[转载]Modeling botnet propagation using time zones

信息来源：http://www.math.tulane.edu/~tcsem/

Timezones play an important and unexplored role in malware epidemics. To understand how time
and location affect malware spread dynamics, we studied botnets. Over a six month period we observed
dozens of botnets representing millions of victims. We noted diurnal properties in botnets activity, which
we suspect occurs because victims turn their computers off at night. Through binary analysis, we also
conrmed that some botnets demonstrated a bias in infecting regional populations.
Clearly, computers that are ofine are not infectious, and any regional bias in infections will affect
the overall growth of the botnet. We therefore created a diurnal propagation model. The model uses
diurnal shaping functions to capture regional variations in online vulnerable populations.
The diurnal model also lets one compare propagation rates for different botnets, and prioritize repose.
Because of variations in release times and diurnal shaping functions particular to an infection, botnets
released later in time may actually surpass other botnets that have an advanced start. Since response
times for malware outbreaks is now measured in hours, being able to predict short-term propagation
dynamics lets us allocate resources more intelligently. We used empirical data from botnets to evaluate
the analytical model.