Table of Contents Author Guidelines Submit a Manuscript
Discrete Dynamics in Nature and Society
Volume 2019, Article ID 2051489, 12 pages
https://doi.org/10.1155/2019/2051489
Research Article

An Advanced Persistent Distributed Denial-of-Service Attacked Dynamical Model on Networks

School of Information Engineering, Guangdong Medical University, Dongguan 523808, China

Correspondence should be addressed to Chunming Zhang; moc.361@2002iefnuhc

Received 18 October 2018; Revised 7 December 2018; Accepted 8 January 2019; Published 3 February 2019

Academic Editor: Chuanxi Qian

Copyright © 2019 Chunming Zhang et al. This is an open access article distributed under the Creative Commons Attribution License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.

Abstract

The advanced persistent distributed denial-of-service (APDDoS) attack does a serious harm to cyber security. Establishing a mathematical model to accurately predict APDDoS attack on networks is still an important problem that needs to be solved. Therefore, to help us understand the attack mechanisms of APDDoS on networks, this paper first puts forward a novel dynamical model of APDDoS attack on networks. A systematic analysis of this new model shows that the maximum eigenvalue of the networks is a vital factor that determines the success or failure of the attack. What is more, a new sufficient condition for the global stability of attack-free equilibrium is obtained. The global attractivity of attacked equilibrium has also been proved. Eventually, this paper gives some numerical simulations to show the main results.

1. Introduction

Cyber-attack overwhelmingly invades every aspect of our life, which causes huge threats and enormous damage to thousands of industries. According to the report [1], the percentage of cyber-attack motivated by Cyber Crime has risen to 72.1% in 2017. And nowadays, there are a lot of attack ways, such as DDoS attack, DoS attack, and so on. Here, let us discuss some attacked means to achieve a better understanding of the cyber-attack. DoS attack, which is known as the denial-of-service attack, is an important means of attack. It always launches attacks of blocking the buffer of the host of service providers so as to make legal guests can not access the server. And among the cyber-attacks in 2016, about 11.3% attacks were DoS attacks. Different from the DoS attack, in a distributed denial-of-service attack (DDoS attack), the incoming traffic flooding the victim originates from many different sources [2]. In addition, APT (Advanced Persistent Threat), which is a stealthy and continuous computer hacking process, usually has the characteristics of strong concealment, sophisticated techniques, and continuous monitoring [3]. Most importantly, this paper mainly talks about APDDoS (advanced persistent distributed denial-of-service) attack which is DDoS attack equipped with the advance of APT. With the characters of advanced reconnaissance, clear motive, tactical execution, outstanding computing power, and long-term durability [4], it has caused great losses to the world. During the opening ceremonies of the PyeongChang Winter Olympics in February 2018, TV and web services were affected by an APDDoS attack for about 12 hours [5]. In February 2018, GitHub (the world's largest code hosting website) suffered a serious APDDoS attack; the peak flow rate reached 1.35Tbps [6]. It is easy to know that the APDDoS attack is being more and more harmful and it has a profound impact on the world.

To fully understand the APDDoS attack, its steps must be introduced. First, attacker will invade as many infected computers as possible by inserting or injecting computer malware into phishing websites or phishing texts. So, if the visitor opens it, his/her computer would be infected. And then, the infected computers will be composed into a botnet that is controlled by the attacker. When there are enough infected computers, the attacker can launch flood attack to targeted IPs (services of host) which will be blocked or broken down soon after the attack.

The cyber-attack process on the network can be accurately expressed as a continuous-time Markov chain which is proposed by Van Mieghem [7, 8]. However, this method is difficult in mathematical analysis. In order to overcome these difficulties, some approximation methods are proposed, such as individual-based mean-field theory (IBMF) and degree-based mean-field theory (DBMF) [9, 10]. For IBMF, any node can be regarded as a computer or local network in the network is statistically independent from its neighboring nodes [1114]. For DBMF, any vertex classified by degree is connected to the set of nodes with different degree with the special probability [1517].

To better understand the impact of network topology on APDDoS attack, in this paper we propose a novel APDDoS attack model on networks with IBMF. Then we found that the global stability of attack-free equilibrium and the global attractivity of attacked equilibrium depend on the value of the maximum eigenvalue of the attack network.

In Section 2, the paper proposes the APDDoS attack model. Its threshold and the equilibriums are calculated in Section 3. Further Discussions are given in Section 4. Next, the paper shows some numerical simulations in Section 5. Finally, a brief summary of the full paper is given.

