Simulating threats propagation within the NSP infrastructure

Rami Puzis, Meytal Tubi, Gil Tahan, Yuval Elovici

2007 IEEE Intelligence and Security Informatics, 380-380, 2007

Threats such as computer worms, Spyware and Trojans account for more than 10% of the total traffic of a network service providers (NSP). The NSP traffic can be monitored and cleaned by distributed network intrusion detection system (DNIDS) that may be deployed on the NSP routers/links. In this study we choose which routers/links to protect based on group betweenness centrality index that is used as a measure of their collaborative influence on the communication in the NSP infrastructure. During the current study we developed a framework aimed at slowing down or even preventing the propagation of known threats. In the first part of the framework the influential group of routers/links has to be located. In the second part we analyze parallel propagation of multiple types of threats in the NSP infrastructure using the susceptible infective removed model of epidemic propagation.