Sage Journals: Discover world-class research

Abstract

The integration of the Internet and Mobile networks results in huge amount of data, as well as security threat. With the fragile capacity of security protection, worms can propagate in the integration network and undermine the stability and integrity of data. The propagation of worm is a great security risk to massive amounts of data in the integration network. We propose a kind of worm propagating in big data environment named BD-Worm. BD-Worm consumes computing resources and gets privacy information of users, which causes huge losses to our working and living. This paper constructs an integration network topology model and designs the BD-Worm propagating in the big data environment. To analyze the propagation of BD-Worm, we conduct a simulation and provide some recommendations to contain the widespread of BD-Worm according to the simulation results.

1. Introduction

The popularity of mobile intelligent terminal brings great convenience to people's lives. Mobile shopping, mobile banking, mobile social network, mobile maps, and other applications provide users with a variety of services. However, the convenience also brings up a security risk. Mobile phones store a lot of privacy information including contacts, SMS, bank accounts, social network accounts, and geographic information. Network attackers steal the user's private information to make correlation analysis and engage in illegal activities, which violates user's privacy.

The integration of the Internet and Mobile networks has brought great convenience for us. The increasing number of mobile devices causes explosive growth of the amount of data in integration network. While the high-speed development of the integration network brings people into the era of big data, it also brings some data security problems, such as theft and leakage of privacy data and sensitive data [1].

As a kind of malicious program that can infect large amount of hosts in short time, worm is exploited by network attacker. We name the worms destroying data security in integration network as BD-Worm, which takes advantage of the weak security protection ability, propagates in a large area in the network, and destroys the stability and security of data. Here, BD-Worm constitutes one of the major network data security problems because of the integration of the Internet and Mobile network.

In order to ensure the massive data are much safer, we should analyze the propagation mechanism of BD-Worm firstly and then provide effective protection strategies against its propagation characteristics. This paper constructs an integrated network topology and simulates the propagation of BD-Worm. The worm propagates by files attached with malicious code. Considering the differences between computer and mobile intelligent terminal operating system, worm propagation in different operation system needs cross different protocol. The paper chooses files supported by a variety of operating systems as virus vector. The formats of such files include txt and mp3. Once user opens the file attached with worm code, the worm will be activated, will copy itself, and will attach other files with BD-Worm.

The remaining sections of the paper are organized as follows. Section 2 introduces related work. Modeling of BD-Worm will be presented in Section 3. In Section 4, we simulate the BD-Worm in integration network and study the BD-Worm spreading in the different network topology and defense. Finally, Section 5 concludes this paper.

2. Related Work

In this section, we first introduce the effect of integration network on data. Then, we introduce the security risk of big data and several related improvements. At last, we explore the work related to worm theory and new generation worm in different scenarios.

Here, the integration of the Internet and Mobile network is the integration of fixed node and Mobile network, which has greatly expanded the network's flexibility [2]. The popularity of smart phones and tablets spawned a large number of network applications, such as social network, online shopping, and games. It is much more convenient for people's lives by using those applications. The integrated network produces a variety of data formats. In addition, much data such as communications and online transaction need real-time analysis and process. It presents a great challenge to integrated network's data processing capability [3].

More and more privacy leak events raise people's awareness about importance of personal information. With the integration of Mobile network and Internet, the storage, management, and use of huge amount of data are faced with serious security challenges. The protection of mobile phone and Internet users' privacy information has become a major research question in integration network.

Considering the security risks of distributed data storage in big data environment, Zhao [4] takes data access patterns and query into consideration and designed a distributed platform, to ensure the integrity and security of data. Data encryption and privacy protection technologies and management modes cannot meet the requirements in capacity, performance, storage, and security of big data. Data security and privacy protection of users are faced with huge impact and challenges. Wang [5] provides a kind of big data encryption algorithm based on data deduplication technology. The studies have shown that the security of the algorithm is reliable and the algorithm improves the speed of large data encryption processing effectively.

The research on worms over the past few years has focused on future worms and those future worms may propagate in specific complex environment or be designed with new function. For example, Su [6] designs a new kind of network worm that propagates in IPv6 and IPv4-IPv6 transition environment, and the new worm is named NHIW, New Hybrid Internet Worm. Based on the analysis of network worm scanning strategy, Xu et al. [7] design a new kind of network worm-DNSWorm-V6, which can propagate rapidly in IPv6 network by scanning the whole network applying two layers different scanning strategy. Wang [8] analyses the propagation characteristics of worms propagate in Internet of Vehicles and proposes a kind of benign worm defensing malicious worm in Internet of Vehicles.

The study of worms mainly focuses on function structure, scan strategy, and propagation models [9]. Function structure of the worm consists of two parts: the main function structure and the auxiliary function structure. The main function structure controls the basic characteristics of worms, and the auxiliary function is designed for enhancing the properties of worms. Worms scan the whole network to find next attack target. There are many kinds of scan strategies and different strategy will achieve different effects [10]. The research of worms propagation model is based on the spread of epidemic in biology [11]. The classic worm propagation models include SIR/SIS model [12], two-factor model [13], and WOW model [14].

All of these studies as mentioned above focus on the traditional worm; however, our paper focuses on constructing a propagation model of BD-Worm. The security of big data has attracted the attention of mobile phone and computer users. Once the BD-Worm is released into the integrated network by attacker, it will steal huge privacy data. Attacker can control the whole data in infected host through the backdoor reserved by worms.

3. Modeling of BD-Worm

In this section, we provide the big data structure of integrated network and model the BD-Worm.

The integration of Internet and Mobile network makes many data services shared in the mobile terminals and computers. Users can access the Internet anytime and anywhere. Mobile office, remote office, and real-time office are the marks of big data era. The data in Internet and Mobile network are collected into the cloud platform for further storage and management. The structure of big data environment is showed in Figure 1.

Figure 1

The big data environment structure.

The model of BD-Worm can be modeled in five aspects: the infecting process of BD-Worm, the connection probability among each node, the defense capability of mobile nodes and fixed nodes, the opening probability of each suspicious file after being received, and, the last part, computing resource controlling.

3.1. Infection Process of BD-Worm

The integrated network produced variety of data formats, such as .gif, .doc, .mp3, and .rmvb [15]. BD-Worm propagates in integrated network by embedding in the document. BD-Worm spreading in a large scale occupies amounts of data storage space. For the reason that BD-Worm runs on various operating systems, the malicious software programs attached by the document must contain most of the major operating systems both for computer and smart phone, such as windows, Mac, and Android.

The process of worm infection is shown in Figure 2. As the figure shows, when user received a file attached worm, the file should be scanned by antivirus software to detect whether there are any abnormalities or not. If the file is abnormal, it will be deleted. If the file is opened by user, it will copy itself and infect other files, which will consume large amount of computing resources. That means the abnormal computing resource consuming will cause user's awareness. The user will adjudge the memory consuming. If he or she finds that the computed resource controlling is abnormal, the progress of the worm will be killed directly. Otherwise, we consider that the file is benign. If the file is a normal one, it will continue receiving the file. The BD-Worm which runs with infected file will begin to control the computing resources. Finally, it continues to receive the file. This process will be repeated in the whole network unless all BD-Worms are removed.

Figure 2

The process of worm infecting.

3.2. Connection Probability of Nodes

In big data environment, the topology of the integrated network plays a critical role in determining the propagation speed of BD-Worm. In this paper, the topology of the integrated network is determined by connection probability of nodes. All notations used in our paper are shown in Abbreviations Section.

To analyse the topology of integrated network, $G = (V, E)$ stands for the network. There are N nodes and m edges in the network. $V = {v_{1}, v_{2}, \dots, v_{N}}$ is the set of nodes, while $E = {e_{1}, e_{2}, \dots, e_{M}}$ is the set of edges. The nodes in the integrated network are classified into two categories: fixed nodes and mobile nodes. Let $V M$ denote the mobile nodes and $V F$ denote the fixed nodes:

\begin{matrix} V = \{v_{1}, v_{2}, \dots, v_{N}\}, \\ V M = \{v m_{1}, v m_{2}, \dots, v m_{m}\}, \\ V F = \{v f_{1}, v f_{2}, \dots, v f_{n}\}, \\ m + n = N, \end{matrix}

(1)

where

v m_{i}

i \in [1, m]

, stands for a mobile node,

v f_{j}

j \in [1, n]

, stands for a fixed node, and the total number of mobile nodes and fixed nodes is N.

