2009 Sixth IFIP Iteratioal Coferece o Network ad Parallel Computi Modeli the Propaatio Process of Topoloy-Aware Worms A Iovative Loic Matrix Formulatio Xia Fa School of Maaemet ad Iformatio Systems Cetral Queeslad Uiversity, Australia x.fa2@cqu.edu.au Ya Xia School of Maaemet ad Iformatio Systems Ceter for Itelliet ad Networked Systems Cetral Queeslad Uiversity, Australia y.xia@cqu.edu.au Abstract This paper presets a study o modeli the propaatio process of topoloy-aware worms. Topoloy-aware worms are more itelliet ad adaptive to etwork topoloies tha other worms, thus are more difficult to cotrol. Due to the complexity of the problem, o existi work has solved the problem of modeli the propaatio of topoloy-aware worms. Our major cotributios i this paper are firstly, we propose a iovative loic matrix formulatio of the propaatio process of topoloy-aware worms; ad secodly, we fid, from the applicatios of the formulatio i our experimets, the impacts of two differet topoloies, amely the simple radom raph topoloy ad the pseudo power law topoloy, o a P2P worm s mea coverae rate i the P2P overlay etwork. The proposed iovative loic matrix formulatio, which is a discrete time determiistic propaatio model of topoloy-aware worms, ca traslate the propaatio process of topoloy-aware worms ito a sequece of loic matrix operatios. Its effectiveess ad efficiecy are demostrated by its applicatios i our experimets. 1. Itroductio Worms ca be classified accordi to the techiques by which they discover ew tarets to ifect. Scai, which etails probi a set of addresses to idetify vulerable hosts [1], is the most widely employed techique by worms. Scai could be implemeted differetly, which leads to several differet types such as radom scai, localized scai [2], sequetial scai [3], routable scai [4], selective scai [4], importace scai [5, 6], ad topoloical scai, which was employed by the Morris Iteret Worm of 1988 as its taret discovery techique [7]. Worms employi all other types of scai except topoloical scai amo the above types do ot eed to have ay kowlede o topoloy of the etwork they ited to propaate across. O the other had, worms employi topoloical scai must have the more or the less iformatio o the etwork they ited to propaate over, or have the capability to discover that iformatio if they do ot have it i advace. Therefore, worms employi topoloical scai are also called topoloy-aware worms. A typical example of topoloy-aware worms is a worm attacki a flaw i a Peer-to-Peer (P2P) applicatio ad propaati across the P2P etwork by etti lists of peers from its victims ad directi its subsequet attacks to those peers. This sort of topoloy-aware worm is called P2P worm. The Slapper worm [8] of 2003 was a typical example of P2P worms. The subsequet appearace of variatios of the Slapper worm (the Slapper.B worm a.k.a. Ciik ad the Slapper.C worm a.k.a. Ulock) idicates that exploit code, viruses ad worms are becomi icreasily complex ad sophisticated [8]. They are posi a serious challee to etwork security. Due to the recet popularity of P2P systems with icreasi umber of users, P2P systems ca be a potetial vehicle for worms to achieve faster propaatio across the Iteret. Worm propaatio o top of P2P systems could result i siificat damaes as illustrated by [9]. I order to fid a effective ad efficiet coutermeasure aaist the propaatio of topoloyaware worms i eeral, ad P2P worms i particular, we must fully uderstad their propaatio process. I this paper, we propose a iovative loic matrix formulatio of the propaatio process of topoloy- 978-0-7695-3837-2/09 $25.00 $26.00 2009 IEEE DOI 10.1109/NPC.2009.30 182
