Research Article Worms Propagation Modeling and Analysis in Big Data Environment

(1)

Research Article

Worms Propagation Modeling and Analysis in

Big Data Environment

Song He,

1

Can Zhang,

2,3

Wei Guo,

3

and Li-Dong Zhai

3

1_{School of Management and Economics, Beijing Institute of Technology, Beijing 100081, China} 2_{North China Electric Power University, Baoding 071000, China}

3_{Institute of Information Engineering, Chinese Academy of Sciences, Beijing 100093, China}

Correspondence should be addressed to Li-Dong Zhai; [email protected] Received 5 August 2014; Accepted 16 November 2014

Academic Editor: Qingquan Zhang

Copyright © 2015 Song He et al. This is an open access article distributed under the Creative Commons Attribution License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.

The integration of the Internet and Mobile networks results in huge amount of data, as well as security threat. With the fragile capacity of security protection, worms can propagate in the integration network and undermine the stability and integrity of data. The propagation of worm is a great security risk to massive amounts of data in the integration network. We propose a kind of worm propagating in big data environment named BD-Worm. BD-Worm consumes computing resources and gets privacy information of users, which causes huge losses to our working and living. This paper constructs an integration network topology model and designs the BD-Worm propagating in the big data environment. To analyze the propagation of BD-Worm, we conduct a simulation and provide some recommendations to contain the widespread of BD-Worm according to the simulation results.

1. Introduction

The popularity of mobile intelligent terminal brings great convenience to people’s lives. Mobile shopping, mobile banking, mobile social network, mobile maps, and other applications provide users with a variety of services. However, the convenience also brings up a security risk. Mobile phones store a lot of privacy information including contacts, SMS, bank accounts, social network accounts, and geographic information. Network attackers steal the user’s private infor-mation to make correlation analysis and engage in illegal activities, which violates user’s privacy.

The integration of the Internet and Mobile networks has brought great convenience for us. The increasing number of mobile devices causes explosive growth of the amount of data in integration network. While the high-speed development of the integration network brings people into the era of big data, it also brings some data security problems, such as theft and leakage of privacy data and sensitive data [1].

As a kind of malicious program that can infect large amount of hosts in short time, worm is exploited by network

attacker. We name the worms destroying data security in integration network as BD-Worm, which takes advantage of the weak security protection ability, propagates in a large area in the network, and destroys the stability and security of data. Here, BD-Worm constitutes one of the major network data security problems because of the integration of the Internet and Mobile network.

In order to ensure the massive data are much safer, we should analyze the propagation mechanism of BD-Worm firstly and then provide effective protection strategies against its propagation characteristics. This paper constructs an integrated network topology and simulates the propaga-tion of BD-Worm. The worm propagates by files attached with malicious code. Considering the differences between computer and mobile intelligent terminal operating system, worm propagation in different operation system needs cross different protocol. The paper chooses files supported by a variety of operating systems as virus vector. The formats of such files include txt and mp3. Once user opens the file attached with worm code, the worm will be activated, will copy itself, and will attach other files with BD-Worm.

Volume 2015, Article ID 985856, 8 pages http://dx.doi.org/10.1155/2015/985856

(2)

BD-Worm will be presented in Section 3. In Section 4, we simulate the BD-Worm in integration network and study the BD-Worm spreading in the different network topology and defense. Finally,Section 5concludes this paper.

2. Related Work

In this section, we first introduce the effect of integration network on data. Then, we introduce the security risk of big data and several related improvements. At last, we explore the work related to worm theory and new generation worm in different scenarios.

Here, the integration of the Internet and Mobile net-work is the integration of fixed node and Mobile netnet-work, which has greatly expanded the network’s flexibility [2]. The popularity of smart phones and tablets spawned a large number of network applications, such as social network, online shopping, and games. It is much more convenient for people’s lives by using those applications. The integrated network produces a variety of data formats. In addition, much data such as communications and online transaction need real-time analysis and process. It presents a great challenge to integrated network’s data processing capability [3].

More and more privacy leak events raise people’s aware-ness about importance of personal information. With the integration of Mobile network and Internet, the storage, management, and use of huge amount of data are faced with serious security challenges. The protection of mobile phone and Internet users’ privacy information has become a major research question in integration network.