In the integration network, we define $P_{F} = m / N$ as the proportion of the fixed nodes in the network. On the other hand, we define $P_{M}$ as the proportion of mobile nodes in the network:

\begin{matrix} P_{M} = 1 - P_{F} . \end{matrix}

(2)

When $P_{F} = 1$ , the integrated network is the Internet in fact. As $P_{F}$ decreases, there will be more mobile devices added in the integrated network while less computers are added as well. When $P_{F} = 0$ , the integrated network changes to be a Mobile network.

Therefore, in order to generate the integrated network, we need to analyze the degree distribution $P (k)$ of the Internet and Mobile network, respectively, and integrate them to be the integrated network.

In the Internet, recently Faloutsos et al. [16] showed empirically that certain properties of the AS-level Internet topology are well-described power laws. The most interesting of these regards the degree of a node. If we let $P (k)$ be the fraction of nodes with degree k, then it is demonstrated that $P (k) ~ k^{α}$ . The exponent α is obtained by performing a linear regression on $P (k)$ when plotted on 2002 AS-level topology; here $α = - 2.18$ . To keep it simple, the Internet in this paper is defined as a scale-free network with the degree distribution $P (k) ~ k^{- 2}$ [17].

In the mobile network, Lambiotte et al. [18] analyzed statistical properties of a Mobile network constructed from the records of a mobile phone company. The network consists of 2.5 million customers that have placed 810 million communications (phone calls and text messages) over a period of 6 months. It is shown that the degree distribution in the Mobile network has a power-law degree distribution $P (k) ~ k^{- 5}$ . In this paper, although worm spreads in Mobile network only through SMS, MMS, and GPRS, which do not contain phone calls, this spreading still mainly follows the relationship between the mobile users. Therefore, the Mobile network is also defined as a scale-free network with power-law exponent $α = - 5$ .

According to the above analysis, the power-law exponent of the integrated network degree distribution can be written as $- 5 \leq α \leq - 2$ , and α changed with proportion of the fixed node (mobile node) in integration network $P_{F}$ ( $P_{M}$ ). We denote that $α = - 2 - 3 ρ$ is the power-law exponent of integrated network. Recently, a power-law topology generator is the best candidate to generate the integrated network, although the degree of a real integrated network may not be strictly power-law distributed when the integrated Internet and Mobile network are the heterogeneous network. In this paper, we use the generalized linear preference (GLP) power-law generator [19]. There are two important reasons. Firstly, it presents a generalized linear preference model that, coupled with the incremental algorithm of [20], generates topologies that more closely model the Internet. Secondly, we choose the GLP power-law network generator instead of other generators because it also has an adjustable power-law exponent η. The following is the formula of η:

\begin{matrix} \frac{2 m - β (1 - p)}{(1 + p) m} = η, \end{matrix}

(3)

where m is the number of initial edges of a new node,

p \in [0,1]

is the probability that adds m new links, and

β \in (- \infty, 1)

is a tunable parameter that indicates the preference for a new node (edge) connecting to more popular nodes. The bigger the value of β is, the more preference is given to high degree nodes. There are no self-loops and merge duplicate edges in the GLP. Then [19] demonstrated that

η = α + 1

approximately. According to the α, η can be derived as

η = - 1 - 3 ρ

. In the GLP generator, m and p always change little in different network and are less effective in η. Then we assume that m and p have a constant value observed from empirical data and only adjust β to match η.

In the integrated network, infected nodes will transfer files with other connected nodes. Among the large number of connected nodes, which node the infected node would like to choose is a significant problem. Then, we will calculate the node connecting probability.

If there is an edge between node i and node j, we note that $b_{i j} = 1$ ; otherwise $b_{i j} = 0$ . Thus, the whole network can be defined as correlation matrix A:

\begin{matrix} A = (\begin{pmatrix} b_{11} & b_{12} & \dots & b_{1 n} \\ b_{21} & b_{22} & \dots & b_{2 n} \\ ⋮ & ⋮ & ⋮ & ⋮ \\ b_{n 1} & b_{n 2} & \dots & b_{n n} \end{pmatrix}) . \end{matrix}

(4)

According to the matrix, we can find that the nodes directly connected with node i can be defined as $a_{i} = (\begin{pmatrix} b_{i 1} & b_{i 2} & \dots & b_{i n} \end{pmatrix})$ . $k_{i}$ is the degree of node i, and it can be derived from $k_{i} = \sum_{j = 1}^{n} b_{i j}$ . K is all the degrees of the network:

\begin{matrix} K = (\begin{pmatrix} k_{1} & 0 & 0 \\ 0 & ⋱ & 0 \\ 0 & 0 & k_{n} \end{pmatrix}) . \end{matrix}

