邪恶八进制信息安全团队技术讨论组 » 骨干网络运营{ Backbone Security } » 蠕虫监控[ Anti DDoS ] » [转载]Modeling botnet propagation using time zones [查看完整版本]

EvilOctal 2006-3-4 00:48

[转载]Modeling botnet propagation using time zones

信息来源：[url]http://www.math.tulane.edu/~tcsem/[/url]

Timezones play an important and unexplored role in malware epidemics. To understand how time
and location affect malware spread dynamics, we studied botnets. Over a six month period we observed
dozens of botnets representing millions of victims. We noted diurnal properties in botnets activity, which
we suspect occurs because victims turn their computers off at night. Through binary analysis, we also
conrmed that some botnets demonstrated a bias in infecting regional populations.
Clearly, computers that are ofine are not infectious, and any regional bias in infections will affect
the overall growth of the botnet. We therefore created a diurnal propagation model. The model uses
diurnal shaping functions to capture regional variations in online vulnerable populations.
The diurnal model also lets one compare propagation rates for different botnets, and prioritize repose.
Because of variations in release times and diurnal shaping functions particular to an infection, botnets
released later in time may actually surpass other botnets that have an advanced start. Since response
times for malware outbreaks is now measured in hours, being able to predict short-term propagation
dynamics lets us allocate resources more intelligently. We used empirical data from botnets to evaluate
the analytical model.

查看完整版本: [转载]Modeling botnet propagation using time zones

© 1999-2008 EvilOctal Security Team