ABSTRACT

Modeling cyber threats, such as the computer malicious software (malware) propagation dynamics in cyberspace, is an important research problem because models can deepen our understanding of dynamical cyber threats. In this paper, we study the statistical modeling of the macro-level evolution of dynamical cyber attacks. Specifically, we propose a Bayesian structural time series approach for modeling the computer malware propagation dynamics in cyberspace. Our model not only possesses the parsimony property (i.e. using few model parameters) but also can provide the predictive distribution of the dynamics by accommodating uncertainty. Our simulation study shows that the proposed model can fit and predict the computer malware propagation dynamics accurately, without requiring to know the information about the underlying attack-defense interaction mechanism and the underlying network topology. We use the model to study the propagation of two particular kinds of computer malware, namely the Conficker and Code Red worms, and show that our model has very satisfactory fitting and prediction accuracies.

摘要

建模网络威胁，例如网络空间中的计算机恶意软件（malware）传播动力学，是一个重要的研究问题，因为模型可以加深我们对动态网络威胁的理解。在本文中，我们研究了动态网络攻击的宏观演变的统计建模。具体来说，我们提出了一种贝叶斯结构时间序列方法，用于对网络空间中的计算机恶意软件传播动态进行建模。我们的模型不仅具有简约性（即使用很少的模型参数），而且可以通过适应不确定性来提供动力学的预测分布。我们的仿真研究表明，所提出的模型可以准确地拟合和预测计算机恶意软件的传播动态，无需了解底层攻防交互机制和底层网络拓扑等信息。我们使用该模型研究了两种特定类型的计算机恶意软件，即Conficker 和Code Red 蠕虫的传播，并表明我们的模型具有非常令人满意的拟合和预测精度。