Considering the security risks of distributed data storage in big data environment, Zhao [4] takes data access patterns and query into consideration and designed a distributed platform, to ensure the integrity and security of data. Data encryption and privacy protection technologies and man-agement modes cannot meet the requirements in capacity, performance, storage, and security of big data. Data security and privacy protection of users are faced with huge impact and challenges. Wang [5] provides a kind of big data encryp-tion algorithm based on data deduplicaencryp-tion technology. The studies have shown that the security of the algorithm is reliable and the algorithm improves the speed of large data encryption processing effectively.

The research on worms over the past few years has focused on future worms and those future worms may propagate in specific complex environment or be designed with new function. For example, Su [6] designs a new kind of network worm that propagates in IPv6 and IPv4-IPv6 transition environment, and the new worm is named NHIW, New Hybrid Internet Worm. Based on the analysis of network worm scanning strategy, Xu et al. [7] design a new kind of network worm-DNSWorm-V6, which can propagate rapidly in IPv6 network by scanning the whole network applying two layers different scanning strategy. Wang [8] analyses the propagation characteristics of worms propagate in Internet of Vehicles and proposes a kind of benign worm defensing malicious worm in Internet of Vehicles.

of the worm consists of two parts: the main function structure and the auxiliary function structure. The main function structure controls the basic characteristics of worms, and the auxiliary function is designed for enhancing the properties of worms. Worms scan the whole network to find next attack target. There are many kinds of scan strategies and different strategy will achieve different effects [10]. The research of worms propagation model is based on the spread of epidemic in biology [11]. The classic worm propagation models include SIR/SIS model [12], two-factor model [13], and WOW model [14].

All of these studies as mentioned above focus on the tra-ditional worm; however, our paper focuses on constructing a propagation model of BD-Worm. The security of big data has attracted the attention of mobile phone and computer users. Once the BD-Worm is released into the integrated network by attacker, it will steal huge privacy data. Attacker can control the whole data in infected host through the backdoor reserved by worms.

3. Modeling of BD-Worm

In this section, we provide the big data structure of integrated network and model the BD-Worm.

The integration of Internet and Mobile network makes many data services shared in the mobile terminals and com-puters. Users can access the Internet anytime and anywhere. Mobile office, remote office, and real-time office are the marks of big data era. The data in Internet and Mobile network are collected into the cloud platform for further storage and management. The structure of big data environment is showed inFigure 1.

The model of BD-Worm can be modeled in five aspects: the infecting process of BD-Worm, the connection probabil-ity among each node, the defense capabilprobabil-ity of mobile nodes and fixed nodes, the opening probability of each suspicious file after being received, and, the last part, computing resource controlling.

3.1. Infection Process of BD-Worm. The integrated network produced variety of data formats, such as .gif, .doc, .mp3, and .rmvb [15]. BD-Worm propagates in integrated network by embedding in the document. BD-Worm spreading in a large scale occupies amounts of data storage space. For the reason that BD-Worm runs on various operating systems, the malicious software programs attached by the document must contain most of the major operating systems both for computer and smart phone, such as windows, Mac, and Android.

The process of worm infection is shown inFigure 2. As the figure shows, when user received a file attached worm, the file should be scanned by antivirus software to detect whether there are any abnormalities or not. If the file is abnormal, it will be deleted. If the file is opened by user, it will copy itself and infect other files, which will consume large amount of computing resources. That means the abnormal computing

(3)

Data center

Services Remote office

Remote office

Airport

Coffee shop Home

Cloud platform ISDN IS D N WiFi W iFi 3 G WAN Internet

Figure 1: The big data environment structure.

Receive a file

Antivirus software

Abnormal

Open the file

Memory consuming abnormal

No

Normal file No

Delete the file

Delete the process Yes

Yes

Figure 2: The process of worm infecting.

resource consuming will cause user’s awareness. The user will adjudge the memory consuming. If he or she finds that the computed resource controlling is abnormal, the progress of the worm will be killed directly. Otherwise, we consider that the file is benign. If the file is a normal one, it will continue receiving the file. The BD-Worm which runs with infected file will begin to control the computing resources. Finally, it continues to receive the file. This process will be repeated in the whole network unless all BD-Worms are removed.

3.2. Connection Probability of Nodes. In big data environ-ment, the topology of the integrated network plays a critical role in determining the propagation speed of BD-Worm. In this paper, the topology of the integrated network is determined by connection probability of nodes. All notations used in our paper are shown in Abbreviations Section.