aware worms, which ca be used to describe the propaatio process of this type of worms. 2. Related work Mathematical models developed to model propaatio of ifectious diseases have bee adapted to model propaatio of worms [10]. I epidemioloy area, both determiistic ad stochastic models exist for modeli the spreadi of ifectious diseases [11-14]. I etwork security area, both determiistic ad stochastic models of worms based o their respective couterpart i epidemioloy area have emered. Determiistic models of worms could be further divided ito two cateories cotiuous time ad discrete time. Stochastic models of active worms are based o the theory of stochastic processes. All of them are discrete time i ature. I the classical simple epidemic model [11-14], all hosts stay i oe of the oly two states at ay time susceptible (deoted by S ) or ifectious (deoted by I ), ad thus it is also called the SI model. Staiford et al. preseted a propaatio model for the Code-RedI v2 worm [15], which is essetially the above classical simple epidemic model. The classical eeral epidemic model (Kermack-McKedrick model) [11-14] improves the classical simple epidemic model by cosideri removal of ifectious hosts due to patchi. The two-factor worm model [10] exteds the classical eeral epidemic model by accouti for removal of susceptible hosts due to patchi ad cosideri the pairwise rate of ifectio as a variable rather tha a costat. The discrete time determiistic Aalytical Active Worm Propaatio (AAWP) model [16] takes ito accout the time a ifectious host takes to ifect other hosts, which is a importat factor for the spread of active worms [17]. Sice propaatio of active worms is a discrete evet process, this model of active worms is more accurate tha its cotiuous time couterparts i the determiistic reime. Rohloff ad Basar preseted a stochastic desitydepedet Markov jump process propaatio model [18] for worms employi the radom scai approach draw from the field of epidemioloy [12, 19]. Sellke et al. preseted a stochastic Galto-Watso Markov brachi process model [20] to characterize the propaatio of worms employi the radom scai approach. A more detailed survey o modeli the propaatio process of worms ca be foud i [21]. The formulatio proposed i this paper is a discrete time determiistic propaatio model of topoloyaware worms. 3. The proposed iovative formulatio At the beii of this sectio, we exted defiitio of a matrix to allow its elemets to be variables or costats of loic type; ad term such kid of matrices loic matrices. Several operatios of loic matrices are defied. The, topoloy ad state of a etwork are represeted by its topoloy loic matrix ad state loic matrix, respectively. Fially, a iovative loic matrix formulatio of the propaatio process of topoloy-aware worms is derived from first priciple. 3.1. Loic matrices ad their operatios We exted defiitio a matrix to allow variables or costats of loic type as its elemets. The value of a variable of loic type ca oly be oe of the oly two loic costats True (deoted by T ) or False (deoted by F ). Therefore, a loic matrix could be defied as a two-dimesioal array of elemets T ad F oly. If a loic matrix has oly oe row or oe colum, we ca also call it a loic row vector or loic colum vector, respectively. We defie deree of a variable l of loic type (deoted by de(l ) ) as 1 whe its value is T, ad 0 whe F ; ad defie deree of a loic matrix L (deoted by de(l ) ) as the total umber of its elemets whose value is T. Accordi to the above defiitios, deree of a loic matrix L could be worked out by summi deree of its each elemet l, that is, de( L ) = de( l). (1) Two loic matrices A ad B ca be added if ad oly if their dimesios are the same, that is, they all have the same umber of rows ad colums. The resultat S = A + B is a loic matrix of the same dimesio with its elemet s ij (lies i the i -th row ad the j -th colum) bei the results of loic OR of the correspodi elemets a ij ad b ij of the two loic matrices to be added. It ca be defied mathematically as follows s = ij a ij OR b ij. (2) It could be easily derived that deree of the resultat loic matrix S caot be less tha that of both loic matrices A ad B to be added; ad that deree of the resultat loic matrix caot be reater tha sum of deree of each loic matrix to be added, that is, de( ) de( ) de( ) de( ) ; (3) A S A + B 183