2. Model Descriptions

According to the ability of computers to defend against malicious software on the network, the paper divides the computers into two groups: Weak-Protected group and Strong-Protected group. Here, we can divide computers into two groups by checking whether the computer has firewall.

The Weak-Protected group (WP), which lacks firewall protection, is vulnerable to malware attacks, such as computer worm, Trojan, and so on. The Weak-Protected group consists of two kinds of computers, which includes susceptible computers (S-node) and infected computers (I-node). The susceptible computers (S-node) are weak in preventing malware attacks but have not been infected yet, while the infected computers (I-node) refers to the computers which has been infected by malwares and controlled by hackers.

However, because the existence of the firewall, the Strong-Protected group (SP) can defend against many kinds of attacks, but it also can be attacked by APDDoS attack. The Strong-Protected group also consists of two kinds of computers, tolerant computers (T-node), and missed computers (M-node). Tolerant computers (T-node) represent computers with a firewall (which usually means servers) and works normally, while missed computers (M-node) denote the computers with a firewall but cannot respond to the request and become missed for the visitors due to the APDDoS attacks (see Figure 1).

Figure 1: Schematic diagram of APDDoS attack.

Based on the above facts, some constants can be defined as follows:(i)G= (V, E): the network structure of the computers on network, and G can be represented as an undirected, connected, and nonlooped graph.(ii)N: the scale of network G, which is also the whole number of the computer in the G.(iii)A: the matrix of the network connection situation. A is a symmetric matrix with zero diagonal. , , .(iv): the spectrum of A, . As A is real and symmetric, we may assume .(v)Si(t): the node, which is susceptible(S-node) at time t.(vi)Ii(t): the node, which is infected(I-node) at time t.(vii)Ti(t): the node, which is tolerant(T-node) at time t.(viii)Li(t): the node, which is missed(M-node) at time t.

Next, some reasonable assumptions are proposed as follows [1821].

(H1) As executing some operations that do harm to the computer security, like browsing the phishing websites or opening the phishing email, etc., any Si infected by the neighboring I-nodes with probability β, the average probability of each Si gets infected per unit time, is .

(H2) By installing some antivirus soft-wares, any Ii(t) recovers to the state of susceptible, which also means becoming Si(t) with the probability γ.

(H3) As occurring APDDoS attacks, any Ti(t) can be attacked by neighboring I-nodes with the probability α. By calculating, the average probability of each Ti(t) turns into the Mi(t) per unit time is .

(H4) As changing the hardware of computers and strengthen the firewall, any Mi(t) restarts or recovers with the probability η.

(H5) As the two groups of the computer are separated, the paper uses ϕ to denote the proportion of the Weak-Protected group and then is the proportion of the Strong-Protected group; also there are Si (t)+Ii (t)= ϕ and Ti (t)+Mi(t)=1-ϕ.

Let Also, the following equations can be obtained:

In order to satisfy these above equations, β and α should be far less than 1. Let ∆t be a very small interval. According to the assumptions given above, the following equations can be got:

Substituting these equations into the above relations and letting >0, the following 4N-dimensional dynamic system has been proposed:with the initial conditions that , , , .

According to Assumption (H5) that , , system (4) can be rewritten into the following 2N-dimensional dynamic system:with the initial conditions , .

Since the first N equations of system (5) are independent of M, so system (5) can be simplified into the following form:with the initial conditions .

3. Model Analysis

This section aims to understand the dynamical behavior of system (5) and system (6) which was proposed in the previous section.

Clearly, there is a unique attack-free equilibrium in system (5). First, consider properties of the attack -free equilibrium of system (5).

To achieve that, let

Let x(t)=(I1(t), …, IN(t),M1(t), …, MN(t), and rewrite system (5) as the following notation: with the initial condition , where

Let

Theorem 1. Consider system (5) that (a)the attack-free equilibrium P0 is locally asymptotically stable if ;(b)the attack-free equilibrium P0 is a saddle point.