To analyse the topology of integrated network,𝐺 = (𝑉, 𝐸) stands for the network. There are𝑁nodes and𝑚edges in the network.𝑉 = {V₁,V₂, . . . ,V_𝑁}is the set of nodes, while

𝐸 = {𝑒₁, 𝑒₂, . . . , 𝑒_𝑀}is the set of edges. The nodes in the

inte-grated network are classified into two categories: fixed nodes and mobile nodes. Let𝑉𝑀denote the mobile nodes and𝑉𝐹 denote the fixed nodes:

𝑉 = {V1,V2, . . . ,V𝑁} ,

𝑉𝑀 = {V𝑚₁,V𝑚₂, . . . ,V𝑚_𝑚} ,

𝑉𝐹 = {V𝑓1,V𝑓2, . . . ,V𝑓𝑛} ,

𝑚 + 𝑛 = 𝑁,

(1)

whereV𝑚𝑖,𝑖 ∈ [1, 𝑚], stands for a mobile node,V𝑓𝑗,𝑗 ∈ [1, 𝑛],

stands for a fixed node, and the total number of mobile nodes and fixed nodes is𝑁.

In the integration network, we define𝑃_𝐹 = 𝑚/𝑁as the proportion of the fixed nodes in the network. On the other hand, we define𝑃_𝑀as the proportion of mobile nodes in the network:

𝑃_𝑀= 1 − 𝑃_𝐹. (2)

When𝑃_𝐹 = 1, the integrated network is the Internet in fact. As𝑃_𝐹decreases, there will be more mobile devices added in the integrated network while less computers are added as

(4)

Therefore, in order to generate the integrated network, we need to analyze the degree distribution𝑃(𝑘)of the Internet and Mobile network, respectively, and integrate them to be the integrated network.

In the Internet, recently Faloutsos et al. [16] showed empirically that certain properties of the AS-level Internet topology are well-described power laws. The most interesting of these regards the degree of a node. If we let𝑃(𝑘)be the fraction of nodes with degree𝑘, then it is demonstrated that

𝑃(𝑘) ∼ 𝑘𝛼_{. The exponent}_𝛼_{is obtained by performing a linear}

regression on𝑃(𝑘)when plotted on 2002 AS-level topology;

here𝛼 = −2.18. To keep it simple, the Internet in this paper

is defined as a scale-free network with the degree distribution

𝑃(𝑘) ∼ 𝑘−2[17].

In the mobile network, Lambiotte et al. [18] analyzed statistical properties of a Mobile network constructed from the records of a mobile phone company. The network consists of 2.5 million customers that have placed 810 million com-munications (phone calls and text messages) over a period of 6 months. It is shown that the degree distribution in the Mobile network has a power-law degree distribution

𝑃(𝑘) ∼ 𝑘−5_{. In this paper, although worm spreads in Mobile}

network only through SMS, MMS, and GPRS, which do not contain phone calls, this spreading still mainly follows the relationship between the mobile users. Therefore, the Mobile network is also defined as a scale-free network with power-law exponent𝛼 = −5.

According to the above analysis, the power-law exponent of the integrated network degree distribution can be written

as−5 ≤ 𝛼 ≤ −2, and 𝛼 changed with proportion of the

fixed node (mobile node) in integration network𝑃_𝐹(𝑃_𝑀). We denote that𝛼 = −2 − 3𝜌is the power-law exponent of integrated network. Recently, a power-law topology generator is the best candidate to generate the integrated network, although the degree of a real integrated network may not be strictly power-law distributed when the integrated Internet and Mobile network are the heterogeneous network. In this paper, we use the generalized linear preference (GLP) power-law generator [19]. There are two important reasons. Firstly, it presents a generalized linear preference model that, coupled with the incremental algorithm of [20], generates topologies that more closely model the Internet. Secondly, we choose the GLP power-law network generator instead of other generators because it also has an adjustable power-law exponent𝜂. The following is the formula of𝜂:

2𝑚 − 𝛽 (1 − 𝑝)

(1 + 𝑝) 𝑚 = 𝜂, (3)

where𝑚is the number of initial edges of a new node,𝑝 ∈

[0, 1] is the probability that adds 𝑚 new links, and 𝛽 ∈

(−∞, 1)is a tunable parameter that indicates the preference

for a new node (edge) connecting to more popular nodes. The bigger the value of 𝛽is, the more preference is given to high degree nodes. There are no self-loops and merge duplicate edges in the GLP. Then [19] demonstrated that𝜂 =

𝛼 + 1approximately. According to the𝛼,𝜂can be derived as

assume that𝑚and𝑝have a constant value observed from empirical data and only adjust𝛽to match𝜂.

