Research Article Worms Propagation Modeling and Analysis in Big Data Environment

Transcription

1 Distributed Sensor Networks Volume 2015, Article ID , 8 pages Research Article Worms Propagation Modeling and Analysis in Big Data Environment Song He, 1 Can Zhang, 2,3 Wei Guo, 3 and Li-Dong Zhai 3 1 School of Management and Economics, Beijing Institute of Technology, Beijing , China 2 North China Electric Power University, Baoding , China 3 Institute of Information Engineering, Chinese Academy of Sciences, Beijing , China Correspondence should be addressed to Li-Dong Zhai; zhailidong@iieaccn Received 5 August 2014; Accepted 16 November 2014 Academic Editor: Qingquan Zhang Copyright 2015 Song He et al This is an open access article distributed under the Creative Commons Attribution License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited The integration of the Internet and Mobile networks results in huge amount of data, as well as security threat With the fragile capacity of security protection, worms can propagate in the integration network and undermine the stability and integrity of data ThepropagationofwormisagreatsecurityrisktomassiveamountsofdataintheintegrationnetworkWeproposeakindofworm propagating in big data environment named BD-Worm BD-Worm consumes computing resources and gets privacy information of users, which causes huge losses to our working and living This paper constructs an integration network topology model and designs the BD-Worm propagating in the big data environment To analyze the propagation of BD-Worm, we conduct a simulation and provide some recommendations to contain the widespread of BD-Worm according to the simulation results 1 Introduction The popularity of mobile intelligent terminal brings great convenience to people s lives Mobile shopping, mobile banking, mobile social network, mobile maps, and other applications provide users with a variety of services However, the convenience also brings up a security risk Mobile phones store a lot of privacy information including contacts, SMS, bank accounts, social network accounts, and geographic information Network attackers steal the user s private information to make correlation analysis and engage in illegal activities, which violates user s privacy The integration of the Internet and Mobile networks has brought great convenience for us The increasing number of mobile devices causes explosive growth of the amount of data in integration network While the high-speed development of the integration network brings people into the era of big data, it also brings some data security problems, such as theft and leakage of privacy data and sensitive data [1] As a kind of malicious program that can infect large amount of hosts in short time, worm is exploited by network attacker We name the worms destroying data security in integration network as BD-Worm, which takes advantage of the weak security protection ability, propagates in a large area in the network, and destroys the stability and security of data Here, BD-Worm constitutes one of the major network data security problems because of the integration of the Internet and Mobile network In order to ensure the massive data are much safer, we should analyze the propagation mechanism of BD-Worm firstly and then provide effective protection strategies against its propagation characteristics This paper constructs an integrated network topology and simulates the propagation of BD-Worm The worm propagates by files attached with malicious code Considering the differences between computerandmobileintelligentterminaloperatingsystem, worm propagation in different operation system needs cross different protocol The paper chooses files supported by a variety of operating systems as virus vector The formats of suchfilesincludetxtandmp3onceuseropensthefile attached with worm code, the worm will be activated, will copy itself, and will attach other files with BD-Worm

2 2 Distributed Sensor Networks The remaining sections of the paper are organized as follows Section 2 introduces related work Modeling of BD-Worm will be presented in Section 3 InSection 4, we simulate the BD-Worm in integration network and study the BD-Worm spreading in the different network topology and defense Finally, Section5 concludes this paper 2 Related Work In this section, we first introduce the effect of integration network on data Then, we introduce the security risk of big data and several related improvements At last, we explore the work related to worm theory and new generation worm in different scenarios Here, the integration of the Internet and Mobile network is the integration of fixed node and Mobile network, which has greatly expanded the network s flexibility [2] The popularity of smart phones and tablets spawned a large number of network applications, such as social network, online shopping, and