ad de( B ) de( S) de( A) + de( B). (4) A loic matrix A ca be multiplied by aother loic matrix B if ad oly if their ier dimesios are the same, that is, umber of colums of the multiplicad loic matrix (the left oe) is equal to umber of rows of the multiplier loic matrix (the riht oe). Mutatio law, which applies to loic matrix additio, does ot apply to loic matrix multiplicatio. The product = is a loic matrix of the same umber of P A B rows as A ad the same umber of colums as B. We defie value of elemet p (lies i the i -th row ad ij the j -th colum) of the product to be determied by the followi equatio p ij = a ik k = 1 AND b kj, (5) where AND stads for loic AND operatio, deotes ier dimesios of the multiplicad ad multiplier loic matrices, ad = k 1 represets loic OR operatio of all those resultats of loic AND operatios whe k from 1 to, iclusive. Now the stae for later discussio has bee set. I the ext two sub-sectios, we will itroduce the cocepts of a etwork s topoloy loic matrix ad state loic matrix, respectively; ad derive our iovative loic matrix formulatio of the propaatio process of topoloy-aware worms from first priciple. 3.2. Loic matrix represetatios Accordi to the traditioal raph theory, a computer etwork could be represeted by a directed raph G, with its set of vertices V represeti all computers coected to form the etwork, ad its set of directed edes E represeti all directed liks amo these computers. A directed lik from computer i to computer j meas computer i is able to sed messaes to computer j, but computer j is ot able to sed messaes to computer i. Topoloy of a computer etwork cosisti of computers could be represeted by a by square t (lies i the i -th row ad matrix with its elemet ij the j -th colum) idicati whether there is a directed lik from computer i to computer j. Uder the traditioal directed raph theory, the umeric costat 1 is used to idicate there is a directed lik, ad 0 to idicate there is ot. We, i this paper, propose a differet approach to idicati the existece or ot of a directed lik. The loic costat T is used to idicate there is a directed lik, ad F to idicate there is ot. Therefore, topoloy of a computer etwork cosisti of computers could be represeted by a by loic square matrix T. We term it topoloy loic matrix of the etwork. Each row of the topoloy loic matrix of a computer etwork forms a loic row vector, which is a loic vector represetatio of outboud lik(s) of a particular computer beloi to the etwork. We call this loic vector the computer s topoloy out-deree loic vector. Each colum of the topoloy loic matrix of a computer etwork forms a loic colum vector, which is a loic vector represetatio of iboud lik(s) of a particular computer beloi to the etwork. We call this loic vector the computer s topoloy i-deree loic vector. For example, the i -th row of a topoloy loic matrix represets outboud lik(s) of computer i, ad the j -th colum of a loic matrix represets iboud lik(s) of computer j. It ca be easily derived that values of topoloy ideree ad out-deree of each computer beloi to a etwork equate to derees of the computer s topoloy i-deree ad out-deree loic vector, respectively, which ca be worked out by usi equatio (1) ive i the previous sub-sectio. Next, we represet states of all computers beloi to a etwork by a loic matrix (row vector) S of dimesio 1 by with its elemet (lies i the S 1 j 1st row ad the j -th colum) idicati whether computer j has bee ifected by ay malware ad become ifectious. The loic costat T is used to idicate the computer has bee ifected ad become ifectious, ad F to idicate it has ot. We term the above loic matrix (vector) the etwork s state loic matrix (vector). It ca be easily derived that the total umber of ifected ad ifectious computers i a etwork equates to deree of the etwork s state loic matrix (vector), which ca be worked out by usi equatio (1) ive i the previous sub-sectio. 3.3. The loic matrix formulatio Based o the above extesios to matrices ad their operatios ad extesios to the matrix represetatio of a etwork i the traditioal directed raph theory, we are ow ready to derive our iovative loic matrix formulatio of the propaatio process of topoloyaware worms from first priciple. 184
