Hybrid Epidemics - A Case Study on Computer Worm Conficker
This addresses the challenge of understanding and mitigating hybrid cyber threats for internet security, though it is incremental in applying existing modeling techniques to a specific case.
The study tackled the problem of modeling the Conficker computer worm's unique hybrid spreading behavior by developing a mathematical model that combines local, neighborhood, and global probing strategies, showing that the epidemic is critically hybrid and ineffective in isolation.
Conficker is a computer worm that erupted on the Internet in 2008. It is unique in combining three different spreading strategies: local probing, neighbourhood probing, and global probing. We propose a mathematical model that combines three modes of spreading, local, neighbourhood and global to capture the worm's spreading behaviour. The parameters of the model are inferred directly from network data obtained during the first day of the Conifcker epidemic. The model is then used to explore the trade-off between spreading modes in determining the worm's effectiveness. Our results show that the Conficker epidemic is an example of a critically hybrid epidemic, in which the different modes of spreading in isolation do not lead to successful epidemics. Such hybrid spreading strategies may be used beneficially to provide the most effective strategies for promulgating information across a large population. When used maliciously, however, they can present a dangerous challenge to current internet security protocols.