Epidemic model for malware targeting telephony networks

In this paper, we present a new mathematical epidemiological model of a malware targeting Private Branch eXchanges (PBX). Although the term PBX is old, we argue that traditional PBXs are still extensively used, along the modern VoIP systems, forming part of most nations' critical infrastructure. The proposed model is based on graph theory and generic epidemiological models. Through this model we are able to simulate infections of PBX malware and monitor their evolution. We provide estimations of potential scale and timing characteristics of virus propagation over the PBX network with a mathematical framework to model PBX malware, an epidemic model for PBX infections and an empirical study of the model under a simplified environment. Our results show that 2 days are sufficient for the malware diffusion, highlighting the necessity of immediate countermeasures.

[1]  Guanhua Yan,et al.  Malware propagation in online social networks: nature, dynamics, and defense implications , 2011, ASIACCS '11.

[2]  Herbert W. Hethcote,et al.  The Mathematics of Infectious Diseases , 2000, SIAM Rev..

[3]  M. Keeling,et al.  Modeling Infectious Diseases in Humans and Animals , 2007 .

[4]  Donald F. Towsley,et al.  Modeling and Simulation Study of the Propagation and Defense of Internet E-mail Worms , 2007, IEEE Transactions on Dependable and Secure Computing.

[5]  Kwang-Cheng Chen,et al.  On Modeling Malware Propagation in Generalized Social Networks , 2011, IEEE Communications Letters.

[6]  Alessandro Vespignani,et al.  Epidemic spreading in scale-free networks. , 2000, Physical review letters.

[7]  Iosif Androulidakis PRETTY (Private Telephony Security) - Securing the Private Telephony Infrastructure , 2012 .

[8]  D. West De-Mystifying Telecom Fraud , 2000 .

[9]  Hossein Saidi,et al.  Social Networks' XSS Worms , 2009, 2009 International Conference on Computational Science and Engineering.

[10]  William Hugh Murray,et al.  The application of epidemiology to computer viruses , 1988, Comput. Secur..

[11]  Iosif Androulidakis PBX Security and Forensics - A Practical Approach , 2013, Springer Briefs in Electrical and Computer Engineering.

[12]  Jeffrey O. Kephart,et al.  Directed-graph epidemiological models of computer viruses , 1991, Proceedings. 1991 IEEE Computer Society Symposium on Research in Security and Privacy.

[13]  C. Pollard Telecom fraud: The cost of doing nothing just went up , 2005, Comput. Secur..

[14]  Donald F. Towsley,et al.  Code red worm propagation modeling and analysis , 2002, CCS '02.

[15]  H. Andersson,et al.  Stochastic Epidemic Models and Their Statistical Analysis , 2000 .

[16]  V. Vlachos,et al.  On a malware targeting private telephony networks during cyber conflict , 2012, 2012 20th Telecommunications Forum (TELFOR).