Skip to main content
SpringerLink
Log in

Comparison of the Mean-Field Approach and Simulation in a Peer-to-Peer Botnet Case Study

  • Conference paper
Computer Performance Engineering (EPEW 2011)

Part of the book series: Lecture Notes in Computer Science ((LNPSE,volume 6977))

Included in the following conference series:

Abstract

Peer-to-peer botnets, as exemplified by the Storm Worm, and the spreading phase of Stuxnet, are a relatively new threat to security on the internet: infected computers automatically search for other computers to be infected, thus spreading the infection rapidly. In a recent paper, such botnets have been modeled using Stochastic Activity Networks, allowing the use of discrete-event simulation to judge strategies for combating their spread. In the present paper, we develop a mean-field model for analyzing botnet behavior and compare it with simulations obtained from the Moebius tool. We show that the mean-field approach provides accurate and orders-of-magnitude faster computation, thus providing very useful insight in spread characteristics and the effectiveness of countermeasures.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Bakhshi, R., Cloth, L., Fokkink, W., Haverkort, B.: Mean-Field Analysis for the Evaluation of Gossip Protocols. In: 6th Int. Conference on Quantitative Evaluation of Systems (QEST 2009), pp. 247–256. IEEE CS Press, Los Alamitos (2009)

    Chapter  Google Scholar 

  2. Bakhshi, R., Endrullis, J., Endrullis, S., Fokkink, W., Haverkort, B.: Automating the mean-field method for large dynamic gossip networks. In: 7th Int. Conference on Quantitative Evaluation of Systems (QEST 2010). IEEE CS Press, Los Alamitos (2010)

    Google Scholar 

  3. Bradley, J., Gilmore, S., Hillston, J.: Analysing distributed internet worm attacks using continuous state-space approximation of process algebra models. Journal of Computer and System Sciences 74(6), 1013–1032 (2008)

    Article  MathSciNet  MATH  Google Scholar 

  4. Calder, M., Gilmore, S., Hillston, J.: Automatically deriving ODEs from process algebra models of signalling pathways. In: Proceedings of Computational Methods in Systems Biology (CMSB 2005), pp. 204–215 (2005)

    Google Scholar 

  5. Cerotti, D., Gribaudo, M., Bobbio, A.: Disaster propagation in heterogeneous media via markovian agents. In: Setola, R., Geretshuber, S. (eds.) CRITIS 2008. LNCS, vol. 5508, pp. 328–335. Springer, Heidelberg (2009)

    Chapter  Google Scholar 

  6. Ciocchetta, F., Hillston, J.: Bio-PEPA for epidemiological models. Electronic Notes in Theoretical Computer Science 261, 43–69 (2010)

    Article  Google Scholar 

  7. Deavours, D., Clark, G., Courtney, T., Daly, D., Derisavi, S., Doyle, J., Sanders, W., Webster, P.: The Mobius framework and its implementation. IEEE Transactions on Software Engineering 28(10), 956–969 (2002)

    Article  Google Scholar 

  8. Feamster, N., Gao, L., Rexford, J.: How to lease the internet in your spare time. SIGCOMM Comput. Commun. Rev. 37, 61–64 (2007), http://doi.acm.org/10.1145/1198255.1198265

    Article  Google Scholar 

  9. Garetto, M., Gong, W., Towsley, D.: Modeling malware spreading dynamics. In: Twenty-Second Annual Joint Conference of the IEEE Computer and Communications, INFOCOM 2003, IEEE Societies, March-3 April 2003, vol. 3, pp. 1869–1879 (2003)

    Google Scholar 

  10. Gribaudo, M.: Analysis of large populations of interacting objects with mean field and markovian agents. In: Bradley, J.T. (ed.) EPEW 2009. LNCS, vol. 5652, pp. 218–219. Springer, Heidelberg (2009)

    Chapter  Google Scholar 

  11. Gribaudo, M., Cerotti, D., Bobbio, A.: Analysis of on-off policies in sensor networks using interacting markovian agents. In: Sixth Annual IEEE International Conference on Pervasive Computing and Communications, PerCom 2008, pp. 300–305. IEEE, Los Alamitos (2008)

    Chapter  Google Scholar 

  12. Heidelberger, P.: Fast simulation of rare events in queueing and reliability models. ACM Transactions on Modeling and Computer Simulation 5, 43–85 (1995)

    Article  MATH  Google Scholar 

  13. Henzinger, T.A., Mateescu, M., Mikeev, L., Wolf, V.: Hybrid Numerical Solution of the Chemical Master Equation. In: Proceedings of Computational Methods in Systems Biology, CMSB 2010 (2010); preprint arXiv:1005.0747

    Google Scholar 

  14. Le Boudec, J.-Y., McDonald, D., Mundinger, J.: A generic mean field convergence result for systems of interacting objects. In: 4th Int. Conference on Quantitative Evaluation of SysTems (QEST 2007), pp. 3–18. IEEE CS Press, Los Alamitos (2007)

    Chapter  Google Scholar 

  15. Rohloff, K., Basar, T.: Stochastic behavior of random constant scanning worms. In: Proceedings. 14th International Conference on Computer Communications and Networks, ICCCN 2005, pp. 339–344 (October 2005)

    Google Scholar 

  16. van Ruitenbeek, E., Sanders, W.H.: Modeling peer-to-peer botnets. In: 5th Int. Conference on Quantitative Evaluation of SysTems (QEST 2008), pp. 307–316. IEEE CS Press, Los Alamitos (2008)

    Chapter  Google Scholar 

  17. Sanders, W., Meyer, J.: Stochastic Activity Networks: Formal Definitions and Concepts? Lectures on Formal Methods and Performance Analysis, 315–343 (2001)

    Google Scholar 

  18. Wolfram Research, Inc.: Mathematica tutorial (2010), http://reference.wolfram.com/mathematica/tutorial/IntroductionToManipulate.html

Download references

Author information

Authors and Affiliations

  1. Centre for Telematics & Information Technology, University of Twente, Enschede, The Netherlands

    Anna Kolesnichenko, Anne Remke, Pieter-Tjerk de Boer & Boudewijn R. Haverkort

  2. Embedded Systems Institute, Eindhoven, The Netherlands

    Boudewijn R. Haverkort

Authors
  1. Anna Kolesnichenko
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Anne Remke
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Pieter-Tjerk de Boer
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Boudewijn R. Haverkort
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. School of Computing Science, Newcastle University, Newcastle upon Tyne, UK

    Nigel Thomas

Rights and permissions

Reprints and permissions

Copyright information

© 2011 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Kolesnichenko, A., Remke, A., de Boer, PT., Haverkort, B.R. (2011). Comparison of the Mean-Field Approach and Simulation in a Peer-to-Peer Botnet Case Study. In: Thomas, N. (eds) Computer Performance Engineering. EPEW 2011. Lecture Notes in Computer Science, vol 6977. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-24749-1_11

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-24749-1_11

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-24748-4

  • Online ISBN: 978-3-642-24749-1

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation