# Modeling the Dynamics of Compromised Networks

## Abstract

Accurate predictive models of compromised networks would contribute greatly to improving the effectiveness and efficiency of the detection and control of network attacks. Compartmental epidemiological models have been applied to modeling attack vectors such as viruses and worms. We extend the application of these models to capture a wider class of dynamics applicable to cyber security. By making basic assumptions regarding network topology we use multi-group epidemiological models and reaction rate kinetics to model the stochastic evolution of a compromised network. The Gillespie Algorithm is used to run simulations under a worst case scenario in which the intruder follows the basic connection rates of network traffic as a method of obfuscation.

- Authors:

- Publication Date:

- Research Org.:
- Lawrence Livermore National Lab. (LLNL), Livermore, CA (United States)

- Sponsoring Org.:
- USDOE

- OSTI Identifier:
- 1026467

- Report Number(s):
- LLNL-TR-498747

TRN: US201122%%463

- DOE Contract Number:
- W-7405-ENG-48

- Resource Type:
- Technical Report

- Country of Publication:
- United States

- Language:
- English

- Subject:
- 97 MATHEMATICAL METHODS AND COMPUTING; ALGORITHMS; DETECTION; EFFICIENCY; KINETICS; REACTION KINETICS; SECURITY; SIMULATION; TOPOLOGY; VECTORS; COMPUTERS; PROGRAMMING

### Citation Formats

```
Soper, B, and Merl, D M.
```*Modeling the Dynamics of Compromised Networks*. United States: N. p., 2011.
Web. doi:10.2172/1026467.

```
Soper, B, & Merl, D M.
```*Modeling the Dynamics of Compromised Networks*. United States. doi:10.2172/1026467.

```
Soper, B, and Merl, D M. Mon .
"Modeling the Dynamics of Compromised Networks". United States. doi:10.2172/1026467. https://www.osti.gov/servlets/purl/1026467.
```

```
@article{osti_1026467,
```

title = {Modeling the Dynamics of Compromised Networks},

author = {Soper, B and Merl, D M},

abstractNote = {Accurate predictive models of compromised networks would contribute greatly to improving the effectiveness and efficiency of the detection and control of network attacks. Compartmental epidemiological models have been applied to modeling attack vectors such as viruses and worms. We extend the application of these models to capture a wider class of dynamics applicable to cyber security. By making basic assumptions regarding network topology we use multi-group epidemiological models and reaction rate kinetics to model the stochastic evolution of a compromised network. The Gillespie Algorithm is used to run simulations under a worst case scenario in which the intruder follows the basic connection rates of network traffic as a method of obfuscation.},

doi = {10.2172/1026467},

journal = {},

number = ,

volume = ,

place = {United States},

year = {2011},

month = {9}

}