A NEW ANALYSIS OF CRYPTOLOCKER RANSOMWARE AND WELCHIA WORM PROPAGATION BEHAVIOR. SOME APPLICATIONS. III

TitleA NEW ANALYSIS OF CRYPTOLOCKER RANSOMWARE AND WELCHIA WORM PROPAGATION BEHAVIOR. SOME APPLICATIONS. III
Publication TypeJournal Article
Year of Publication2019
AuthorsKYURKCHIEV, NIKOLAY, ILIEV, ANTON, RAHNEV, ASEN, TERZIEVA, TODORKA
Volume23
Issue2
Start Page359
Pagination24
Date Published03/2019
ISSN1083-2564
AMS97N50
Abstract

In this paper we receive new models that in some situations can be applied to model computer viruses propagation. Welchia worm and Cryptolocker ransomware have a long growing phase in contrast to many other threats. In September 2013 the CryptoLocker malware starting its invasion using mainly P2P ZeuS (aka Gameover ZeuS) malware. CryptoLocker’ main aim was to receive money from the unsuspecting victims for decrypting their files. Welchia worm uses a vulnerability in the Microsoft remote procedure
call service. Welchia firstly checks for Blaster worm and if it is exists continues with Blaster deletion as well as takes care for computer to be immunised for Blaster worm. Also we modeled Malicious high–risk Android App volume growth; Malware evolution; Number of users attacked by Trojan-Ransom malware; Number of users attacked by cryptoransomware; Number of unique users attacked by Trojan-Ransom.AndroidOS.Fusob; and ”Seasonal data”. As the authors in [3] mention: “Even traffic traces used in research papers (e.g. Slammer [4] and Code-red [5]) are not public. From the published papers [4], [5] we are not able to find parameters that can be used in our model”. Many researchers make a hard efforts to describe adequately situation connected to worm propagation [15]–[63].

URLhttps://acadsol.eu/en/articles/23/2/7.pdf
DOI10.12732/caa.v23i2.7
Refereed DesignationRefereed
Full Text

[1] F. Palmieri, U. Fiore, Containing large-scale worm spreading in the Internet by cooperative distribution of traffic filtering policies, Computers & Security, 27 (2008), 48-62.
[2] U. Zurutuza, D. Zamboni, A Data Mining Approach for Analysis of Worm Activity Through Automatic Signature Generation, AISec’08 Proceedings of the 1st ACM workshop on Workshop on AISec, (2008), 61-70.
[3] O. A. Toutonji, S.-M. Yoo, M. Park, Stability analysis of VEISV propagation modeling for network worm attack, Applied Mathematical Modelling, 36 (2012), 2751-2761.
[4] D. Moore, V. Paxson, S. Savage, C. Shannon, S. Staniford, N. Weaver, Inside the slammer worm, IEEE Magaz. Secur. Privacy, 1 No. 4 (2003), 33-39.
[5] C. Shannon, D. Moore, The Spread of the Code-Red Worm, http://www.caida.org/analysis/security/code-red/coderedv2 analysis. xml.
[6] R. Banks, Growth and Diffusion Phenomena: Mathematical Frameworks and Applications, Springer Verlag, Berlin (1991).
[7] N. Kyurkchiev, A. Iliev, A note on the power law logistic model, Proc. of the NTADES Series of AIP, (2019). (to appear)
[8] F. Hausdorff, Set theory (2 ed.), Chelsea Publ., New York (1962)
[1957], ISBN 978-0821838358, Republished by AMS-Chelsea (2005).
[9] N. Kyurkchiev, S. Markov, Sigmoid functions: Some Approximation and Modelling Aspects, LAP LAMBERT Academic Publishing, Saarbrucken (2015), ISBN 978-3-659-76045-7.
[10] N. Kyurkchiev, A. Iliev, S. Markov, Some Techniques for Recurrence Generating of Activation Functions: Some Modeling and Approximation Aspects, LAP LAMBERT Academic Publishing (2017), ISBN: 978-3-33033143-3.
[11] N. Kyurkchiev, A. Iliev, Extension of Gompertz-type Equation in Modern Science: 240 Anniversary of the birth of B. Gompertz, LAP LAMBERT Academic Publishing (2018), ISBN: 978-613-9-90569-0.
