Abstract
During COVID-19 the new normal became an increased reliance on remote connectivity, and that fact is far away to change any time soon. The increasing number of networked devices connected to the Internet is causing an exponential growth of botnets. Subsequently, the number of DDoS (Distributed Denial of Service) attacks registered around the world also increased, especially during the pandemic lockdown. Therefore, it is crucial to understand how botnets are formed and how bots propagate within networks. In particular, analytic modelling of the botnets epidemic process is an essential component for understanding DDoS attacks, and thus mitigate their impact. In this paper, we propose two analytic epidemic models; (i) the first one for enterprise Software Define Networks (SDN) based on the SEIRS (Susceptible - Exposed - Infected - Recovered) approach, while (ii) the second model is designed for service providers’ SDN, and it is based on a novel extension of a SEIRS-SEIRS vector-borne approach. Both models illustrate how bots spread in different types of SDN networks. We found that bot infection behaves in a similar way to human epidemics, such as the novel COVID-19 outbreak. We present the calculation of the basic reproduction number $R_{\mathrm {o}}$ for both models and we test the system stability using the next generation matrix approach. We have validated the models using the final value theorem (FVT), with which we can determine the steady-state values that provide a better understanding of the propagation process.
Highlights
The COVID-19 pandemic triggered a significant change to virtualised environment for everyone, providing attackers a much larger field of opportunities
We present two models regarding the botnet infection dynamics in Software Define Networks (SDN) following the same fashion as in human diseases
The proposed models consider more comprehensive factors when compared to existing models, like the possibility of having an infection vector between the control and data plane as we propose in the service provider (SP) scenario
Summary
The COVID-19 pandemic triggered a significant change to virtualised environment for everyone, providing attackers a much larger field of opportunities. The proposed models allow to understand how maintaining and ensuring a low infection rate and a high recovery rate would stop the spread of botnet malware within SDN networks Such achievement could be obtained by following well defined security methodologies and processes. Chen et al [32] defined a SIR model to characterise the dynamics of information dissemination within networks in order to identify an optimal control policy In their model they proposed intermediate states between the susceptible and infected nodes and between recovered and susceptible devices. Lui et al [40] presented a SIS dynamic model with a time-varying community network to analyse the spreading processes of malware in SDN These models did not consider the fact that the controllers can infect the forwarding devices as we do in our models. We can say that Ro is the dominant eigenvalue of the F V −1 resultant matrix
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