Proof. The characteristic equation with respect to P0 isEquation (11) has negative roots with multiplicity N and has ,1≤ k N as the remaining N roots. When , then for all k. So, all the roots of (11) are negative, implying that the attacked-free equilibrium of system (5) is locally asymptotically stable. Otherwise, if , then the attack-free equilibrium is a saddle point.
Remark 2. This theorem can also be formulated as (a) , and (b) .
Next, study the global stability of the attack-free equilibrium of system (6).
LetLet y(t)=(I1(t), …, IN(t), and rewrite system (6) as the following notation: with the initial condition , where Lemma 3 (see [22]). Consider a smooth dynamical system that is defined at least in a compact set U. Then, U is positively invariant if for any smooth point  w on , the vector g(w) is tangent to or pointing into U.
Lemma 4 (see [23, 24]). Consider an n-dimensional autonomous systemwhere Γ is a region that contains the origin, , . Suppose there is a positively invariant compact convex set that contains the origin, and a real eigenvector of , a positive number r such that
(C1) for all ,
(C2) for all ,
(C3) the origin forms the largest positively invariant set that is included in the set .
Then we have
(1) implies that the origin is globally asymptotically stable in C,
(2) implies there exists such that implies .
Lemma 5. The set of Ψ is positively invariant for system (6). That is, implies for all .and for i=1,…,N, Ti, Wi. We haveas their respective outer normal vectors. Let y be a smooth point of∂Ψ. The paper distinguishes among two possibilities.Combining the above discussions, we get that g(w) is pointing into Ψ. The claimed result then follows from Lemma 3. The proof is completed.

Theorem 6. The attacked-free equilibrium of system (6) is globally and asymptotically stable if .

Proof. Look at system (13). As matrix   is irreducible and its off-diagonal entries are all nonnegative, it follows from [23] that   has a positive eigenvector z= (z1, …, zN) belonging to its eigenvalue s(). Let r=mini zi(r>0). Then, for all , we have Moreover, <H(y), z> = 0 implies that y=0. In view of Theorem 1 and Lemma 5, the claimed result follows from Lemma 4. The proof is complete.

Theorem 7. The attacked-free equilibrium of system (5) is globally and asymptotically stable if (see Figures 2, 4, 6, and 8).

Figure 2: Status transition graph of the basic model (the dashed line on the graph means the attack from I-node to T-node).

Proof. It follows from Theorem 6, which implies thatfor any ε> 0 there exists time T1 such that, for all , we haveFrom the last N equations of system (5), we get that for And for ,As the comparison systemhas a globally asymptotically stable equilibrium , we get that, for any ε> 0, there exists T2> 0 such that, for all tT2,This implies thatThe proof is complete.

The following corollary can be obtained easily based on Lemma 4 and Theorem 7.

Corollary 8. System (5) is uniformly persistent if.
Second, consider properties of the attacked equilibrium of system (5).

Theorem 9. System (5) has an attacked equilibrium if .

Proof. Note that any solution of system (5) is bounded. Hence, the claimed result follows easily from Corollary 8 [25].

Theorem 10. The attacked equilibrium is globally attractive if .

Proof. For any solution P(t) to system (5), let Clearly, , are continuous and have right-hand derivatives. For some t0 and ε> 0, we may assume , thenIf , then .
When ,When ,As , , we know that , implying . Likewise, implies ; implies , and implies .
LetObviously, and are continuous and nonnegative.
Besides,LetThenAny solution of system (5) starting in Ω approaches follows from the LaSalle Invariance Principle [26]. Therefore, the claimed follows from is globally attractive.

Conjecture 11. The attacked equilibrium is globally asymptotically stable if .

4. Further Discussions

In order to control APDDoS attack, must be satisfied. To different parameters on . Let us do the following calculations:

From these computational results, the following conclusions can be got:(a)Reducing the infection rate could be help to control APDDoS attack.(b)Raising the cure rate conduces to the suppression of APDDoS attack.(c)Reducing the rate conduces to the suppression of APDDoS attack.(d)Reducing the value of leads to the restraint of APDDoS attack.

Based on the above discussions, the corresponding practical suggestions are as follows:(i)Install antivirus software or firewall and update it regularly.(ii)Improve the defensive level of computer.(iii)Filter IP addresses so as to reduce the number of IP addresses that can access computer on networks.

5. Numerical Simulations

This section gives some examples about equilibriums of system (5) under the distinguish networks and optimal dynamic control strategies for disrupting APDDoS attack.

The paper discusses the equilibrium of system on four different kinds of networks: full-connected network, stochastic network, scale-free network which uses Barabasi-Albert method, and realistic network.

First, consider system (5) under the fully connected network.