[12] N. Kyurkchiev, A. Iliev, A. Rahnev, Some Families of Sigmoid Functions: Applications to Growth Theory, LAP LAMBERT Academic Publishing (2019), ISBN: 978-613-9-45608-6. 
[13] N. Pavlov, A. Iliev, A. Rahnev, N. Kyurkchiev, Some software reliability models: Approximation and modeling aspects, LAP LAMBERT Academic Publishing (2018), ISBN: 978-613-9-82805-0.
[14] N. Pavlov, A. Iliev, A. Rahnev, N. Kyurkchiev, Nontrivial Models in Debugging Theory: Part 2, LAP LAMBERT Academic Publishing (2018), ISBN: 978-613-9-87794-2.
[15] D. Moore, C. Shannon, J. Brown, Code-Red: a case study on the spread and victims of an Internet worm, Internet Measurement Workshop (IMW), (2002), 273-284.
[16] C. Zou, W. Gong, D. Towsley, Code red worm propagation modeling and analysis, CCS ’02 Proceedings of the 9th ACM conference on Computer and communications security, (2002), 138-147.
[17] C. Zou, W. Gong, D. Towsley, Worm propagation modeling and analysis under dynamic quarantine defense, Proceedings of the 2003 ACM workshop on Rapid malcode, October 27-27, (2003), Washington, DC, USA.
[18] C. Zou, D. Towsley, W. Gong, On the performance of internet worm scanning strategies, Performance Evaluation, 63, No. 7 (2006), 700-723.
[19] C. Zou,W. Gong, D. Towsley, L. Gao, The monitoring and early detection of internet worms, IEEE/ACM Transactions on Networking (TON), 13, No. 5 (2005), 961-974.
[20] P. Wang, L. Wu, R. Cunningham, C. Zou, Honeypot detection in advanced botnet attacks, International Journal of Information and Computer Security, 4, No. 1 (2010), 30-51.
[21] A. Visheratin, M. Melnik, D. Nasonov, N. Butakov, A. Boukhanovsky, Hybrid scheduling algorithm in early warning systems, Future Generation Computer Systems, 79, No. P2 (2018), 630-642.
[22] J. Jerkins, J. Stupiansky, Mitigating IoT insecurity with inoculation epidemics, Proceedings of the ACMSE 2018 Conference, March 29-31, (2018), 1-6, Richmond, Kentucky. 
[23] Q. Xiao, S. Chen, M. Chen, Y. Ling, Hyper-Compact Virtual Estimators for Big Network Data Based on Register Sharing, ACM SIGMETRICS Performance Evaluation Review, 43, No. 1 (2015), 417-428.
[24] H. Asghari, M. Ciere, M. Van Eeten, Post-mortem of a zombie: conficker cleanup after six years, Proceedings of the 24th USENIX Conference on Security Symposium, August 12-14, (2015), 1-16, Washington, D.C.
[25] A. Dainotti, A. King, K. Claffy, F. Papale, A. Pescape, Analysis of a ”/0” stealth scan from a botnet, IEEE/ACM Transactions on Networking (TON), 23, No. 2 (2015), 341-354.
[26] D. Lee, J. Kim, K. Kim, A study on abnormal event correlation analysis for convergence security monitor, Cluster Computing, 16, No. 2 (2013), 219-227.
[27] E. Magkos, M. Avlonitis, P. Kotzanikolaou, M. Stefanidakis, Toward early warning against Internet worms based on critical-sized networks, Security and Communication Networks, 6, No. 1 (2013), 78-88.
[28] S. Xu, W. Lu, L. Xu, Push- and pull-based epidemic spreading in networks: Thresholds and deeper insights, ACM Transactions on Autonomous and Adaptive Systems (TAAS), 7, No. 3 (2012), 1-26.
[29] C. Shannon, D. Moore, The Spread of the Witty Worm, IEEE Security & Privacy, July/August, (2004), 46-50.
[30] A. Mohammed, S. Nor, M. Marsono, Analysis of Internet Malware Propagation Models and Mitigation Strategies, IRACST International Journal of Computer Networks and Wireless Communications (IJCNWC), 2, No. 1 (2012), 16-20.
