satisfied in the real world. In this letter, we consider that some variants have common vulnerabilities and propose the common vulnerability-aware diverse variant placement problem. We formulate the problem as an integer programming optimization problem with NP-hard complexity based on a new metric named the Infected Ratio Expectation. Furthermore, we devise algorithms to solve the problem for the static network and the network for extension. The simulation results show that compared with the baseline algorithms, our algorithms effectively restrain the worm spread by about 42%.

[1]  Yang Xiang,et al.  Modeling the Propagation of Worms in Networks: A Survey , 2014, IEEE Communications Surveys & Tutorials.

[2]  Jia Wang,et al.  Would Diversity Really Increase the Robustness of the Routing Infrastructure against Software Defects? , 2008, NDSS.

[3]  Cong Wang,et al.  Security Challenges for the Public Cloud , 2012, IEEE Internet Computing.

[4]  Ellen W. Zegura,et al.  How to model an internetwork , 1996, Proceedings of IEEE INFOCOM '96. Conference on Computer Communications.

[5]  Yonghong Chen,et al.  Propagation Modeling and Defending of a Mobile Sensor Worm in Wireless Sensor and Actuator Networks , 2017, Sensors.

[6]  Omer Reingold,et al.  Undirected connectivity in log-space , 2008, JACM.

[7]  Yang Liu,et al.  Defending Sensor Worm Attack Using Software Diversity Approach , 2011, 2011 IEEE International Conference on Communications (ICC).

[8]  Harish Sethu,et al.  On achieving software diversity for improved network security using distributed coloring algorithms , 2004, CCS '04.

[9]  C. D. Gelatt,et al.  Optimization by Simulated Annealing , 1983, Science.

[10]  Sushil Jajodia,et al.  Moving Target Defense - Creating Asymmetric Uncertainty for Cyber Threats , 2011, Moving Target Defense.

[11]  En-Jui Chang,et al.  Path-Diversity-Aware Fault-Tolerant Routing Algorithm for Network-on-Chip Systems , 2017, IEEE Transactions on Parallel and Distributed Systems.

[12]  Sencun Zhu,et al.  Improving sensor network immunity under worm attacks: A software diversity approach , 2016, Ad Hoc Networks.