In the integrated network, infected nodes will transfer files with other connected nodes. Among the large number of connected nodes, which node the infected node would like to choose is a significant problem. Then, we will calculate the node connecting probability.

If there is an edge between node𝑖and node𝑗, we note that𝑏_𝑖𝑗 = 1; otherwise𝑏_𝑖𝑗 = 0. Thus, the whole network can be defined as correlation matrix𝐴:

𝐴 = ( 𝑏₁₁ 𝑏₁₂ ⋅ ⋅ ⋅ 𝑏_1𝑛 𝑏₂₁ 𝑏₂₂ ⋅ ⋅ ⋅ 𝑏_2𝑛 ... ... ... ... 𝑏_𝑛1 𝑏_𝑛2 ⋅ ⋅ ⋅ 𝑏_𝑛𝑛 ) . (4)

According to the matrix, we can find that the nodes directly connected with node 𝑖 can be defined as 𝑎_𝑖 =

(𝑏𝑖1 𝑏𝑖2 ⋅ ⋅ ⋅ 𝑏𝑖𝑛). 𝑘𝑖 is the degree of node 𝑖, and it can be

derived from𝑘_𝑖= ∑𝑛_𝑗=1𝑏_𝑖𝑗.𝐾is all the degrees of the network:

𝐾 = (

𝑘₁ 0 0

0 d 0

0 0 𝑘_𝑛

) . (5)

The total degree of all nodes connected to node𝑖is

𝐷_𝑠𝑖= 𝑎_𝑖∗ 𝐾 = (𝑏𝑖1 𝑏𝑖2 ⋅ ⋅ ⋅ 𝑏𝑖𝑛) ∗ (

𝑘₁ 0 0

0 d 0

0 0 𝑘_𝑛

) . (6)

We consider a node only transferring files to the other node that is connected. It sounds more reasonable than transferring files to all the nodes no matter whether it is connected or not. cp is the connected probability. Therefore, the probability of node 𝑖 being connected to node𝑗 is as follows: cp= 𝑘𝑖 𝐷_𝑠𝑖 = ∑𝑛_𝑗=1𝑏_𝑖𝑗 (𝑏_𝑖1 𝑏_𝑖2 ⋅ ⋅ ⋅ 𝑏_𝑖𝑛) ∗ (𝑘10 d0 00 0 0 𝑘𝑛 ). (7)

3.3. Opening Probability. One of the most significant studies of modeling the worm propagation model is qualifying the user awareness. The user security consciousness determines whether the worm can be activated successfully.

User awareness is too complex to be modeled well, for the reason that it may be affected by everything around the user. Based on the BD-Worm malicious acts to the system and the common characters of the computer and smartphone, we can study the computing resource consuming acting on the user awareness. Because worm copies itself and infects other files, it will cause CPU hogs and rewrite hard-disk driver frequently and that will reduce the system operability sharply.

(5)

In particular, when the computing resource consuming is at a very high level, the obvious abnormal lag of opening files or software will easily draw the user’s attention and replace his normal work (such as opening received files from email) with checking his system.

When the amount of computing resource consumption increases at a high level, we can notice the abnormity. Also, we can conclude that the opening probability equals 100 percent with no computing resource consuming and zero percent with full use of computing resource consumption. Therefore, we should simulate the opening probability with an equation like circle𝑥2 + 𝑦2 = 1,𝑥 > 0,𝑦 > 0. While the circle equation with radio equals one did not work well in simulating user awareness, to keep simple, let opp_𝑛(𝑡)be the opening probability of node𝑛at time𝑡. Consider opp_𝑛(𝑡) =

1 −crc_𝑛(𝑡), where crc_𝑛(𝑡)is computing resource consuming and crc_𝑛(𝑡) ∈ [0, 1). OPP(𝑡) is the opening probability of whole network, for calculating in the worm propagation model. OPP_𝑖,𝑡(𝑡) = OPP₁(𝑡) is the opening probability of node 1: OPP(𝑡) = ( opp₁(𝑡) ⋅ ⋅ ⋅ opp_𝑛(𝑡) ... d ... opp₁(𝑡) ⋅ ⋅ ⋅ opp_𝑛(𝑡) ) . (8)

3.4. Computing Resource Controlling. In big data environ-ment, when a host is infected by worm, it will consume many computing resources. The high computing resource consum-ing will result in users’ security consciousness and will kill the worms.