[31] S. Staniford, V. Paxsony, N. Weaver, How to own the Internet in Your Spare Time, Proceedings of the 11th USENIX Security Symposium, San Francisco, California, USA, August 5-9, (2002).
[32] S. Fei, L. Zhaowen, M. Yan, A survey of Internet Worm Propagation Models, Proceedings of IC-BNMT2009, (2009), 453-457.
[33] S. Fei, L. Zhaowen, M. Yan, Worm Propagation based on Two-Factor Model, Proceedings of 2009 5th International Conference on Wireless Communications, Networking and Mobile Computing, (2009), 4 pp.
[34] D. Smith, L. Moore, The SIR model for the Spread of Diseases, JOMA, (2004).
[35] J. Kim, S. Radhakrishnan, S. Dhall, Measurement and Analysis of worm propagation on Internet network topology, Proceedings of 13th International Conference on Computer Communications and Networks (IEEE Cat. No.04EX969), 495-500.
[36] T. Li, Z. Guan, Y. Wang, The Stability of a Worm Propagation Model with Time Delay on Homogeneous Networks, Proceedings of International Conference on Intelligent Control and Information Processing, August 13-15, (2010) - Dalian, China, 753-755.
[37] T. Li, Z.-H. Guan, Y. Wang, Y. Li, Impulsive Control of the Spread of worm with Nonlinear Incidence Rates, Proceedings of 2010 Chinese Control and Decision Conference, (2010), 966-969.
[38] Y. Wang, Z.-H. Guan, T. Li, S. Zhang, Modeling and Analyzing the Spread of Worm with Impulsive Effect on Homogeneous Network, Proceedings of 2010 International Conference on Computer Application and System Modeling (ICCASM 2010), (2010), V7-501-V7-504.
[39] C. Junhua,W. Shengjun, Modeling and Analyzing the Spread of worms with Bilinear Incidence Rate, Proceedings of 2009 Fifth International Conference on Information Assurance and Security, (2009), 167-170.
[40] W. Shaojie, L. Qiming, D. Bo, M. Weining, Analysis of a Mathematical Model for Worm Virus Propagation with time delay, Proceedings of 2009 Second International Conference on Environmental and Computer Science, (2009), 375-379.
[41] D. Zhang, Y. Wang, SIRS: Internet Worm Propagation and Application, Proceedings of 2010 International Conference on Electrical and Control Engineering, (2010), 3029-3032. 
[42] Q. Liu, R. Xu, S. Wang, Modeling and Analysis of an SIRS Model for worm Propagation, Proceedings of 2009 International Conference on Computational Intelligence and Security, (2009), 361-365.
[43] S. Fei, L. Zhao-wen, M. Yan, Modeling and Analysis of Internet worm propagation, The Journal of China Universities of Posts and Telecommunications, 17, No. 4 (2010), 63-68.
[44] J. Wang, C. Xia, Q. Liu, A novel Model for the Internet Worm Propagation, Proceedings of 2010 Sixth International Conference on Natural Computation (ICNC 2010), (2010), 2885-2888.
[45] F. Wang, J. Song, Y. Dong, J. Gu, Epidemic models applied to worms on internet, Proceedings of 2009 Second International Conference on Intelligent Networks and Intelligent Systems, (2009), 160-163.
[46] Z. Wei, Q. Facheng, C. Shiqi, W. Ruchuan, The Study of Network Worm Propagation Simulation, Proceedings of 2010 International Conference on Computer Application and System Modeling (ICCASM 2010), (2010), V9-295-V9-299.
[47] M. Liuqi, The research and development of worm defense strategies, Proceedings of 2010 3rd International Conference on Computer Science and Information Technology, (2010), 168-171.
[48] F.Wang, Y. Zhang, C. Wang, J. Ma, S. Moon, Stability analysis of a SEIQV epidemic for rapid spreading worms, Computer & Security, 29 (2010), 410-418.
[49] Y. Yao, H. Guo, F. Gao, G. Yu, The Worm Propagation Model with pulse Quarantine Strategy, Proceedings of 2010 International Conference on Multimedia Information Networking and Security, (2010), 269-273.
