Attack modeling in open network environments

  • S. K. Katsikas
  • D. Gritzalis
  • P. Spirakis
Part of the IFIP Advances in Information and Communication Technology book series (IFIPAICT)


In this paper, the beginnings of a formal generic model describing the process of a malicious attack against a computer network, has been proposed, leading to a Markov chain description. This model can be used for better understanding the nature of malicious attacks against open networks, for defining a simulator to analyse the impact of malicious attacks against computer networks, or for analytically and quantitatively studying the power of several attacks versus the effectiveness of protection mechanisms. A worked out example of the description of a virus attack against a computer network is also given.


Intrusion Computer Virus Worm Trojan Horse Markov Chain 


  1. Adleman, L. (1990) An abstract theory of computer viruses, in Hoffman L. (Ed.), RogueGoogle Scholar
  2. Programmes: Viruses, Worms and Trojan Horses Van Nostrand, pp. 307–323.Google Scholar
  3. Cohen, F. (1987) Computer viruses: Theory and experiments, Computers & Security, Vol. 6, no. 1, pp. 22–35.CrossRefGoogle Scholar
  4. Cohen, F. (1989) Computational aspects of computer viruses, Computers & Security, Vol. 8, no 4, pp. 325–344.CrossRefGoogle Scholar
  5. Denning, D. (1987) An intrusion-detection model, in IEEE Transactions on Software Engineering, Vol. SE-13, pp. 222–232.CrossRefGoogle Scholar
  6. Giess, S. (1990) Network stability under viral attack, Royal Signals & Radar Establishment, NTIS AD-A229 274 Report, United Kingdom.Google Scholar
  7. Guinier, D. (1991) Prophylaxis for virus propagation and general computer security policy, ACM SIGSAG Review, Vol. 9, no. 2, pp. 1–10.CrossRefGoogle Scholar
  8. Heberlein, L., Dias, G., Levitt, K., Mukherjee, B., Wood, J., Wolber, D. (1990) A network security monitor, in Proc. of the 1990 IEEE Symposium on Research in Security and Privacy.Google Scholar
  9. Katsikas, S., Spirou, T., Gritzalis, D., Darzentas J. (1996) A model for network behaviour under viral attack, Computer Communications (to appear).Google Scholar
  10. Kephart, J. and White, S. (1991) Directed graph epidemiological models of computer viruses, in Proc. of the 1991 IEEE Symposium on Research in Security and Privacy, pp. 343–359.CrossRefGoogle Scholar
  11. Lunt, T. (1993) A survey of intrusion detection techniques, Computers & Security, Vol. 12, no. 6, pp. 405–418.CrossRefGoogle Scholar
  12. Ostrowski, R. and Yung, M. (1991) How to withstand mobile virus attacks, in Proc. of the 10th ACM Symposium on Principles of Distributed Computing, pp. 51–59.Google Scholar
  13. Soh, B.C. and Dillon T.S. (1995) Setting optimal intrusion-detection thresholds, Computers & Security, Vol. 14, pp. no. 8, 621–631.CrossRefGoogle Scholar

Copyright information

© IFIP International Federation for Information Processing 1996

Authors and Affiliations

  • S. K. Katsikas
    • 1
  • D. Gritzalis
    • 2
  • P. Spirakis
    • 3
  1. 1.Department of MathematicsUniversity of the AegeanKarlovassiGreece
  2. 2.Department of InformaticsAthens University of Economics & BusinessAthensGreece
  3. 3.Department of Computer Engineering & InformaticsUniversity of PatrasPatrasGreece

Personalised recommendations