games It is much more convenient for people s lives by using those applications The integrated network produces a variety of data formats In addition, much data such as communications and online transaction need real-time analysis and process It presents a great challenge to integrated network s data processing capability [3] More and more privacy leak events raise people s awareness about importance of personal information With the integration of Mobile network and Internet, the storage, management, and use of huge amount of data are faced with serious security challenges The protection of mobile phone and Internet users privacy information has become a major research question in integration network Considering the security risks of distributed data storage in big data environment, Zhao [4] takes data access patterns and query into consideration and designed a distributed platform, to ensure the integrity and security of data Data encryption and privacy protection technologies and management modes cannot meet the requirements in capacity, performance, storage, and security of big data Data security and privacy protection of users are faced with huge impact and challenges Wang [5] provides a kind of big data encryption algorithm based on data deduplication technology The studies have shown that the security of the algorithm is reliable and the algorithm improves the speed of large data encryption processing effectively The research on worms over the past few years has focused on future worms and those future worms may propagate in specific complex environment or be designed with new function For example, Su [6] designs a new kind of network worm that propagates in IPv6 and IPv4-IPv6 transition environment, and the new worm is named NHIW, New Hybrid Internet Worm Based on the analysis of network worm scanning strategy, Xu et al [7] design a new kind of network worm-dnsworm-v6, which can propagate rapidly in IPv6 network by scanning the whole network applying two layers different scanning strategy Wang [8] analysesthe propagation characteristics of worms propagate in Internet of Vehicles and proposes a kind of benign worm defensing maliciouswormininternetofvehicles The study of worms mainly focuses on function structure, scan strategy, and propagation models [9] Function structure of the worm consists of two parts: the main function structure and the auxiliary function structure The main function structure controls the basic characteristics of worms, and the auxiliary function is designed for enhancing the properties of worms Worms scan the whole network to find next attack target There are many kinds of scan strategies and different strategy will achieve different effects [10] The research of worms propagation model is based on the spread of epidemic in biology [11] The classic worm propagation models include SIR/SIS model [12], two-factor model [13], and WOW model [14] Allofthesestudiesasmentionedabovefocusonthetraditional worm; however, our paper focuses on constructing apropagationmodelofbd-wormthesecurityofbigdata has attracted the attention of mobile phone and computer users Once the BD-Worm is released into the integrated network by attacker, it will steal huge privacy data Attacker can control the whole data in infected host through the backdoor reserved by worms 3 Modeling of BD-Worm In this section, we provide the big data structure of integrated network and model the BD-Worm The integration of Internet and Mobile network makes many data services shared in the mobile terminals and computers Users can access the Internet anytime and anywhere Mobileoffice,remoteoffice,andreal-timeofficearethemarks of big data era The data in Internet and Mobile network are collected into the cloud platform for further storage and management The structure of big data environment is showed in Figure 1 The model of BD-Worm can be modeled in five aspects: the infecting process of BD-Worm, the connection probability among each node, the defense capability of mobile nodes and fixed nodes, the opening probability of each suspicious fileafterbeingreceived,and,thelastpart,computingresource controlling 31 Infection Process of BD-Worm The integrated network produced variety of data formats, such as gif, doc, mp3, and rmvb [15] BD-Worm propagates in integrated network by embedding in the document BD-Worm spreading in a large scale occupies amounts of data storage space For the reason that BD-Worm runs on various operating systems, the malicious software programs attached by the document must contain most of the major operating systems both for computer and smart phone, such as windows, Mac, and Android TheprocessofworminfectionisshowninFigure 2 As the figure shows, when user received a file attached worm, the file should be scanned by antivirus software to detect whether there are any abnormalities or not If the file is abnormal, it will be deleted If the file is opened by user, it will copy itself and infect other files, which will consume large amount of computing resources That means the abnormal computing

3 Distributed Sensor Networks 3 Data center Cloud platform Remote office ISDN WAN Services Internet ISDN WiFi 3G WiFi Remote office Airport Figure 1: The big data environment structure Coffee shop Home Receive a file Antivirus software Abnormal No Open the file Memory consuming abnormal No Normal file Yes Delete the file Yes Delete the process 32 Connection Probability of Nodes In big data environment,thetopologyoftheintegratednetworkplaysacritical role in determining the propagation speed of BD-Worm In this paper, the topology of the integrated network is determined by connection probability of nodes All notations used in our paper are shown in Abbreviations Section To analyse the topology of integrated network, G = (V, E) stands for the network There are N nodes and m edges in the network V = {V 1, V 2,,V N } is the set of nodes, while E={e 1,e 2,,e M } is the set of edges The nodes in the integrated network are classified into two categories: fixed nodes and mobile nodes Let VM denote the mobile nodes and VF denote the fixed nodes: V={V 1, V 2,,V N }, VM = {Vm 1, Vm 2,,Vm m }, VF = {Vf 1, Vf 2,,Vf n }, (1) Figure 2: The process of worm infecting resource consuming will cause user s awareness The user will adjudge the memory consuming If he or she finds that the computed resource controlling is abnormal, the progress of the worm will be killed directly Otherwise, we consider that the file is benign If the file is a normal one, it will continue receiving the file The BD-Worm which runs with infected file will begin to control the computing resources Finally, it continues to receive the file This process will be repeated in the whole network unless all BD-Worms are removed m+n=n, where Vm i, i [1,m],standsforamobilenode,Vf j, j [1,n], stands for a fixed node, and the total number of mobile nodes and fixed nodes is N In the integration network, we define P F =m/nas the proportion of the fixed nodes in the network On the other hand, we define P M astheproportionofmobilenodesinthe network: P M =1 P F (2) When P F =1, the integrated network is the Internet in fact As P F decreases, there will be more mobile devices added in the integrated network while less computers are added as

4 4 Distributed Sensor Networks well When P F =0, the integrated network changes to be a Mobile network Therefore, in order to generate the integrated network, we need to analyze the degree distribution P(k) of the Internet and Mobile network, respectively, and integrate them to be the integrated network In the Internet, recently Faloutsos et al [16] showed empirically that certain properties of the AS-level Internet topology are well-described power laws The most interesting of these regards the degree of a node If we let P(k) be the fraction of nodes with degree k, then it is demonstrated that P(k) k α The exponent α is obtained by performing a linear regression on P(k) whenplottedon2002as-leveltopology; here α = 218 To keep it simple, the Internet in this paper is defined as a scale-free network with the degree distribution P(k) k 2 [17] Inthemobilenetwork,Lambiotteetal[18] analyzed statistical properties of a Mobile network constructed from the records of a mobile phone company The network consists of 25 million customers that have placed 810 million communications (phone calls and text messages) over a period of 6 months It is shown that the degree distribution in themobilenetworkhasapower-lawdegreedistribution P(k) k 5 In this paper, although worm spreads in Mobile network only through SMS, MMS, and GPRS, which do not contain phone calls, this spreading still mainly follows the relationship between the mobile users Therefore, the Mobile network is also defined as a scale-free network with powerlaw exponent α= 5 According to the above analysis, the power-law exponent of the integrated network degree distribution can be written as 5 α 2,andα changed with proportion of the fixed node (mobile node) in integration network P F (P M ) We denote that α= 2 3ρis the power-law exponent of integrated network Recently, a power-law topology generator is the best candidate to generate the integrated network, although the degree of a real integrated network may not be strictly power-law distributed when the integrated Internet and Mobile network are the heterogeneous network In this paper, we use the generalized linear preference (GLP) power-law generator [19] There are two important reasons Firstly, it presents a generalized linear preference model that, coupled with the incremental algorithm of [20], generates topologies that more closely model the Internet Secondly, we choose the GLP power-law network generator instead of