Beginning in 2001, many instances of malicious software known as Internet worms have been using biological strategies such as hierarchical dispersal to seek out and spread to new susceptible hosts more efficiently. We measured the distribution of potentially susceptible hosts in the space of Internet addresses to determine their clustering. We have used the results to construct a full-size simulated Internet with 232 hosts with mean and variance of susceptible hosts chosen to match our measurements at multiple spatial scales. Epidemiological simulations of outbreaks among the roughly 2.8×106 susceptible hosts on this full-sized network show that local preference scanning greatly increases the chances for an infected host to locate and infect other susceptible hosts by a factor of as much as several hundred. However, once deploying this strategy, the overall success of a worm is relatively insensitive to the details of its dispersal strategy over a wide range of parameters. In addition, although using localized interactions may allow malicious software to spread more rapidly or to more hosts on average, it can also lead to increased variability in infection levels among replicate simulations. Using such dispersal strategies may therefore be a high risk, high reward strategy for the authors of such software.
Keywords: Malicious software; Network models.
Copyright © 2017 Elsevier Ltd. All rights reserved.