The derivatio of our iovative loic matrix formulatio of the propaatio process of topoloyaware worms is based o the followi assumptios. A ifectious computer will sed worm packet(s) to all other computers beloi to the same etwork to which it has a outboud lik, reardless of the state (ifected ad ifectious or ot) of those computers. A healthy (ot ifected ad ot ifectious) computer beloi to a etwork will be ifected ad become ifectious oce it receives worm packet(s) from aother ifectious computer beloi to the same etwork. A ifected ad ifectious computer beloi to a etwork will remai i that state whe it receives worm packet(s) from aother ifectious computer beloi to the same etwork. The propaatio process from sedi worm packet(s), to receivi worm packet(s), to havi the recipiet ifected ad the ifected becomi ifectious will be completed i the time iterval TI of strictly the same leth. There are a total of computers beloi to a loical (ot physical) etwork uder cosideratio. Iitially, there are a total of I0 computers which are ifected ad ifectious. Accordi to the above assumptios, the loical etwork s iitial state could be represeted by its iitial S of dimesio 1 by ; ad state loic matrix (vector) 0 the total umber of iitially ifected ad ifectious computers I 0 equates to deree of S 0 I de(s0 ) 0 =. (6) Time itervalti later, the loical etwork s state could be represeted by its state loic matrix S of dimesio 1 by at that time; ad the (vector) 1 total umber of ifected ad ifectious computers I 1 at that time equates to deree of S 1 I 1 de(s ) 1 =. (7) I the same way, time iterval 2 TI later, the loical etwork s state could be represeted by its state loic matrix (vector) S2 of dimesio 1 by at that time; ad the total umber of ifected ad ifectious computers I 2 at that time equates to deree of S 2 I de(s2) 2 =. (8) Geerally, time iterval TI later, the loical etwork s state could be represeted by its state loic matrix (vector) S of dimesio 1 by at that time; ad the total umber of ifected ad ifectious computers I at that time equates to deree of S I de(s ) =. (9) I the same way, time iterval ( +1) TI later, the loical etwork s state could be represeted by its state loic matrix (vector) S + 1 of dimesio 1 by at that time; ad the total umber of ifected ad ifectious computers I + 1 at that time equates to deree of S + 1 I 1 de(s + 1) = +. (10) Duri the above propaatio process, the total umber of ifected ad ifectious computers keeps icreasi prior to a certai time poit. Fially, time iterval ( G +1) TI later the total umber of ifected I ad ifectious computers G+ 1 at that time will be equal to I G, which reveals the above propaatio process will actually stop at time poit G TI. We otice that the loical etwork s state at time poit ( +1) TI represeted by its state loic matrix (vector) S + 1 is fully determied by its state at time poit TI represeted by its state loic matrix (vector) S ad its loical topoloy represeted by its topoloy loic matrixt. We fid the relatioship amo S + 1, S, adt could be mathematically described as follows S 1 = S + S T +, (11) where stads for loic matrix multiplicatio, ad + deotes loic matrix additio, both of which have bee defied i sub-sectio 3.1. I the above equatio, S is a 1 by loic matrix adt is a by square loic matrix. The resultat ofs T (deoted by S' ) is a 1 by loic matrix (row vector) represeti all computers beloi to the etwork that could be ifected at time poit ( +1) TI ive the etwork s state at time poit TI represeted by its state loic matrix (row vector) S ad its loical topoloy represeted by its topoloy loic matrixt. Accordi to defiitio of loic matrix multiplicatio ive i sub-sectio 3.1, value of the j -th elemet of S' (deoted by s' 1 ) is j determied by equatio (5), wherei equates to 1 because both the multiplicad ad the resultat loic matrix are loic row vectors, that is, 185