The computing resource controlling is a complex factor that affects the worm propagation speed. There are two reasons. One is the higher computing resource consuming intending to increase user awareness which will reduce the opening probability. The other is the higher computing resource consuming and longer infected time which will increase abnormal files among the transferring files which will increase the propagation speed. Let diagonal matrix CRC(𝑡)be the abnormal files probability of the whole net-work. CRC_𝑖,𝑖(𝑡) ∈ [0, 1]is the sum of crc_𝑡(𝑡)from time one to time𝑡divide a constant𝐶. When∑𝑡_𝑖=1crc₁(𝑖)equals𝐶, we think that all of the certain files have already been infected. Then, we can draw the conclusion that computing resource consuming affecting worm propagation speed in reason one is opposite to reason two. In practice, forever propagation might not be possible because the worm will ultimately be detected by host-/software-based detection methods and the vulnerability exploited by the worm will be fixed through software updates within a certain amount of time [21]. Hence, how to get a high propagation speed is a necessary and significant work in this paper:

CRC(𝑡) = ( ∑𝑡_𝑖=1crc₁(𝑖) 𝐶 0 0 0 d 0 0 0 ∑𝑡𝑖=1crc𝑛(𝑖) 𝐶 ) . (9)

To control the worms resource consuming, we provide a greedy method. In the greedy method, the BD-Worm is always greedy on the computing resource consuming since it infects a node successfully. In the greedy method, the BD-Worm will firstly infect a target node with a low computing resource consuming to avoid abnormality. After the BD-Worm infects the node, it will increase the consuming in order to copy itself and infect other nodes. It is a serious problem when and how much should the BD-Worm increase the consuming. It is hard to make a standard that fits for all nodes, for the reason that user awareness is different with anybody and unfit increasing lead the progress to be killed by user. One standard only fits for one node. Therefore, we make a rule that will test the user awareness to solve the problem. As we know, an infected node still receives abnormal files frequently when the worm outbreaks. The rule is to control the new progress consuming created by the new abnormal files which is equal to the consuming which the BD-Worm will increase. If the increasing draws user attention, only the new progress will be killed. Otherwise, the increase of consuming can be trusted. Let crc_𝑛(𝑡) =

𝜇 + cou_𝑛(𝑡) × 𝜑 where 𝜇 is the initial computing resource

consuming, cou_𝑛(𝑡) is the time of an infected opening the abnormal files, and𝜑is the increasing computing resource consuming. It is a linear equation and ranges from zero to one.

3.5. Defense Capability of Nodes. Because of difference of defense capability of mobile nodes and fixed nodes, the probability of worm nodes being detected is different. In this paper, we define defense capability of nodes as the probability of worm nodes being detected.

Defense strategy can be generally classified into two cat-egories: active defense strategy and passive defense strategy. Active defense refers to those strategies aiming at enhancing the defense capability of the system actively. For example, abnormal detection can reduce the possibility of worm to attack system successfully. Active defense strategy is deployed not for a particular worm, while passive defense strategy is deployed after detecting worms on the Internet. There are many passive strategies, such as system patch and blacklist of malicious address [22]. Actually, whether it is active defense strategy or passive defense strategy, the defense capability of mobile nodes is weaker than fixed nodes.

We introduce a parameter DC(𝑛)denoting the defense capability of node𝑛, which represents the undetected prob-ability of the integrated network. Compared with the com-puter, mobile phone is weaker in some aspects, such as its limited computing resources and its limited battery life. In the big data environment constituted by mobile nodes and fixed nodes, the abnormalities caused by worms in mobile nodes are more obvious, which means the capability of mobile nodes is weaker than fixed nodes. We introduce

𝛼_𝑚, 𝛼_𝑓denoting the undetected probability of mobile nodes and fixed nodes, respectively. The bigger the undetected probability is, the stronger the defense capability will be.

