"WAP: Models and metrics for the assessment of critical-infrastructure-targeted malware campaigns"
| Title | "WAP: Models and metrics for the assessment of critical-infrastructure-targeted malware campaigns" |
| Publication Type | Conference Paper |
| Year of Publication | 2015 |
| Authors | M. Grottke, A. Avritzer, D. S. Menasché, J. Alonso, L. Aguiar, S. G. Alvarez |
| Conference Name | 2015 IEEE 26th International Symposium on Software Reliability Engineering (ISSRE) |
| Date Published | Nov |
| Publisher | IEEE |
| ISBN Number | 978-1-5090-0406-5 |
| Accession Number | 15704630 |
| Keywords | advanced persistent threat, advanced persistent threats, Analytical models, contagion probability, coordinated massive malware campaign assessment, critical infrastructure protection, critical infrastructure sectors, critical infrastructures, early malware detection, false negatives, false positives, four-node topology, infection probability, invasive software, Malware, malware infections, Markov models, Mathematical model, Network topology, probability, pubcrawl170101, quarantine, rejuvenation, scanning nodes, security, security community, soft impacts, Steady-state, survivability, system survivability, Topology, WAP |
| Abstract | Ensuring system survivability in the wake of advanced persistent threats is a big challenge that the security community is facing to ensure critical infrastructure protection. In this paper, we define metrics and models for the assessment of coordinated massive malware campaigns targeting critical infrastructure sectors. First, we develop an analytical model that allows us to capture the effect of neighborhood on different metrics (infection probability and contagion probability). Then, we assess the impact of putting operational but possibly infected nodes into quarantine. Finally, we study the implications of scanning nodes for early detection of malware (e.g., worms), accounting for false positives and false negatives. Evaluating our methodology using a small four-node topology, we find that malware infections can be effectively contained by using quarantine and appropriate rates of scanning for soft impacts. |
| URL | http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7381826&isnumber=7381793 |
| DOI | 10.1109/ISSRE.2015.7381826 |
| Citation Key | 7381826 |
- Markov Models
- WAP
- Topology
- system survivability
- Survivability
- Steady-state
- soft impacts
- security community
- security
- scanning nodes
- rejuvenation
- quarantine
- pubcrawl170101
- probability
- network topology
- Mathematical model
- advanced persistent threat
- malware infections
- malware
- invasive software
- infection probability
- four-node topology
- false positives
- false negatives
- early malware detection
- critical infrastructures
- critical infrastructure sectors
- Critical Infrastructure Protection
- coordinated massive malware campaign assessment
- contagion probability
- Analytical models
- advanced persistent threats