s' where 1 j s = k = 1 s AND t kj, (12) stads for the value of the elemet which lies i the k -th colum of S, ad t kj deotes value of the elemet which lies i the k -th row ad the j -th colum oft. I the above equatio, tkj for all k from 1 to actually represets compute j s topoloy i-deree loic vector. The resultat of s AND t kj will be loic T if ad oly if both values of s ad t kj are loic T, which idicates at time poit TI computer k is ifectious ad computer j has a iboud lik from computer k. The loic OR operatio of all those resultats of loic AND operatios whe k from 1 to, iclusive, deoted by k = 1 i the above equatio actually says if there exists at least oe value of k from 1 to, iclusive, which makes the value of the resultat of s AND t kj to be loic T, the value of s' will be loic T. Therefore, equatio (12) actually says if at time poit TI at least oe computer amo those computers from which computer j has a iboud lik is ifectious, computer j will be ifected ad become ifectious at time poit ( +1 ) TI. The, accordi to the defiitio of loic matrix additio ive i sub-sectio 3.1, it could easily derived that S + S T actually just adds all those computers that could be ifected at time poit ( +1) TI represeted by S T to the 1 j etwork s state at time poit TI represeted by S. The resultat of the above loic matrix additio operatio represets the etwork s state at time poit ( +1 ) TI, which is represeted by S + 1. Hece, equatio (11) ets proved. The framework formed by Equatios (9) ad (11) alo with the criterio proposed i this paper used to determie whether the propaatio process has actually stopped is a discrete time determiistic propaatio model of topoloy-aware worms. We call the above framework the loic matrix formulatio of the propaatio process of topoloy-aware worms. The formulatio ca traslate the propaatio process of topoloy-aware worms ito a sequece of loic matrix operatios, which are easily implemeted with ay matrix-friedly mathematics prorams. 4. Applicatios of the formulatio We apply the loic matrix formulatio of the propaatio process of topoloy-aware worms proposed i this paper to ivestiate the impacts of two differet topoloies, amely the simple radom raph topoloy ad the pseudo power law topoloy o the coverae rate of topoloy-aware worms. Coverae rate (deoted bycr i this paper) of a worm is defied i this paper as a ratio i percetae of the maximum umber of computers beloi to a etwork that could be ifected ad become ifectious to the total umber of computers beloi to the same etwork. Accordi to the criterio proposed i this paper used to determie whether the propaatio process of a topoloy-aware worm has actually stopped, coverae rate of a topoloy-aware worm i a etwork could be worked out by usi the followi equatio de( SG ) CR = 100%, (13) where S represets the state loic matrix of the G etwork at the time poit whe the propaatio process has just stopped. 4.1. The simple radom raph topoloy Firstly, we apply the proposed loic matrix formulatio of the propaatio process of topoloyaware worms to ivestiate the impacts of two parameters, amely the umber of iitially ifected computers I 0 beloi to a etwork ad the mea value of topoloy out-deree E( Dout ) of the etwork, o the coverae rate CR of a particular sort of topoloy-aware worm called P2P worm i the etwork. We proram the proposed formulatio with MathWorks MATLAB, which is a matrix friedly mathematics proram. Our implemetatio i MATLAB assumes there are a total of = 10, 000 peers (computers) beloi to the loical P2P overlay etwork uder cosideratio. Therefore, the topoloy of the overlay etwork is represeted by its topoloy loic matrixt, which is a 10,000 by 10,000 square loic matrix; ad the its iitial state is represeted by its iitial state loic 186
S ( de(s ) I 0 matrix 0 0 = ), which is a 1 by 10,000 loic matrix (row vector). We radomly select all iitially ifected peers (computers) from all peers beloi to the overlay etwork. Mea value of topoloy out-deree E( Dout ) of the overlay etwork is determied by the followi equatio de( Ti ) i= E( Dout ) = 1, (14) T stads for the i -th row oft, which is actually where i the topoloy out-deree loic vector of peer (computer)i beloi to the overlay etwork. I the experimets coducted for this sub-sectio, we assume each peer has the same value of topoloy out-deree. Peers to which each peer has outboud liks are radomly selected from all peers except the peer itself beloi to the overlay etwork, which meas we do ot allow loop, that is, o peer has a outboud lik to itself. Therefore, we call the topoloy of the overlay etwork i the experimets coducted for this subsectio the simple radom raph topoloy. We coduct our experimets with MATLAB uder I ad E D ). ( out differet combiatios of values of 0 Firstly, we fix the umber of iitially ifected peers (computers) I 0 beloi to the overlay etwork to be 1, ad try to fid out the impact of mea value of topoloy out-deree E D ) o the coverae ( out ratecr of P2P worms i the overlay etwork. We radomly select all iitially ifected peer(s) from all peers beloi to the overlay etwork. A total of 5 scearios ( E( Dout ) from 1 to 5, iclusive) are ivestiated. Experimet for each sceario is repeated 100 times. The, the mea value of coverae rate ad coefficiet of variatio of coverae rate are worked out. Results from the experimets are listed i Table 1. Table 1. The simple radom raph topoloy (whe there is oly 1 iitially ifected peer radomly selected from all peers) Topoloy Out- Deree 1 1.23 54.81 2 79.64 0.68 3 94.08 0.27 4 98.06 0.16 5 99.31 0.09 As show by the above experimetal results, mea value of topoloy out-deree has reat impact o both mea value ad coefficiet of variatio of coverae rate of P2P worms i the overlay etwork featuri the simple radom raph topoloy. Icrease i mea value of topoloy out-deree results i icrease i mea value of coverae rate but decrease i coefficiet of variatio of coverae rate. Whe mea value of topoloy out-deree is icreased to 3, mea value of coverae rate is icreased to over 90% ad its coefficiet of variatio becomes very small, which idicates 3 is the miimum mea value of topoloy out-deree which ca make a P2P worm be able to ifect most peers with very hih certaity. After that, we fix the umber of iitially ifected peers (computers) I 0 beloi to the overlay etwork to be 10, ad repeat the above experimets. Results from the experimets are listed i Table 2. Table 2. The simple radom raph topoloy (whe there are a total of 10 / 100 iitially ifected peers radomly selected from all peers) Topoloy Out- Deree 1 4.28 / 13.53 16.22 / 5.43 2 79.80 / 80.06 0.63 / 0.62 3 94.10 / 94.16 0.27 / 0.26 4 98.03 / 98.06 0.15 / 0.15 5 99.30 / 99.31 0.08 / 0.09 The above experimetal results show similar treds to those show by Table 1, which idicates the impact of umber of iitially ifected peers o the coverae rate of a P2P worm i the overlay etwork featuri the simple radom raph topoloy is isiificat. 4.2. The pseudo power law topoloy Secodly, we apply the proposed loic matrix formulatio of the propaatio process of topoloyaware worms to ivestiate the impacts of two parameters, amely the umber of iitially ifected computers I 0 beloi to a etwork ad the maximum value of topoloy out-deree Max( Dout ) of the etwork, o the coverae ratecr of P2P worms i the etwork. I the experimets coducted for this subsectio, we assume oly a very small umber (10 i our experimets) of peers have the maximum value of topoloy out-deree, ad all other peers have the miimum value (1 i our experimets) of topoloy outderee. Althouh the distributio of topoloy out- 187