other generators because it also has an adjustable power-law exponent η The following is the formula of η: 2m β(1 p) (1 + p) m =η, (3) where m isthenumberofinitialedgesofanewnode,p [0, 1] is the probability that adds m new links, and β (, 1) is a tunable parameter that indicates the preference for a new node (edge) connecting to more popular nodes The bigger the value of β is, the more preference is given to high degree nodes There are no self-loops and merge duplicate edges in the GLP Then [19] demonstrated that η= α+1approximately According to the α, η can be derived as η= 1 3ρ In the GLP generator, m and p always change little in different network and are less effective in ηthenwe assume that m and p have a constant value observed from empirical data and only adjust β to match η In the integrated network, infected nodes will transfer files with other connected nodes Among the large number of connected nodes, which node the infected node would like to choose is a significant problem Then, we will calculate the node connecting probability If there is an edge between node i and node j, wenote that b ij =1;otherwiseb ij =0Thus,thewholenetworkcan be defined as correlation matrix A: b 11 b 12 b 1n b 21 b 22 b 2n A=( ) (4) b n1 b n2 b nn According to the matrix, we can find that the nodes directly connected with node i canbedefinedasa i = (b i1 b i2 b in ) k i is the degree of node i, anditcanbe derived from k i = n j=1 b ij K is all the degrees of the network: k K=( 0 d 0 ) (5) 0 0 k n The total degree of all nodes connected to node i is k D si =a i K=(b i1 b i2 b in ) ( 0 d 0 ) (6) 0 0 k n We consider a node only transferring files to the other node that is connected It sounds more reasonable than transferring files to all the nodes no matter whether it is connected or not cp is the connected probability Therefore, the probability of node i being connected to node j is as follows: cp = k i D si = n j=1 b ij (b i1 b i2 b in ) ( k d k n ) 33 Opening Probability One of the most significant studies of modeling the worm propagation model is qualifying the user awareness The user security consciousness determines whether the worm can be activated successfully User awareness is too complex to be modeled well, for the reason that it may be affected by everything around the user Based on the BD-Worm malicious acts to the system and the common characters of the computer and smartphone, we can study the computing resource consuming acting on the user awareness Because worm copies itself and infects other files, it will cause CPU hogs and rewrite hard-disk driver frequently and that will reduce the system operability sharply (7)

5 Distributed Sensor Networks 5 In particular, when the computing resource consuming is at a very high level, the obvious abnormal lag of opening files or software will easily draw the user s attention and replace his normal work (such as opening received files from ) with checking his system When the amount of computing resource consumption increases at a high level, we can notice the abnormity Also, we can conclude that the opening probability equals 100 percent with no computing resource consuming and zero percent with full use of computing resource consumption Therefore, we should simulate the opening probability with an equation like circle x 2 +y 2 = 1, x > 0, y > 0 While the circle equation with radio equals one did not work well in simulating user awareness, to keep simple, let opp n (t) be the opening probability of node n at time t Consider opp n (t) = 1 crc n (t), wherecrc n (t) is computing resource consuming and crc n (t) [0, 1) OPP(t) is the opening probability of wholenetwork,forcalculatinginthewormpropagation model OPP i,t (t) = OPP 1 (t) is the opening probability of node 1: OPP (t) =( opp 1 (t) opp n (t) d opp 1 (t) opp n (t) ) (8) 34 Computing Resource Controlling In big data environment, when a host is infected by worm, it will consume many computing resources The high computing resource consuming will result in users security consciousness and will kill the worms The computing resource controlling is a complex factor that affects the worm propagation speed There are two reasons One is the higher computing resource consuming intending to increase user awareness which will reduce the opening probability The other is the higher computing resource consuming and longer infected time which will increase abnormal files among the transferring files which will increase the propagation speed Let diagonal matrix CRC(t) be the abnormal files probability of the whole network CRC i,i (t) [0, 1] is the sum of crc t (t) from time one to time t divide a constant CWhen t i=1 crc 1(i) equals C,we think that all of the certain files have already been infected Then, we can draw the conclusion that computing resource consuming affecting worm propagation speed in reason one is opposite