Statistical modeling of computer malware propagation dynamics in cyberspace

Zijian Fang; Peng Zhao; Maochao Xu; Shouhuai Xu; Taizhong Hu; Xing Fang

doi:10.1080/02664763.2020.1845621

Statistical modeling of computer malware propagation dynamics in cyberspace

J Appl Stat. 2020 Nov 10;49(4):858-883. doi: 10.1080/02664763.2020.1845621. eCollection 2022.

Authors

Zijian Fang¹, Peng Zhao², Maochao Xu³, Shouhuai Xu⁴, Taizhong Hu¹, Xing Fang⁵

Affiliations

¹ Department of Statistics and Finance, University of Science and Technology of China, Hefei, Peoples Republic of China.
² School of Mathematics and Statistics and Research Institute of Mathematical Sciences (RIMS), Jiangsu Provincial Key Laboratory of Educational Big Data Science and Engineering, Jiangsu Normal University, Xuzhou, Peoples Republic of China.
³ Department of Mathematics, Illinois State University, Normal, IL, USA.
⁴ Department of Computer Science, University of Texas at San Antonio, San Antonio, TX, USA.
⁵ School of Information Technology, Illinois State University, Normal, IL, USA.

Abstract

Modeling cyber threats, such as the computer malicious software (malware) propagation dynamics in cyberspace, is an important research problem because models can deepen our understanding of dynamical cyber threats. In this paper, we study the statistical modeling of the macro-level evolution of dynamical cyber attacks. Specifically, we propose a Bayesian structural time series approach for modeling the computer malware propagation dynamics in cyberspace. Our model not only possesses the parsimony property (i.e. using few model parameters) but also can provide the predictive distribution of the dynamics by accommodating uncertainty. Our simulation study shows that the proposed model can fit and predict the computer malware propagation dynamics accurately, without requiring to know the information about the underlying attack-defense interaction mechanism and the underlying network topology. We use the model to study the propagation of two particular kinds of computer malware, namely the Conficker and Code Red worms, and show that our model has very satisfactory fitting and prediction accuracies.

Keywords: Bayesian time series; MCMC; SIR; SIS; cyber threats.

Grants and funding

Shouhuai Xu was supported in part by National Natural Science Foundation (NSF) Grants 1814825 and 1736209 and Army Research Office (ARO) Grant W911NF-17-1-0566. The opinions expressed in the paper are those of the authors' and do not reflect the funding agencies' policies in any sense. Peng Zhao was supported by National Natural Science Foundation of China (11871252), and a Project Funded by the Priority Academic Program Development of Jiangsu Higher Education Institutions. Taizhong Hu was supported by Anhui Center for Applied Mathematics.