(5)

The total degree of all nodes connected to node i is

\begin{matrix} D_{s i} = a_{i} * K = (\begin{pmatrix} b_{i 1} & b_{i 2} & \dots & b_{i n} \end{pmatrix}) * (\begin{pmatrix} k_{1} & 0 & 0 \\ 0 & ⋱ & 0 \\ 0 & 0 & k_{n} \end{pmatrix}) . \end{matrix}

(6)

We consider a node only transferring files to the other node that is connected. It sounds more reasonable than transferring files to all the nodes no matter whether it is connected or not. $cp$ is the connected probability. Therefore, the probability of node i being connected to node j is as follows:

\begin{matrix} cp = \frac{k_{i}}{D_{s i}} = \frac{\sum_{j = 1}^{n} b_{i j}}{(\begin{pmatrix} b_{i 1} & b_{i 2} & \dots & b_{i n} \end{pmatrix}) * (\begin{smallmatrix} k_{1} & 0 & 0 \\ 0 & ⋱ & 0 \\ 0 & 0 & k_{n} \end{smallmatrix})} . \end{matrix}

(7)

3.3. Opening Probability

One of the most significant studies of modeling the worm propagation model is qualifying the user awareness. The user security consciousness determines whether the worm can be activated successfully.

User awareness is too complex to be modeled well, for the reason that it may be affected by everything around the user. Based on the BD-Worm malicious acts to the system and the common characters of the computer and smartphone, we can study the computing resource consuming acting on the user awareness. Because worm copies itself and infects other files, it will cause CPU hogs and rewrite hard-disk driver frequently and that will reduce the system operability sharply. In particular, when the computing resource consuming is at a very high level, the obvious abnormal lag of opening files or software will easily draw the user's attention and replace his normal work (such as opening received files from email) with checking his system.

When the amount of computing resource consumption increases at a high level, we can notice the abnormity. Also, we can conclude that the opening probability equals 100 percent with no computing resource consuming and zero percent with full use of computing resource consumption. Therefore, we should simulate the opening probability with an equation like circle $x^{2} + y^{2} = 1$ , $x > 0$ , $y > 0$ . While the circle equation with radio equals one did not work well in simulating user awareness, to keep simple, let $op p_{n} (t)$ be the opening probability of node n at time t. Consider $op p_{n} (t) = 1 - cr c_{n} (t)$ , where ${crc}_{n} (t)$ is computing resource consuming and ${crc}_{n} (t) \in [0,1)$ . $OPP (t)$ is the opening probability of whole network, for calculating in the worm propagation model. ${OPP}_{i, t} (t) = {OPP}_{1} (t)$ is the opening probability of node 1:

\begin{matrix} OPP (t) = (\begin{pmatrix} op p_{1} (t) & \dots & op p_{n} (t) \\ ⋮ & ⋱ & ⋮ \\ op p_{1} (t) & \dots & op p_{n} (t) \end{pmatrix}) . \end{matrix}

(8)

3.4. Computing Resource Controlling

In big data environment, when a host is infected by worm, it will consume many computing resources. The high computing resource consuming will result in users' security consciousness and will kill the worms.

The computing resource controlling is a complex factor that affects the worm propagation speed. There are two reasons. One is the higher computing resource consuming intending to increase user awareness which will reduce the opening probability. The other is the higher computing resource consuming and longer infected time which will increase abnormal files among the transferring files which will increase the propagation speed. Let diagonal matrix $CRC (t)$ be the abnormal files probability of the whole network. ${CRC}_{i, i} (t) \in [0,1]$ is the sum of ${crc}_{t} (t)$ from time one to time t divide a constant C. When $\sum_{i = 1}^{t} cr c_{1} (i)$ equals C, we think that all of the certain files have already been infected. Then, we can draw the conclusion that computing resource consuming affecting worm propagation speed in reason one is opposite to reason two. In practice, forever propagation might not be possible because the worm will ultimately be detected by host-/software-based detection methods and the vulnerability exploited by the worm will be fixed through software updates within a certain amount of time [21]. Hence, how to get a high propagation speed is a necessary and significant work in this paper:

\begin{matrix} CRC (t) = (\begin{pmatrix} \frac{\sum_{i = 1}^{t} cr c_{1} (i)}{C} & 0 & 0 \\ 0 & ⋱ & 0 \\ 0 & 0 & \frac{\sum_{i = 1}^{t} cr c_{n} (i)}{C} \end{pmatrix}) . \end{matrix}