[50] H. Zhang, W. Su, W. Quan, Smart Collaborative Identifier Network: A Promising Design for Future Internet, Springer-Verlag, Berlin (2016).
[51] X. Wang, J. Zhu, H. Lin, X. Su, Y. Jiang, Modeling Propagation of Active P2P Worm in Chord Network, In: Advances in Intelligent and Soft Computing, J. Kacprzyk eds., 133 (2012), S. Sambath & E. Zhu (Eds.), Frontiers in Computer Education, 383-390. 
[52] Y. Xiao, F. Li, H. Chen, eds., Handbook of Security and Networks, World Scientific, Singapore (2011).
[53] S. Sellke, N. Shroff, S. Bagchi, Modeling and Automated Containment of Worms, Proceedings of the 2005 International Conference on Dependable Systems and Networks (DSN05), (2005), 10 pp.
[54] W. Yu, C. Boyer, S. Chellappan, D. Xuan, Peer-to-peer system-based active worm attacks: modeling and analysis, IEEE International Conference on Communications, 2005, (2005), 295-300.
[55] S. Zhang,Z. Jin, J. Zhang, The Dynamical Modeling Analysis of the Spreading of Passive Worms in P2P Networks, Discrete Dynamics in Nature and Society, 2018, Article ID 1656907, (2018), 13 pp.
[56] G. Yan, S. Eidenbenz, Modeling Propagation Dynamics of Bluetooth Worms (Extended Version), IEEE Transactions on Mobile Computing, 8, No. 3 (2009), 353-367.
[57] S. Sellke, N. Shroff, S. Bagchi, Modeling and Automated Containment of Worms, IEEE Transactions on Dependable and Secure Computing, 5, No. 2 (2008), 71-86.
[58] S. Peng, M. Wua, G. Wang, S. Yu, Propagation Model of Smartphone Worms Based on Semi-Markov Process and Social Relationship Graph, Computers & Security, 44 (2014), 92-103.
[59] N. Kyurkchiev, A. Iliev, A. Rahnev, T. Terzieva, A new analysis of Code Red and Witty worms behavior, Communications in Applied Analysis, 23, No. 2 (2019), 267-285.
[60] A. Iliev, N. Kyurkchiev, A. Rahnev, T. Terzieva, Some New Approaches for Modelling Large-Scale Worm Spreading on the Internet. II, Neural, Parallel, and Scientific Computations, 27 (2019), 23-32.
[61] M. Sandee, CryptoLocker ransomware intelligence report, Fox-IT, (2014).
[62] P. Szor, The Art of Computer Virus Research and Defense, Addison Wesley Professional, (2005), ISBN: 0-321-30454-3. 
[63] < http : //www.pisces − conservation.com/growthhelp/ index.html?von bertalanffy.htm >.
[64] Kyurkchiev N., S. Markov, On the Hausdorff distance between the Heaviside step function and Verhulst logistic function, J. Math. Chem., 54, No. 1 (2016), 109-119.
[65] R. Anguelov, S. Markov, Hausdorff Continuous Interval Functions and Approximations, In: SCAN 2014 Proceedings, LNCS, ed. by J.W.von Gudenberg, Springer, Berlin, (2015).
[66] L. Coroianu, D. Costarelli, S. Gal, G. Vinti, The max-product generalized sampling operators: convergence and quantitative estimates, Applied Mathematics and Computation, (2019), doi: 10.1016/j.amc.2019.02.076.
[67] Costarelli, D., R. Spigler, Constructive Approximation by Superposition of Sigmoidal Functions, Anal. Theory Appl., 29, No. 2 (2013), 169-196.
[68] C. A. Visaggio, Android Security, Universita degli Studi del Sannio, (2014).
[69] Kaspersky Security Bulletin 2015, Kaspersky Lab (2016).
[70] Kaspersky Security Bulletin: Overall Statistics for 2017, Kaspersky Lab (2018).
[71] B. Al-rimy, M. Maarof, S. Shaid, Ransomware threat success factors, taxonomy, and countermeasures: A survey and research directions, Computers & Security, 74 (2018), 144-166.
[72] L. I. McAfee, Security, editor, Understanding Ransomware and strategies to defeat it, (2016).
[73] Kaspersky Security Bulletin 2016, Kaspersky Lab (2017).