Modeling Internet-Scale Policies for Cleaning up Malware
This work addresses the challenge for policy makers in determining cost-effective interventions to combat malware at an internet scale, though it is incremental as it builds on existing modeling approaches.
The paper tackles the problem of assessing large-scale malware countermeasures by using an agent-based model (ASIM) to evaluate policy interventions at the Autonomous System level, finding that coordinated efforts by the top 0.2% of ASes are more effective than uncoordinated efforts by 30% of ASes and that blocking malicious transit traffic outperforms blocking outgoing traffic.
An emerging consensus among policy makers is that interventions undertaken by Internet Service Providers are the best way to counter the rising incidence of malware. However, assessing the suitability of countermeasures at this scale is hard. In this paper, we use an agent-based model, called ASIM, to investigate the impact of policy interventions at the Autonomous System level of the Internet. For instance, we find that coordinated intervention by the 0.2%-biggest ASes is more effective than uncoordinated efforts adopted by 30% of all ASes. Furthermore, countermeasures that block malicious transit traffic appear more effective than ones that block outgoing traffic. The model allows us to quantify and compare positive externalities created by different countermeasures. Our results give an initial indication of the types and levels of intervention that are most cost-effective at large scale.