(6)

𝑁 20000 𝑃𝐹 50% 𝛽 3.5 𝑚 1 𝑝 0.5 𝜇 0.1 𝜑 0.05 𝛼_𝑚 0.1 𝛼𝑓 0.1

That is to say,𝛼_𝑚 ≥ 𝛼_𝑓. DC(𝑛)is the undetected probability of the whole network:

DC(𝑛) ={_{

{

𝛼_𝑚 if𝑀_𝑛,𝑛 = 1

𝛼_𝑓 if𝐹_𝑛,𝑛= 1. (10)

4. BD-Worm Simulation

To study the characteristics of BD-Worm propagation in integrated network, we simulate the propagation on OMNet. First, we generate several GLP topological networks by Brite. Second, we simulate the spreading process of BD-Worm by sending message. Lastly, we compare the BD-BD-Worm spreading simulation results with different parameters. There is a parameters list of integrated network which is shown in

Table 1.

4.1. The Influence of Network Topology. The network topology has a great impact on worm propagation.

We know the amount of mobile phones and computers in the integrated network will affect the propagation of worms obviously. Therefore, we try to find the character of worm propagation on the topology we proposed by simulating worm propagation on the network topology of Internet, Mobile network, and integrated network.

In the simulation, the integrated network consists of 10000 nodes of Internet and 10000 nodes of Mobile network, and the total number of the nodes in integrated network is 20000. Unlike the traditional worm, BD-Worm could spread on both the Internet and Mobile network. The network proportion is 0.5. We generate the topology by Brite and the average degree in Internet degree is 4.0196, in Mobile network the degree is 3.9794, and in the integrated network the degree is 4.0166. So, the average degree of the network topology is 4. From the worm propagation in the complex network, we know the degree of the first infected node makes a big difference on worm propagation. In this paper, we choose a high degree node instead of the average degree for the reason that a node with high degree has a more stable spreading.

From the result showed inFigure 3, worm propagation in Mobile network is a little faster than in Internet. Worm propagates the fastest in the integrated network. When𝑃_𝐹=

50% or𝑃_𝑀= 50%, that is to say, there are 10000 fixed nodes

1.8 1.6 1.4 1.2 1 0 0.8 0.6 0.4 0.2 0 100 200 300 400 500 600 Time N u m b er o f no des 10000fixed nodes 10000mobile nodes 20000heterogeneous nodes

10000fixed nodes in heterogeneous network

10000mobile nodes in heterogeneous network

Figure 3: BD-Worm propagation in integrated network compared with traditional worm spreading in single network.

or 10000 mobile nodes in the integrated network, the two propagation curves are nearly the same.

We can draw a conclusion from the simulation results that BD-Worm spreads fast at the beginning of the propagation and spreads faster in integrated network than in Internet or Mobile network. Once worm outbreaks in integrated network, its high propagation speed will lead the existing defense to be useless and the loss will be catastrophic.

Therefore, we need to improve the capability of anomaly detection and early warning in both Internet and Mobile network to contain the spread of worms.

4.2. The Influence of Defense Capability. Because of the limited computing resources of mobile intelligent terminals, the defense in the Mobile network is absolutely not as good as in the Internet. In this simulation, we increase the defense capability of Mobile network𝛼_𝑚from 0.1 to 0.3 and compare it with the default parameter 0.1. As showed in Figure 4, first, the propagation speed with𝛼_𝑚 = 0.3has remarkable increasing compared with𝛼_𝑚 = 0.1. Second, not only does the BD-Worm propagation speed in Mobile network gain a lot of speed, but the Internet with the unchanged𝛼_𝑓 = 0.1 also accelerates the BD-Worm spreading speed. Furthermore, BD-Worm propagation in Mobile network is faster than in Internet.

As we all know, the replacement of smartphones is very fast. The security technology for smartphones is not keeping up with the development of phones, leading to the weak defense capability to virus and worm. Our personal infor-mation is stored in smartphone; the security capability is a serious problem.

(7)

2 1.8 1.6 1.4 1.2 1 0 0.8 0.6 0.4 0.2 0 100 200 300 400 500 600 Time N u m b er o f no de ×104 _{Propagation speed} 10000mobile nodes 0.3 20000nodes mix_{0.1, 0.1} 10000fixed nodes0.1 10000mobile nodes0.1 20000mix nodes0.1, 0.3 10000fixed nodes_0.1

Figure 4: BD-Worm spreading with different defense.

