Modeling Internet-Scale Policies for Cleaning up Malware

An emerging consensus among policy makers is that interventions undertaken by Internet Service Providers are the best way to counter the rising incidence of malware. However, assessing the suitability of countermeasures at this scale is hard. In this paper, we use an agent-based model, called ASIM, to investigate the impact of policy interventions at the Autonomous System level of the Internet. For instance, we find that coordinated intervention by the 0.2%-biggest ASes is more effective than uncoordinated efforts adopted by 30% of all ASes. Furthermore, countermeasures that block malicious transit traffic appear more effective than ones that block outgoing traffic. The model allows us to quantify and compare positive externalities created by different countermeasures. Our results give an initial indication of the types and levels of intervention that are most cost-effective at large scale.

[1]  Wenke Lee,et al.  Modeling Botnet Propagation Using Time Zones , 2006, NDSS.

[2]  Richard Clayton Might Governments Clean-Up Malware? , 2010, WEIS.

[3]  Marc Lelarge,et al.  Economic Incentives to Increase Security in the Internet: The Case for Insurance , 2009, IEEE INFOCOM 2009.

[4]  Johannes M. Bauer,et al.  The Role of Internet Service Providers in Botnet Mitigation an Empirical Analysis Based on Spam Data , 2010, WEIS.

[5]  Manfred Kochen,et al.  On the economics of information , 1972, J. Am. Soc. Inf. Sci..

[6]  P. Kaye Infectious diseases of humans: Dynamics and control , 1993 .

[7]  Tyler Moore,et al.  The consequence of non-cooperation in the fight against phishing , 2008, 2008 eCrime Researchers Summit.

[8]  Tyler Moore,et al.  The Economics of Information Security , 2006, Science.

[9]  Ross J. Anderson,et al.  The Economics of Online Crime , 2009 .

[10]  Kevin C. Almeroth,et al.  FIRE: FInding Rogue nEtworks , 2009, 2009 Annual Computer Security Applications Conference.

[11]  Scott E. Coull,et al.  A Reputation-based System for the Quarantine of Random Scanning Worms , 2005 .

[12]  Jelena Mirkovic,et al.  Distributed worm simulation with a realistic Internet model , 2005, Workshop on Principles of Advanced and Distributed Simulation (PADS'05).

[13]  Hal R. Varian,et al.  System Reliability and Free Riding , 2004, Economics of Information Security.

[14]  Francesco Palmieri,et al.  Containing large-scale worm spreading in the Internet by cooperative distribution of traffic filtering policies , 2008, Comput. Secur..

[15]  David Moore,et al.  Internet quarantine: requirements for containing self-propagating code , 2003, IEEE INFOCOM 2003. Twenty-second Annual Joint Conference of the IEEE Computer and Communications Societies (IEEE Cat. No.03CH37428).

[16]  Ma Yan,et al.  A survey of internet worm propagation models , 2009, 2009 2nd IEEE International Conference on Broadband Network & Multimedia Technology.

[17]  Walter Willinger,et al.  To Peer or Not to Peer: Modeling the Evolution of the Internet's AS-Level Topology , 2006, Proceedings IEEE INFOCOM 2006. 25TH IEEE International Conference on Computer Communications.

[18]  G. Stigler The Economics of Information , 1961, Journal of Political Economy.

[19]  J. Bauer,et al.  Economics of Malware: Security Decisions, Incentives and Externalities , 2008 .

[20]  K. Haynes,et al.  Gravity and Spatial Interaction Models , 1985 .

[21]  Hassen Saïdi,et al.  A Foray into Conficker's Logic and Rendezvous Points , 2009, LEET.

[22]  Piet Van Mieghem,et al.  Protecting Against Network Infections: A Game Theoretic Perspective , 2009, IEEE INFOCOM 2009.

[23]  Alberto Montresor,et al.  Modeling Botnets and Epidemic Malware , 2010, 2010 IEEE International Conference on Communications.

[24]  Marc Lelarge,et al.  Economics of malware: Epidemic risks model, network externalities and incentives , 2009, 2009 47th Annual Allerton Conference on Communication, Control, and Computing (Allerton).

[25]  James Aspnes,et al.  Worm Versus Alert: Who Wins in a Battle for Control of a Large-Scale Network? , 2007, OPODIS.

[26]  M. Newman Spread of epidemic disease on networks. , 2002, Physical review. E, Statistical, nonlinear, and soft matter physics.

[27]  K. Malinka,et al.  Malware spreading models in peer-to-peer networks , 2008, 2008 42nd Annual IEEE International Carnahan Conference on Security Technology.

[28]  Petter Holme,et al.  An integrated model of traffic, geography and economy in the internet , 2008, CCRV.

[29]  Walter Willinger,et al.  Internet connectivity at the AS-level: an optimization-driven modeling approach , 2003, MoMeTools '03.

[30]  Donald F. Towsley,et al.  The effect of network topology on the spread of epidemics , 2005, Proceedings IEEE 24th Annual Joint Conference of the IEEE Computer and Communications Societies..

[31]  Tyler Moore,et al.  Security Economics and European Policy , 2008, WEIS.