to reason two In practice, forever propagation might not be possible because the worm will ultimately be detected by host-/software-based detection methods and the vulnerability exploited by the worm will be fixed through software updates within a certain amount of time [21] Hence, how to get a high propagation speed is a necessary and significant work in this paper: t i=1 crc 1 (i) 0 0 C CRC (t) =( 0 d t i=1 crc n (i) C ) (9) To control the worms resource consuming, we provide a greedy method In the greedy method, the BD-Worm is always greedy on the computing resource consuming since it infects a node successfully In the greedy method, the BD- Worm will firstly infect a target node with a low computing resource consuming to avoid abnormality After the BD- Worm infects the node, it will increase the consuming in order to copy itself and infect other nodes It is a serious problem when and how much should the BD-Worm increase theconsumingitishardtomakeastandardthatfitsforall nodes, for the reason that user awareness is different with anybody and unfit increasing lead the progress to be killed by user One standard only fits for one node Therefore, we make a rule that will test the user awareness to solve the problem As we know, an infected node still receives abnormal files frequently when the worm outbreaks The rule is to control the new progress consuming created by the new abnormal files which is equal to the consuming which the BD-Worm will increase If the increasing draws user attention, only the new progress will be killed Otherwise, the increase of consuming can be trusted Let crc n (t) = μ+cou n (t) φ where μ is the initial computing resource consuming, cou n (t) is the time of an infected opening the abnormal files, and φ is the increasing computing resource consuming It is a linear equation and ranges from zero to one 35 Defense Capability of Nodes Because of difference of defense capability of mobile nodes and fixed nodes, the probability of worm nodes being detected is different In this paper, we define defense capability of nodes as the probability of worm nodes being detected Defense strategy can be generally classified into two categories: active defense strategy and passive defense strategy Active defense refers to those strategies aiming at enhancing the defense capability of the system actively For example, abnormal detection can reduce the possibility of worm to attack system successfully Active defense strategy is deployed not for a particular worm, while passive defense strategy is deployed after detecting worms on the Internet There are many passive strategies, such as system patch and blacklist of malicious address [22] Actually, whether it is active defense strategy or passive defense strategy, the defense capability of mobile nodes is weaker than fixed nodes We introduce a parameter DC(n) denoting the defense capability of node n, which represents the undetected probability of the integrated network Compared with the computer, mobile phone is weaker in some aspects, such as its limited computing resources and its limited battery life In the big data environment constituted by mobile nodes and fixed nodes, the abnormalities caused by worms in mobile nodes are more obvious, which means the capability of mobile nodes is weaker than fixed nodes We introduce α m,α f denoting the undetected probability of mobile nodes and fixed nodes, respectively The bigger the undetected probability is, the stronger the defense capability will be

6 6 Distributed Sensor Networks Table 1: Default simulation parameters list Parameter Value N P F 50% β 35 m 1 p 05 μ 01 φ 005 α m 01 α f 01 That is to say, α m α f DC(n) istheundetectedprobability of the whole network: DC (n) = { α m if M n,n =1 { α { f if F n,n =1 4 BD-Worm Simulation (10) To study the characteristics of BD-Worm propagation in integrated network, we simulate the propagation on OMNet First, we generate several GLP topological networks by BriteSecond,wesimulatethespreadingprocessofBD- Worm by sending message Lastly, we compare the BD-Worm spreading simulation results with different parameters There is a parameters list of integrated network which is shown in Table 1 41 The Influence of Network Topology The network topology hasagreatimpactonwormpropagation We know the amount of mobile phones and computers in the integrated network will affect the propagation of worms obviously Therefore, we try to find the character of worm propagation on the topology we proposed by simulating worm propagation on the network topology of Internet, Mobile network, and integrated network In the simulation, the integrated network consists of nodes of Internet and nodes of Mobile network, and the total number of the nodes in integrated network is Unlike the traditional worm, BD-Worm could spread on both the Internet and Mobile network The network