(9)

To control the worms resource consuming, we provide a greedy method. In the greedy method, the BD-Worm is always greedy on the computing resource consuming since it infects a node successfully. In the greedy method, the BD-Worm will firstly infect a target node with a low computing resource consuming to avoid abnormality. After the BD-Worm infects the node, it will increase the consuming in order to copy itself and infect other nodes. It is a serious problem when and how much should the BD-Worm increase the consuming. It is hard to make a standard that fits for all nodes, for the reason that user awareness is different with anybody and unfit increasing lead the progress to be killed by user. One standard only fits for one node. Therefore, we make a rule that will test the user awareness to solve the problem. As we know, an infected node still receives abnormal files frequently when the worm outbreaks. The rule is to control the new progress consuming created by the new abnormal files which is equal to the consuming which the BD-Worm will increase. If the increasing draws user attention, only the new progress will be killed. Otherwise, the increase of consuming can be trusted. Let

{crc}_{n} (t) = μ + {cou}_{n} (t) \times φ

where μ is the initial computing resource consuming,

{cou}_{n} (t)

is the time of an infected opening the abnormal files, and φ is the increasing computing resource consuming. It is a linear equation and ranges from zero to one.

3.5. Defense Capability of Nodes

Because of difference of defense capability of mobile nodes and fixed nodes, the probability of worm nodes being detected is different. In this paper, we define defense capability of nodes as the probability of worm nodes being detected.

Defense strategy can be generally classified into two categories: active defense strategy and passive defense strategy. Active defense refers to those strategies aiming at enhancing the defense capability of the system actively. For example, abnormal detection can reduce the possibility of worm to attack system successfully. Active defense strategy is deployed not for a particular worm, while passive defense strategy is deployed after detecting worms on the Internet. There are many passive strategies, such as system patch and blacklist of malicious address [22]. Actually, whether it is active defense strategy or passive defense strategy, the defense capability of mobile nodes is weaker than fixed nodes.

We introduce a parameter $DC (n)$ denoting the defense capability of node n, which represents the undetected probability of the integrated network. Compared with the computer, mobile phone is weaker in some aspects, such as its limited computing resources and its limited battery life. In the big data environment constituted by mobile nodes and fixed nodes, the abnormalities caused by worms in mobile nodes are more obvious, which means the capability of mobile nodes is weaker than fixed nodes. We introduce $α_{m}, α_{f}$ denoting the undetected probability of mobile nodes and fixed nodes, respectively. The bigger the undetected probability is, the stronger the defense capability will be. That is to say, $α_{m} \geq α_{f}$ . $DC (n)$ is the undetected probability of the whole network:

\begin{matrix} DC (n) = \{\begin{cases} α_{m} & if M_{n, n} = 1 \\ α_{f} & if F_{n, n} = 1 . \end{cases} \end{matrix}

(10)

4. BD-Worm Simulation

To study the characteristics of BD-Worm propagation in integrated network, we simulate the propagation on OMNet. First, we generate several GLP topological networks by Brite. Second, we simulate the spreading process of BD-Worm by sending message. Lastly, we compare the BD-Worm spreading simulation results with different parameters. There is a parameters list of integrated network which is shown in Table 1.

Table 1

Default simulation parameters list.

Parameter	Value
N	20000
$P_{F}$	50%
β	3.5
m	1
p	0.5
μ	0.1
φ	0.05
$α_{m}$	0.1
$α_{f}$	0.1

4.1. The Influence of Network Topology

The network topology has a great impact on worm propagation.

We know the amount of mobile phones and computers in the integrated network will affect the propagation of worms obviously. Therefore, we try to find the character of worm propagation on the topology we proposed by simulating worm propagation on the network topology of Internet, Mobile network, and integrated network.

