Cyber Network Resilience against Self-Propagating Malware Attacks. (arXiv:2206.13594v1 [cs.CR])

Self-propagating malware (SPM) has led to huge financial losses, major data
breaches, and widespread service disruptions in recent years. In this paper, we
explore the problem of developing cyber resilient systems capable of mitigating
the spread of SPM attacks. We begin with an in-depth study of a well-known
self-propagating malware, WannaCry, and present a compartmental model called
SIIDR that accurately captures the behavior observed in real-world attack
traces. Next, we investigate ten cyber defense techniques, including existing
edge and node hardening strategies, as well as newly developed methods based on
reconfiguring network communication (NodeSplit) and isolating communities. We
evaluate all defense strategies in detail using six real-world communication
graphs collected from a large retail network and compare their performance
across a wide range of attacks and network topologies. We show that several of
these defenses are able to efficiently reduce the spread of SPM attacks modeled
with SIIDR. For instance, given a strong attack that infects 97% of nodes when
no defense is employed, strategically securing a small number of nodes (0.08%)
reduces the infection footprint in one of the networks down to 1%.