Therefore, we can draw the conclusion that the weakness of host detection in Mobile network increases the BD-Worm propagation sharply and causes the defense in Internet to be not useful as before. On the other hand, if we could reduce the undetected probability𝛼_𝑚, which means enhancing the defense capability of mobile nodes, it will protect the worm spreading not only in Mobile network, but also in the Internet. Also, unlike the case in the Internet, the defense in the mobile network still has a lot of room to develop. Hence, we should put more resources into developing the defense in Mobile network.

5. Conclusion

In this paper, we first propose a BD-Worm, worm propagating in big data environment caused by integration of Internet and Mobile network. Then we model the BD-Worm with its infection process, connection probability opening probability and computing resource consuming in theory. Finally, we simulate the propagation of BD-Worm. From the simulation result, we draw the conclusions. First, worms in big data environment which are integrated by mobile nodes and fixed nodes propagate faster than worms in traditional Internet and they will cause more serious damage than traditional ones. Second, if we put more resources into developing the defense on Mobile network node, it also protects the Internet nodes.

BD-Worm provided in this paper is just one classic security problem under the big data field. The privacy protection is a serious problem in big data environment. Enhancing security and defense capability should improve our technology both in smartphones and computers.

Abbreviations

𝑃(𝑘): Heterogeneous network degree distribution

𝑉𝑀: Mobile node

𝑉𝐹: Fixed node

𝑃_𝐹: Proportion of the fixed node in integration network

𝑃_𝑀: Proportion of the mobile node in integration network

𝜌: Proportion of computer in heterogeneous network

𝛼: Exponent in scale-free network

𝜂: Exponent in GLP generator

𝑝: Probability that adds𝑚new links

𝛽: Tunable parameter that indicates the preference for a new node

𝐾: All the degrees of the network Np: Network proportion

cp: Network connected probability

DC(𝑛): Node𝑛having a probability of undetected worm

𝛼_𝑚: Undetected probability on Mobile network

𝛼_𝑓: Undetected probability on Internet opp_𝑛(𝑡): Opening probability of node𝑛at time𝑡 crc_𝑛(𝑡): Computing resource consuming OPP(𝑡): Opening probability of whole network CRC(𝑡): Diagonal matrix, abnormal files

probability of the whole network

𝜇: Initial computing resource consuming

𝜑: Increasing computing resource consuming

𝜆: Infected probability.

Conflict of Interests

The authors declare that there is no conflict of interests regarding the publication of this paper.

Acknowledgment

This work is partially supported by 863 National Hi-Tech Research and Development Program (2011AA01A103).

References

[1] J. Manyika, M. Chui, B. Brown et al.,Big Data: The Next Frontier

for Innovation, Competition, and Productivity, 2011.

[2] W. Guo, L. Zhai, Y. Ren, and L. Guo, “Intelligent heterogeneous

network worms propagation modeling and analysis,” in

Com-puter Science and Its Applications, vol. 203, pp. 515–524, Springer, Amsterdam, The Netherlands, 2012.

[3] J. K. Laurila, D. Gatica-Perez, I. Aad et al., “The mobile data

challenge: big data for mobile computing research,” in

Proceed-ings of the International Conference on Pervasive Computing, (EPFL-CONF-192489), 2012.

[4] S. N. Zhao,The Research on Big Data’s Distributed Storage and

Secure Protection, Shan Dong University, 2014.

[5] M. M. Wang, Big Data Encryption Algorithm Based on Data

Deduplication Technology, North China University of Water Resources and Electric Power, 2013.

(8)

[7] Y. G. Xu, H. T. Qian, and K. Zhang, “Research of DNS worm in

IPv6 networks,”Computer Science, vol. 36, no. 12, pp. 32–36,

2009.

[8] Z. Wang,Research on Worm Propagation and Prevention-Cure

in Internet of Vehicles, Nanjing University of Science & Tech-nology, 2013.

[9] A. Wagner, T. D¨ubendorfer, B. Plattner et al., “Experiences with

worm propagation simulations.,” in Proceedings of the ACM

workshop on Rapid Malcode, pp. 34–41, ACM, 2003.