proportion is 05 We generate the topology by Brite and the average degree in Internet degree is 40196, in Mobile network the degree is 39794, and in the integrated network the degree is So, the average degree of the network topology is 4 From the worm propagation in the complex network, we know the degree of the first infected node makes a big differenceonwormpropagationinthispaper,wechoosea high degree node instead of the average degree for the reason that a node with high degree has a more stable spreading From the result showed in Figure 3, worm propagation in Mobile network is a little faster than in Internet Worm propagatesthefastestintheintegratednetworkwhenp F = 50%orP M =50%, that is to say, there are fixed nodes Number of nodes Propagation speed Time fixed nodes mobile nodes heterogeneous nodes fixed nodes in heterogeneous network mobile nodes in heterogeneous network Figure 3: BD-Worm propagation in integrated network compared with traditional worm spreading in single network or mobile nodes in the integrated network, the two propagation curves are nearly the same We can draw a conclusion from the simulation results that BD-Worm spreads fast at the beginning of the propagation and spreads faster in integrated network than in Internet or Mobile network Once worm outbreaks in integrated network, its high propagation speed will lead the existing defense to be useless and the loss will be catastrophic Therefore, we need to improve the capability of anomaly detection and early warning in both Internet and Mobile network to contain the spread of worms 42 The Influence of Defense Capability Because of the limited computing resources of mobile intelligent terminals, the defense in the Mobile network is absolutely not as good as in the Internet In this simulation, we increase the defense capability of Mobile network α m from 01 to 03 and compare it with the default parameter 01 As showed in Figure 4, first, the propagation speed with α m = 03 has remarkable increasing compared with α m = 01 Second,notonlydoes the BD-Worm propagation speed in Mobile network gain a lotofspeed,buttheinternetwiththeunchangedα f =01 also accelerates the BD-Worm spreading speed Furthermore, BD-Worm propagation in Mobile network is faster than in Internet As we all know, the replacement of smartphones is very fast The security technology for smartphones is not keeping up with the development of phones, leading to the weak defense capability to virus and worm Our personal information is stored in smartphone; the security capability is a serious problem

7 Distributed Sensor Networks 7 Number of node 10 4 Propagation speed Time nodes mix 01, fixed nodes mobile nodes mix nodes 01, fixed nodes mobile nodes 03 Figure 4: BD-Worm spreading with different defense Therefore, we can draw the conclusion that the weakness of host detection in Mobile network increases the BD-Worm propagation sharply and causes the defense in Internet to be not useful as before On the other hand, if we could reduce the undetected probability α m, which means enhancing the defense capability of mobile nodes, it will protect the worm spreading not only in Mobile network, but also in the Internet Also, unlike the case in the Internet, the defense in the mobile network still has a lot of room to develop Hence, we should put more resources into developing the defense in Mobile network 5 Conclusion In this paper, we first propose a BD-Worm, worm propagating in big data environment caused by integration of Internet and Mobile network Then we model the BD-Worm with its infection process, connection probability opening probability and computing resource consuming in theory Finally, we simulate the propagation of BD-Worm From the simulation result, we draw the conclusions First, worms in big data environment which are integrated by mobile nodes and fixed nodes propagate faster than worms in traditional Internet and they will cause more serious damage than traditional ones Second, if we put more resources into developing the defense on Mobile network node, it also protects the Internet nodes BD-Worm provided in this paper is just one classic security problem under the big data field The privacy protection is a serious problem in big data environment Enhancing security and defense capability should improve our technology both in smartphones and computers Abbreviations P(k): Heterogeneous network degree distribution VM: Mobilenode VF: Fixednode P F : Proportion of the fixed node in integration network P M : Proportion of the mobile node in integration network ρ: Proportion of computer in heterogeneous network α: Exponent in scale-free network η: Exponent in GLP generator p: Probability that adds m new links β: Tunable parameter that indicates the preference for a new node K: All the degrees of the network Np: Network proportion cp: Network connected probability