In the simulation, the integrated network consists of 10000 nodes of Internet and 10000 nodes of Mobile network, and the total number of the nodes in integrated network is 20000. Unlike the traditional worm, BD-Worm could spread on both the Internet and Mobile network. The network proportion is 0.5. We generate the topology by Brite and the average degree in Internet degree is 4.0196, in Mobile network the degree is 3.9794, and in the integrated network the degree is 4.0166. So, the average degree of the network topology is 4. From the worm propagation in the complex network, we know the degree of the first infected node makes a big difference on worm propagation. In this paper, we choose a high degree node instead of the average degree for the reason that a node with high degree has a more stable spreading.

From the result showed in Figure 3, worm propagation in Mobile network is a little faster than in Internet. Worm propagates the fastest in the integrated network. When $P_{F} = 50 %$ or $P_{M} = 50 %$ , that is to say, there are 10000 fixed nodes or 10000 mobile nodes in the integrated network, the two propagation curves are nearly the same.

Figure 3

BD-Worm propagation in integrated network compared with traditional worm spreading in single network.

We can draw a conclusion from the simulation results that BD-Worm spreads fast at the beginning of the propagation and spreads faster in integrated network than in Internet or Mobile network. Once worm outbreaks in integrated network, its high propagation speed will lead the existing defense to be useless and the loss will be catastrophic.

Therefore, we need to improve the capability of anomaly detection and early warning in both Internet and Mobile network to contain the spread of worms.

4.2. The Influence of Defense Capability

Because of the limited computing resources of mobile intelligent terminals, the defense in the Mobile network is absolutely not as good as in the Internet. In this simulation, we increase the defense capability of Mobile network $α_{m}$ from 0.1 to 0.3 and compare it with the default parameter 0.1. As showed in Figure 4, first, the propagation speed with $α_{m} = 0.3$ has remarkable increasing compared with $α_{m} = 0.1$ . Second, not only does the BD-Worm propagation speed in Mobile network gain a lot of speed, but the Internet with the unchanged $α_{f} = 0.1$ also accelerates the BD-Worm spreading speed. Furthermore, BD-Worm propagation in Mobile network is faster than in Internet.

Figure 4

BD-Worm spreading with different defense.

As we all know, the replacement of smartphones is very fast. The security technology for smartphones is not keeping up with the development of phones, leading to the weak defense capability to virus and worm. Our personal information is stored in smartphone; the security capability is a serious problem.

Therefore, we can draw the conclusion that the weakness of host detection in Mobile network increases the BD-Worm propagation sharply and causes the defense in Internet to be not useful as before. On the other hand, if we could reduce the undetected probability $α_{m}$ , which means enhancing the defense capability of mobile nodes, it will protect the worm spreading not only in Mobile network, but also in the Internet. Also, unlike the case in the Internet, the defense in the mobile network still has a lot of room to develop. Hence, we should put more resources into developing the defense in Mobile network.

5. Conclusion

In this paper, we first propose a BD-Worm, worm propagating in big data environment caused by integration of Internet and Mobile network. Then we model the BD-Worm with its infection process, connection probability opening probability and computing resource consuming in theory. Finally, we simulate the propagation of BD-Worm. From the simulation result, we draw the conclusions. First, worms in big data environment which are integrated by mobile nodes and fixed nodes propagate faster than worms in traditional Internet and they will cause more serious damage than traditional ones. Second, if we put more resources into developing the defense on Mobile network node, it also protects the Internet nodes.

BD-Worm provided in this paper is just one classic security problem under the big data field. The privacy protection is a serious problem in big data environment. Enhancing security and defense capability should improve our technology both in smartphones and computers.

Footnotes

Abbreviations

Conflict of Interests

The authors declare that there is no conflict of interests regarding the publication of this paper.

Acknowledgment

This work is partially supported by 863 National Hi-Tech Research and Development Program (2011AA01A103).

References

Manyika

Chui

Brown

Big Data: The Next Frontier for Innovation, Competition, and Productivity 2011

Guo

Zhai

Ren

Guo

Intelligent heterogeneous network worms propagation modeling and analysis

Computer Science and Its Applications 2012 203

Amsterdam, The Netherlands

Springer

515 524

Laurila

J. K.

Gatica-Perez

Aad

The mobile data challenge: big data for mobile computing research

Proceedings of the International Conference on Pervasive Computing

2012

(EPFL-CONF-192489)

Zhao

S. N.

The Research on Big Data's Distributed Storage and Secure Protection 2014

Shan Dong University

Wang

M. M.

Big Data Encryption Algorithm Based on Data Deduplication Technology 2013

North China University of Water Resources and Electric Power

Research on Worm Propagation Modeling and Defense Strategies in the Next Generation Internet 2011

Beijing University of Posts and Telecommunications

Y. G.

Qian

H. T.

Zhang

Research of DNS worm in IPv6 networks

Computer Science 2009 36 12 32 36

Wang

Research on Worm Propagation and Prevention-Cure in Internet of Vehicles 2013

Nanjing University of Science & Technology

Wagner

Dübendorfer

Plattner

Experiences with worm propagation simulations.