[10] C. C. Zou, D. Towsley, and W. Gong, “On the performance

of internet worm scanning strategies,”Performance Evaluation,

vol. 63, no. 7, pp. 700–723, 2006.

[11] Y. Wang, D. Chakrabarti, C. Wang, and C. Faloutsos, “Epi-demic spreading in real networks: an eigenvalue viewpoint,” inProceedings of the 22nd International Symposium on Reliable Distributed Systems (SRDS ’03), pp. 25–34, October 2003. [12] C. C. Zou, D. Towsley, and W. Gong, “On the performance

of Internet worm scanning strategies,”Performance Evaluation,

vol. 63, no. 7, pp. 700–723, 2006.

[13] R. Pastor-Satorras and A. Vespignani, “Epidemic dynamics and

endemic states in complex networks,”Physical Review E, vol. 63,

Article ID 066117, 2001.

[14] Z. Chen, L. Gao, and K. Kwiat, “Modeling the spread of active

worms,” inProceedings of the 22nd Annual Joint Conference of

the IEEE Computer and Communications Societies (INFOCOM

’03), vol. 3, pp. 1890–1900, April 2003.

[15] P. Zikopoulos and C. Eaton,Understanding Big Data: Analytics

for Enterprise Class Hadoop and Streaming Data, McGraw-Hill Osborne Media, 2011.

[16] M. Faloutsos, P. Faloutsos, and C. Faloutsos, “On power-law

relationships of the internet topology,” inProceedings of the

ACM Conference on Applications, Technologies, Architectures, and Protocols for Computer Communication (SIGCOMM ’99), pp. 251–262, September 1999.

[17] A.-L. Barab´asi and R. Albert, “Emergence of scaling in random

networks,”Science, vol. 286, no. 5439, pp. 509–512, 1999.

[18] R. Lambiotte, V. D. Blondel, C. de Kerchove et al., “Geographical

dispersal of mobile communication networks,”Physica A:

Sta-tistical Mechanics and Its Applications, vol. 387, no. 21, pp. 5317– 5325, 2008.

[19] T. Bu and D. Towsley, “On distinguishing between Internet

power law topology generators,” in Proceedings of the 21st

Annual Joint Conference of the IEEE Computer and Communi-cations Societies (Infocom ’02), vol. 2, pp. 638–647, June 2002. [20] R. Albert and A.-L. Barab´asi, “Topology of evolving networks:

local events and universality,”Physical Review Letters, vol. 85,

no. 24, pp. 5234–5237, 2000.

[21] M. Christodorescu, S. Jha, S. A. Seshia, D. Song, and R. E.

Bryant, “Semantics-aware malware detection,” inProceedings of

the IEEE Symposium on Security and Privacy, pp. 32–46, May 2005.

[22] D. Brumley, L.-H. Liu, P. Poosankam, and D. Song, “Design

space and analysis of worm defense strategies,” inProceedings of

the ACM Symposium on Information, Computer and Communi-cations Security (ASIACCS ’06), pp. 125–137, ACM, March 2006.

(9)

International Journal of

Aerospace

Engineering

Hindawi Publishing Corporation

http://www.hindawi.com Volume 2014

Robotics

Journal of

http://www.hindawi.com Volume 2014 Active and Passive Electronic Components

Control Science and Engineering

Journal of

Hindawi Publishing Corporation

http://www.hindawi.com Volume 2014

Machinery

http://www.hindawi.com Volume 2014 Hindawi Publishing Corporation

http://www.hindawi.com Journal of

Engineering

Volume 2014

Submit your manuscripts at

http://www.hindawi.com

VLSI Design

Hindawi Publishing Corporation

http://www.hindawi.com Volume 2014

Shock and Vibration

Civil Engineering

Advances in

Acoustics and VibrationAdvances in

http://www.hindawi.com Volume 2014 Hindawi Publishing Corporation

http://www.hindawi.com Volume 2014 Electrical and Computer Engineering

Journal of

Advances in OptoElectronics

Hindawi Publishing Corporation

http://www.hindawi.com Volume 2014

The Scientific

World Journal

Sensors

Journal of Hindawi Publishing Corporation

Modelling & Simulation in Engineering Hindawi Publishing Corporation

http://www.hindawi.com Volume 2014 Chemical Engineering

International Journal of Antennas and

Propagation

Navigation and Observation

Research Article Worms Propagation Modeling and Analysis in Big Data Environment