An Information-Theoretic View of Network-Aware Malware Attacks

This work provides an information-theoretic view to better understand the relationships between aggregated vulnerability information viewed by attackers and a class of randomized epidemic scanning algorithms. In particular, this work investigates three aspects: a network vulnerability as the non-uniform vulnerable-host distribution, threats, i.e., intelligent malwares that exploit such a vulnerability, and defense, i.e., challenges for fighting the threats. The paper first studies five large data sets and observes consistent clustered vulnerable-host distributions. The paper then presents a new metric, referred to as the non-uniformity factor, that quantifies the unevenness of a vulnerable-host distribution. This metric is essentially the Renyi information entropy that unifies the non-uniformity of a vulnerable-host distribution with different malware-scanning methods.