A Stochastic Model of
Multivirus Dynamics
ABSTRACT:
Understanding the spreading dynamics of
computer viruses (worms, attacks) is an important research problem, and has received
much attention from the communities of both computer security and statistical physics.
However, previous studies have mainly focused on single-virus spreading
dynamics. In this paper, we study multi-virus spreading dynamics, where
multiple viruses attempt to infect computers while possibly combating against
each other because, for example, they are controlled by multiple bot masters.
Specifically, we propose and analyze a general model (and its two special
cases) of multi-virus spreading dynamics in arbitrary networks (i.e., we do not
make any restriction on network topologies), where the viruses may or may not
core side on computers. Our model offers analytical results for addressing
questions such as: What are the sufficient conditions (also known as epidemic
thresholds) under which the multiple viruses will die out? What if some viruses
can “rob” others? What characteristics does the multivirus epidemic dynamics
exhibit when the viruses are (approximately) equally powerful? The analytical
results make a fundamental connection between two types of factors: defense
capability and network connectivity. This allows us to draw various insights
that can be used to guide security defense.
EXISTING
SYSTEM:
In the existing system, studies have mainly
focused on single-virus spreading dynamics.
For multivirus spreading dynamics, there
are two scenarios: the viruses spread independent of each other and thus the dynamics
can be understood as a trivial extension of the single-virus dynamics; the
viruses spread non-independently and may further fight against each other.
DISADVANTAGES
OF EXISTING SYSTEM:
The well established approaches such as
access control and cryptography.
Despite the attention that has been paid
by communities including computer security and statistical physics, existing studies
mainly focused on single-virus spreading dynamics.
PROPOSED
SYSTEM:
In this paper, we study multi-virus
spreading dynamics, where multiple viruses attempt to infect computers while
possibly combating against each other because, for example, they are controlled
by multiple bot-masters.
Specifically, we propose and analyze a
general model (and its two special cases) of multi-virus spreading dynamics in arbitrary
networks (i.e., we do not make any restriction on network topologies), where
the viruses may or may not core side on computers. Our model offers analytical
results for addressing questions such as: What are the sufficient conditions
(also known as epidemic thresholds) under which the multiple viruses will die
out? What if some viruses can “rob” others? What characteristics does the
multivirus epidemic dynamics exhibit when the viruses are (approximately)
equally powerful? The analytical results make a fundamental connection between
two types of factors: defense capability and network connectivity. This allows
us to draw various insights that can be used to guide security defense.
ADVANTAGES
OF PROPOSED SYSTEM:
To solve the problem of computer viruses
(malware, worms, or bots), we need a set of approaches, ranging from
legislation to technology.
MODULES:
P2P
NETWORK MODULE:
QUANTITIES IN MODELING:
SCANNING HOSTS AT DIFFERENT LAYERS:
MALWARE PROPAGATION:
MODULE
DESCRIPTION:
P2P
NETWORK MODULE:
THE
use of peer-to-peer (P2P) networks as a vehicle to spread malware offers some
important advantages over worms that spread by scanning for vulnerable hosts.
This is primarily due to the methodology employed by the peers to search for
content. For instance, in decentralized P2P architectures such as Gnutella where search is done by flooding the network.
The design of the search technique has the following implications: first, the
worms can spread much faster, since they do not have to probe for susceptible
hosts and second, the rate of failed connections is less. Thus, rapid
proliferation of malware can pose a serious security threat to the functioning
of P2P networks.
QUANTITIES IN MODELING:
The malware propagation model of a worm reflects the
fractions of vulnerable hosts that are infected, active, and retired over time.
A scan message that does not hit any vulnerable host does not change these
numbers. Thus, modeling should only be
based on the event of a scan message hitting a vulnerable host. When that event
happens, all aforesaid numbers change. We derive the
model by analyzing the precise amounts by
which they change.
SCANNING HOSTS AT DIFFERENT LAYERS:
An active infected host never changes its
layer by hitting a new infection.
This is because the layer of a host indicates how many old infections the active host has hit till that time, and
hitting a new infection does not change that. However, when it hits an old
infection, it takes a jump, moves to the next layer, and becomes either
ineffective or nascent depending on whether it jumps into a covered area or not.
MALWARE PROPAGATION:
The
transfer of information in a P2P network is initiated with a search request for
it. This paper assumes that the search mechanism employed is flooding, as in
Gnutella networks. In this scenario, a peer searching for a file forwards a
query to all its neighbors. A peer receiving the query first responds
affirmatively if in possession of the file and then checks the TTL of the
query. If this value is greater than zero, it forwards the query outwards to
its neighbors, else, the query is discarded. In our scenario, it suffices to
distinguish any file in the network as being either malware or otherwise.
We make the following assumptions
about the system:
v The number of members in a
compartment is a differentiable function of time. This holds true in the event
of large compartment sizes and since P2P networks comprise of tens of thousands
of users, assuming this is quite reasonable.
v By abstracting the P2P graph through
differential equations, the emphasis is more on the numbers of each class,
rather than the particulars of each member of the respective classes.
v The spread of files in the P2P
network is deterministic, i.e., the behavior is completely determined by the
rules governing the model. In other words, the properties of a class are
dictated by the number of members present.
v The size of the network does not vary
over the time during which the spread of malware is modeled.
SYSTEM
REQUIREMENTS:
HARDWARE
REQUIREMENTS:
•
System : Pentium IV 2.4 GHz.
•
Hard
Disk : 40 GB.
•
Floppy
Drive : 1.44 Mb.
•
Monitor : 15 VGA Colour.
•
Mouse : Logitech.
•
Ram : 512 Mb.
SOFTWARE
REQUIREMENTS:
•
Operating system : - Windows XP.
•
Coding Language : JAVA
REFERENCE:
Shouhuai Xu, Wenlian Lu, and Zhenxin Zhan, “A
Stochastic Model of Multivirus Dynamics”, IEEE
TRANSACTIONS ON DEPENDABLE AND SECURE COMPUTING, VOL. 9, NO. 1,
JANUARY/FEBRUARY 2012.