Epidemic models like the SIS or SIR model enable us to describe simple spreading processes over networks but are often not sufficient to accurately capture more complex network dynamics as exhibited by sophisticated and malicious computer worms. Many of the common assumptions behind epidemic models do not necessary hold if the process under investigation spans big networks or large scales of time.We extend the standard SIS network model by dropping the assumption of a constant curing rate in favour of a time-dependent curing rate function, which enables us to reflect changes in the effectiveness of the active worm removal process over time. The resulting time-dependent mean-field SIS model allows us to study the evolution of the size of computer worm bot-nets. We exemplify the complete procedure, including data-processing, needed to obtain a reliable model on data from Conficker, an extremely resilient computer worm. Using empirical data obtained from the Conficker sinkhole, we fit long time periods of up to 6 years on multiple scales and different levels of noise. We end by reflecting on the limits of epidemic models in empirical analysis of malware threats.
Original languageEnglish
Title of host publicationIEEE Conference on Communications and Network Security 2016
Place of PublicationPiscataway, NJ
Number of pages9
ISBN (Electronic)978-1-5090-3065-1
Publication statusPublished - 2016
Event IEEE Conference on Communications and Network Security, ICNS 2016 - Philadelpia, United States
Duration: 17 Oct 201619 Oct 2016


Conference IEEE Conference on Communications and Network Security, ICNS 2016
Abbreviated titleIEEE CNS 2016
CountryUnited States
Internet address

    Research areas

  • Computational modeling, DVD, Mathematical model, Grippers

ID: 10445550