Biological Dispersal Strategies of Internet Worms

David Hiebeler (April 16, 2012)

For the past decade, Internet worms (a type of malicious software similar to a virus) spreading through networks have been using biological strategies, such as hierarchical dispersal and adaptive strategies, to spread more efficiently among susceptible computers. There is a direct analogy between susceptible computers on the Internet and susceptible hosts in community-structured populations.

Our measurements show that the Internet is an incredibly clustered heterogeneous environment when measured according to the dispersal strategy used by worms. We have used these measurements to build an epidemiological simulation model of the entire Internet (4.29 billion hosts, with roughly 2 million susceptible) efficient enough to run on an ordinary desktop computer. A worm which would have a basic reproduction ratio far less than one and therefore be quite unsuccessful at spreading using simple random dispersal strategies can be very successful by exploiting the large variance or clustering of vulnerable computers among subnetworks in the Internet. With the new Internet addressing scheme (IPv6) currently being rolled out, these issues will be amplified by many orders of magnitude.