Title: Topological protection from the next generation malware: a survey

Authors: Andrea Arbore; Vincenzo Antonio Fioriti

Addresses: Tieto Italy SpA, Via di Torre Spaccata 172, 00169 Roma, Italy ' Via Adda, 00198 Roma, Italy

Abstract: The spreading of dangerous malware in inter-dependent networks of electronics devices has raised deep concern, because from the ICT networks infections may propagate to other critical infrastructures producing the well-known domino effect. Researchers are attempting to develop a high level analysis of malware propagation, discarding software details, in order to generalise to the maximum extent the defensive strategies. It has been suggested that the maximum eigenvalue could act as a threshold for the malware spreading. This paper presents a new proof of this statement and an original way to classify the max eigenvalue minimisation problem (NP-hard). A study of the Italian internet autonomous system verifying the theoretical threshold is shown. Finally, it shows how to stop a worm in a real LAN using a new sub-optimal algorithm. Such algorithm suggests which nodes to protect for limiting the worm diffusion according to the spectral paradigm.

Keywords: next generation malware; viruses; worms; epidemic spreading; threshold; topological protection; critical infrastructures; Stuxnet; SCADA defence; Italian AS; minimisation max eigenvalue; fixed point theorem; hereditary graph properties; NP-hard problem; LANs; local area networks; malware propagation.

DOI: 10.1504/IJCIS.2013.051603

International Journal of Critical Infrastructures, 2013 Vol.9 No.1/2, pp.52 - 73

Published online: 28 Apr 2014 *

Full-text access for editors Full-text access for subscribers Purchase this article Comment on this article