deree i our experimets does ot strictly follow power law, it does have the most importat features of power law distributio, amely peers with maximum value of topoloy out-deree are rare ad most peers have miimum value of topoloy out-deree. Therefore, we call the topoloy of the overlay etwork i the experimets coducted for this sub-sectio the pseudo power law topoloy. We coduct our experimets with MATLAB uder differet combiatios of values of I 0 ad Max ( Dout ). Firstly, we fix the umber of iitially ifected peers (computers) I 0 beloi to the overlay etwork to be 1, ad try to fid out the impact of maximum value of topoloy out-deree Max( Dout ) o the coverae ratecr i the overlay etwork of topoloy-aware worms. We radomly select all iitially ifected peer(s) from all peers beloi to the overlay etwork. A total of 5 scearios ( Max ( ) = 100,1000, 2000 D out ) are ivestiated. I the experimets coducted for this sub-sectio, we assume each peer has either the maximum value of topoloy out-deree or the miimum value of topoloy out-deree. Peers to which each peer has outboud liks are radomly selected from all peers except the peer itself beloi to the overlay etwork, which meas we do ot allow loop, that is, o peer has a outboud lik to itself. Experimet for each sceario is repeated 100 times. The, the mea value of coverae rate ad coefficiet of variatio of coverae rate are worked out. Results from the experimets are listed i Table 3. Table 3. Whe there is oly 1 iitially ifected peer radomly selected from all peers Maximum Value of Topoloy Out- Deree 100 3.17 200.74 1000 13.83 209.20 2000 14.54 226.10 As show by the above experimetal results, whe all iitially ifected peers are radomly selected from all peers, maximum value of topoloy out-deree has a little impact o both mea value ad coefficiet of variatio of coverae rate of P2P worms i the overlay etwork featuri the pseudo power law topoloy. Icrease i maximum value of topoloy out-deree results i a little icrease i mea value of coverae rate ad a little icrease i coefficiet of variatio of coverae rate as well, which idicates the small ai i coverae rate could be offset by the small loss i certaity. The worm is ot able to ifect most peers with hih certaity. After that, we fix the umber of iitially ifected peers (computers) I 0 beloi to the overlay etwork to be 10, ad repeat the above experimets. Results from the experimets are listed i Table 4. Table 4. Whe there are a total of 10 iitially ifected peers radomly selected from all peers Maximum Value of Topoloy Out- Deree 100 11.25 79.51 1000 33.06 111.27 2000 36.23 120.07 The above experimetal results show similar treds (just a isiificatly hiher coverae rate ad a isiificatly lower coefficiet of variatio of coverae rate) to those show by Table 3, which idicates, whe all iitially ifected peers are radomly selected from all peers, the impact of umber of iitially ifected peers o the coverae rate of a P2P worm i the overlay etwork featuri the pseudo power law topoloy is isiificat. Fially, we radomly select all iitially ifected peers (computers) from oly those peers with maximum topoloy out-deree, ad repeat all the above experimets described i this sub-sectio. Results from the experimets are listed i Table 5 ad Table 6 for I 0 = 1ad 10, respectively. I 0 = Table 5. Whe there is oly 1 iitially ifected peer radomly selected from oly those peers with maximum topoloy out-deree Maximum Value of Topoloy Out- Deree 100 20.74 26.65 1000 78.21 11.17 2000 95.33 0.89 Table 6. Whe there are a total of 10 iitially ifected peers radomly selected from oly those peers with maximum topoloy outderee Maximum Value of Topoloy Out- Deree 100 38.50 1.53 1000 85.19 0.41 2000 95.94 0.19 188