Proceedings of the ACM workshop on Rapid Malcode

2003

ACM

34 41

10.

Zou

C. C.

Towsley

Gong

On the performance of internet worm scanning strategies

Performance Evaluation 2006 63 7 700 723

11.

Wang

Chakrabarti

Wang

Faloutsos

Epidemic spreading in real networks: an eigenvalue viewpoint

Proceedings of the 22nd International Symposium on Reliable Distributed Systems (SRDS ′03)

October 2003

25 34

10.1109/RELDIS.2003.1238052

2-s2.0-27644462218

12.

Zou

C. C.

Towsley

Gong

On the performance of Internet worm scanning strategies

Performance Evaluation 2006 63 7 700 723

10.1016/j.peva.2005.07.032

2-s2.0-33646150900

13.

Pastor-Satorras

Vespignani

Epidemic dynamics and endemic states in complex networks

Physical Review E 2001 63

066117

10.1103/PhysRevE.63.066117

2-s2.0-0035363452

14.

Chen

Gao

Kwiat

Modeling the spread of active worms

Proceedings of the 22nd Annual Joint Conference of the IEEE Computer and Communications Societies (INFOCOM ′03)

April 2003

1890 1900

10.1109/INFCOM.2003.1209211

2-s2.0-0042474227

15.

Zikopoulos

Eaton

Understanding Big Data: Analytics for Enterprise Class Hadoop and Streaming Data 2011

McGraw-Hill Osborne Media

16.

Faloutsos

On power-law relationships of the internet topology

Proceedings of the ACM Conference on Applications, Technologies, Architectures, and Protocols for Computer Communication (SIGCOMM ’99)

September 1999

251 262

10.1145/316188.316229

2-s2.0-0033204106

17.

Barabási

A.-L.

Albert

Emergence of scaling in random networks

Science 1999 286 5439 509 512

10.1126/science.286.5439.509

MR2091634

2-s2.0-0038483826

18.

Lambiotte

Blondel

V. D.

de Kerchove

Huens

Prieur

Smoreda

van Dooren

Geographical dispersal of mobile communication networks

Physica A: Statistical Mechanics and Its Applications 2008 387 21 5317 5325

10.1016/j.physa.2008.05.014

2-s2.0-47649092306

19.

Towsley

On distinguishing between Internet power law topology generators

Proceedings of the 21st Annual Joint Conference of the IEEE Computer and Communications Societies (Infocom ′02)

June 2002

638 647

2-s2.0-0036349136

10.1109/INFCOM.2002.1019309

20.

Albert

Barabási

A.-L.

Topology of evolving networks: local events and universality

Physical Review Letters 2000 85 24 5234 5237

10.1103/PhysRevLett.85.5234

2-s2.0-0142077573

21.

Christodorescu

Jha

Seshia

S. A.

Song

Bryant

R. E.

Semantics-aware malware detection

Proceedings of the IEEE Symposium on Security and Privacy

May 2005

32 46

10.1109/SP.2005.20

2-s2.0-27544433210

22.

Brumley

Liu

L.-H.

Poosankam

Song

Design space and analysis of worm defense strategies

Proceedings of the ACM Symposium on Information, Computer and Communications Security (ASIACCS ′06)

March 2006

ACM

125 137

10.1145/1128817.1128837

2-s2.0-33751035317

Worms Propagation Modeling and Analysis in Big Data Environment

Abstract

1. Introduction

2. Related Work

3. Modeling of BD-Worm

3.1. Infection Process of BD-Worm

3.2. Connection Probability of Nodes

3.3. Opening Probability

3.4. Computing Resource Controlling

3.5. Defense Capability of Nodes

4. BD-Worm Simulation

4.1. The Influence of Network Topology

4.2. The Influence of Defense Capability

5. Conclusion

Footnotes

Abbreviations

Conflict of Interests

Acknowledgment

References