DC(n): Noden having a probability of undetected worm α m : Undetected probability on Mobile network α f : Undetected probability on Internet opp n (t): Openingprobabilityofnoden at time t crc n (t): Computing resource consuming OPP(t): Opening probability of whole network CRC(t): Diagonal matrix, abnormal files probability of the whole network μ: Initialcomputingresourceconsuming φ: Increasing computing resource consuming λ: Infected probability Conflict of Interests The authors declare that there is no conflict of interests regarding the publication of this paper Acknowledgment This work is partially supported by 863 National Hi-Tech Research and Development Program (2011AA01A103) References [1] J Manyika, M Chui, B Brown et al, Big Data: The Next Frontier for Innovation, Competition, and Productivity, 2011 [2] W Guo, L Zhai, Y Ren, and L Guo, Intelligent heterogeneous network worms propagation modeling and analysis, in Computer Science and Its Applications, vol 203, pp , Springer,Amsterdam,TheNetherlands,2012 [3]JKLaurila,DGatica-Perez,IAadetal, Themobiledata challenge: big data for mobile computing research, in Proceedings of the International Conference on Pervasive Computing, (EPFL-CONF ), 2012 [4] S N Zhao, The Research on Big Data s Distributed Storage and Secure Protection, Shan Dong University, 2014 [5] M M Wang, BigDataEncryptionAlgorithmBasedonData Deduplication Technology, North China University of Water Resources and Electric Power, 2013

8 8 Distributed Sensor Networks [6] F Su, Research on Worm Propagation Modeling and Defense Strategies in the Next Generation Internet, Beijing University of Posts and Telecommunications, 2011 [7] Y G Xu, H T Qian, and K Zhang, Research of DNS worm in IPv6 networks, Computer Science, vol36,no12,pp32 36, 2009 [8] Z Wang, Research on Worm Propagation and Prevention-Cure in Internet of Vehicles, Nanjing University of Science & Technology, 2013 [9] A Wagner, T Dübendorfer, B Plattner et al, Experiences with worm propagation simulations, in Proceedings of the ACM workshop on Rapid Malcode, pp 34 41, ACM, 2003 [10] C C Zou, D Towsley, and W Gong, On the performance of internet worm scanning strategies, Performance Evaluation, vol63,no7,pp ,2006 [11] Y Wang, D Chakrabarti, C Wang, and C Faloutsos, Epidemic spreading in real networks: an eigenvalue viewpoint, in Proceedings of the 22nd International Symposium on Reliable Distributed Systems (SRDS 03), pp 25 34, October 2003 [12] C C Zou, D Towsley, and W Gong, On the performance of Internet worm scanning strategies, Performance Evaluation, vol63,no7,pp ,2006 [13] R Pastor-Satorras and A Vespignani, Epidemic dynamics and endemic states in complex networks, Physical Review E,vol63, Article ID , 2001 [14] Z Chen, L Gao, and K Kwiat, Modeling the spread of active worms, in Proceedings of the 22nd Annual Joint Conference of the IEEE Computer and Communications Societies (INFOCOM 03),vol3,pp ,April2003 [15] P Zikopoulos and C Eaton, Understanding Big Data: Analytics for Enterprise Class Hadoop and Streaming Data, McGraw-Hill Osborne Media, 2011 [16] M Faloutsos, P Faloutsos, and C Faloutsos, On power-law relationships of the internet topology, in Proceedings of the ACM Conference on Applications, Technologies, Architectures, and Protocols for Computer Communication (SIGCOMM 99), pp ,September1999 [17] A-L Barabási and R Albert, Emergence of scaling in random networks, Science,vol286,no 5439,pp , 1999 [18] R Lambiotte, V D Blondel, C de Kerchove et al, Geographical dispersal of mobile communication networks, PhysicaA:Statistical Mechanics and Its Applications,vol387,no21,pp , 2008 [19] T Bu and D Towsley, On distinguishing between Internet power law topology generators, in Proceedings of the 21st Annual Joint Conference of the IEEE Computer and Communications Societies (Infocom 02),vol2,pp ,June2002 [20] R Albert and A-L Barabási, Topology of evolving networks: local events and universality, Physical Review Letters, vol 85, no24,pp ,2000 [21]MChristodorescu,SJha,SASeshia,DSong,andRE Bryant, Semantics-aware malware detection, in Proceedings of theieeesymposiumonsecurityandprivacy,pp32 46,May 2005 [22]DBrumley,L-HLiu,PPoosankam,andDSong, Design space and analysis of worm defense strategies, in Proceedings of the ACM Symposium on Information, Computer and Communications Security (ASIACCS 06), pp , ACM, March 2006

9 Rotating Machinery Engineering The Scientific World Journal Distributed Sensor Networks Sensors Control Science and Engineering Advances in Civil Engineering Submit your manuscripts at Electrical and Computer Engineering Robotics VLSI Design Advances in OptoElectronics Navigation and Observation Chemical Engineering Active and Passive Electronic Components Antennas and Propagation Aerospace Engineering Modelling & Simulation in Engineering Shock and Vibration Advances in Acoustics and Vibration