As show by the above experimetal results, whe all iitially ifected peers are radomly selected from oly those peers with maximum topoloy out-deree, maximum value of topoloy out-deree has a reat impact o both mea value ad coefficiet of variatio of coverae rate of P2P worms i the overlay etwork featuri the pseudo power law topoloy. Icrease i maximum value of topoloy out-deree results i icrease i mea value of coverae rate but decrease i coefficiet of variatio of coverae rate. However, the impact of umber of iitially ifected peers is isiificat. Whe maximum value of topoloy outderee reaches 2,000, the worm is able to ifect most peers with very hih certaity, reardless of umber of iitially ifected peers. 5. Coclusios ad future research This paper presets a study o modeli the propaatio process of topoloy-aware worms. Our major cotributios i this paper are firstly, we propose a iovative loic matrix formulatio of the propaatio process of topoloy-aware worms; ad secodly, we fid, from applicatios of the formulatio i our experimets, the impacts of two differet topoloies, amely the simple radom raph topoloy ad the pseudo power law topoloy, o a P2P worm s mea coverae rate i the P2P overlay etwork. We believe the iovative loic matrix formulatio proposed i this paper, which is a discrete time determiistic propaatio model of topoloy-aware worms described by a differece equatio of loic matrix, is a hihly effective ad efficiet tool for ivestiati the propaatio process of topoloyaware worms i eeral ad P2P worm i particular. I the future, we are oi to icorporate removal of susceptible ad/or ifectious computers (peers) ito the proposed discrete time determiistic propaatio model of topoloy-aware worms, which will reatly ehace the adaptability of the framework proposed i this paper. 6. Refereces [1] N. Weaver, V. Paxso, S. Staiford, ad R. Cuiham, "A Taxoomy of Computer Worms," i WORM '03, Washito D.C., USA, 2003, pp. 11-18. [2] D. Moore, C. Shao, ad J. Brow, "Code-Red A Case Study o the Spread ad Victims of a Iteret Worm," i IMW '02, Marseille, Frace, 2002, pp. 273-284. [3] C. C. Zou, D. Towsley, ad W. Go, "O the Performace of Iteret Worm Scai Strateies," Uiversity of Massachusetts Techical Report TR-03-CSE-07, 2003. [4] C. C. Zou, D. Towsley, W. Go, ad S. Cai, "Routi Worm A Fast, Selective Attack Worm Based o IP Address Iformatio," i PADS '05, 2005, pp. 199-206. [5] Z. Che ad C. Ji, "Importace-Scai Worm Usi Vulerable-Host Distributio," i IEEE GLOBECOM, 2005, pp. 1779-1784. [6] Z. Che ad C. Ji, "A Self-Leari Worm Usi Importace Scai," i WORM '05, Fairfax, VA, USA, 2005, pp. 22-29. [7] E. H. Spafford, "The Iteret Worm Proram A Aalysis," ACM SIGCOMM Computer Commuicatio Review, vol. 19, pp. 17-57, 1989. [8] I. Arce ad E. Levy, "A Aalysis of the Slapper Worm," i IEEE Security & Privacy, 2003, pp. 82-87. [9] W. Yu, "Aalyze the Worm-Based Attack i Lare Scale P2P Networks," i The 8th IEEE Iteratioal Symposium o Hih Assurace Systems Eieeri (HASE 2004), 2004. [10] C. C. Zou, W. Go, ad D. Towsley, "Code Red Worm Propaatio Modeli ad Aalysis," i CCS '02, Washito D.C., USA, 2002, pp. 138-147. [11] R. M. Aderso ad R. M. May, Ifectious Diseases of Humas Dyamics ad Cotrol. Oxford Oxford Uiversity Press, 1991. [12] H. Adersso ad T. Britto, Stochastic Epidemic Models ad Their Statistical Aalysis. New York Sprier-Verla, 2000. [13] N. T. Bailey, The Mathematical Theory of Ifectious Diseases ad Its Applicatios. New York Hafer Press, 1975. [14] J. C. Frauethal, Mathematical Modeli i Epidemioloy. New York Sprier-Verla, 1980. [15] S. Staiford, V. Paxso, ad N. Weaver, "How to Ow the Iteret i Your Spare Time," i Security '02, Sa Fracisco, CA, USA, 2002, pp. 149-167. [16] Z. Che, L. Gao, ad K. Kwiat, "Modeli the Spread of Active Worms," i IEEE INFOCOM, 2003, pp. 1890-1900. [17] Y. Wa ad C. Wa, "Modeli the Effects of Timi Parameters o Virus Propaatio," i WORM '03, Washito D.C., USA, 2003, pp. 61-66. [18] K. Rohloff ad T. Basar, "Stochastic Behavior of Radom Costat Scai Worms," i 14th ICCCN, Sa Dieo, CA, USA, 2005, pp. 339-344. [19] D. J. Daley ad J. Gai, Epidemic Modelli A Itroductio. Cambride Cambride Uiversity Press, 1999. [20] S. Sellke, N. B. Shroff, ad S. Bachi, "Modeli ad Automated Cotaimet of Worms," i DSN '05, 2005, pp. 528-537. [21] Y. Xia, X. Fa, ad W. Zhu, "Propaatio of Active Worms A Survey," Iteratioal Joural of Computer Systems Sciece & Eieeri, vol. 24, pp. 157-172, 2009. 189