Example 1. Consider a network with 200 nodes and every node is connected to other nodes, which is full-connected network. With = 0.004, = 0.01, = 0.4, =0.1, =0.5 where the threshold of the system is =199, the attack-free equilibrium is globally stable (see Figure 3).

Figure 3: Global stability of attack-free solution on full-connected network.
Figure 4: Global attractivity of attacked solution on full-connected network.

Example 2. Consider a network that nodes are fully connected to other with 200 nodes. With = 0.01, = 0.01, = 0.75, =0.1, =0.5 where the threshold of the system is , the attacked equilibrium is attractivity (see Figure 4).

Then consider system (5) under the network of stochastic network.

Example 3. Consider a network that nodes are connected randomly to other with 200 nodes. With = 0.01, = 0.01, = 0.5, =0.1, =0.5 where the threshold of the system is , the attack-free equilibrium is globally stable (see Figure 5).

Figure 5: Global stability of attack-free solution on stochastic network.
Figure 6: Global stability of attack-free solution on stochastic network.

Example 4. Consider a network whose nodes are connected randomly to other with 200 nodes. With = 0.017, = 0.01, = 0.75, =0.1, =0.5 where the threshold of the system is , the attacked equilibrium is attractivity (see Figure 6).

Now, let us consider system (5) under the network of scale-free network.

Example 5. Consider a network whose nodes are connected to other with 200 nodes. With = 0.001, = 0.002, = 0.0035, =0.1, =0.5 where the threshold of the system is , the attack-free equilibrium is globally stable(see Figure 7).

Figure 7: Global stability of attack-free solution on scale-free network.
Figure 8: Global stability of attack-free solution on scale-free network.

Example 6. Consider a network whose nodes are connected to other with 200 nodes. With = 0.001, = 0.002, = 0.0026, =0.1, =0.5 where the threshold of the system is , the attacked equilibrium is attractivity(see Figure 8).

Finally, consider system (5) under realistic network [27].

Example 7. Consider a network whose nodes are connected to other with 300 nodes. With = 0.01, = 0.013, = 0.18, =0.1, =0.5 where the threshold of the system is , the attack-free equilibrium is globally stable(see Figure 9).

Figure 9: Global stability of attack-free solution on realistic network.

Example 8. Consider a network that nodes are connected randomly to other with 300 nodes. With β = 0.01, = 0.013, = 0.05, =0.1, =0.5 where the threshold of the system is , the attacked equilibrium is attractivity(see Figure 10).

Figure 10: Global stability of attack-free solution on realistic network.

6. Conclusion

This paper puts forward a novel dynamical model of APDDoS attack on networks. Then, a systematic analysis of this model is showed. After that, a new sufficient condition for the global stability of attack-free equilibrium is obtained. Next, the sufficient condition for the global attractivity of attacked equilibrium also is studied. Eventually, some numerical simulations are given to show the main results of this paper.

Data Availability

The data used to support the findings of this study are available from the corresponding author upon request.

Conflicts of Interest

The authors declare that there are no conflicts of interest regarding the publication of this paper.

Acknowledgments

This work is supported by the Natural Science Foundation of Guangdong Province, China (no. 2014A030310239).

References

  1. http://www.hackmageddon.com/2017/01/19/2016-cyber-attacks-statistics.
  2. A. Hussain, J. Heidemann, and C. Papadopoulos, “A framework for classifying denial of service attacks,” in Proceedings of the Conference on Applications, Technologies, Architectures, and Protocols for Computer Communications (SIGCOMM '03), ACM, Karlsruhe, Germany, August 2003. View at Publisher · View at Google Scholar
  3. https://www.cybereason.com/blog/advanced-persistent-threat-apt.
  4. https://en.wikipedia.org/wiki/Denial-of-service_attack#Advanced_persistent_DoS.
  5. https://www.difesaesicurezza.com/en/defence-and-security/new-cyber-attack-hit-2018-winter-olympics-pyeongchang-likely-ddos/.
  6. https://githubengineering.com/ddos-incident-report/.
  7. P. V. Mieghem, J. Omic, and R. Kooij, “Virus spread in networks,” IEEE/ACM Transactions on Networking, vol. 17, no. 1, pp. 1–14, 2009. View at Publisher · View at Google Scholar · View at Scopus
  8. P. V. Mieghem and E. Cator, “Epidemics in networks with nodal self-infection and the epidemic threshold,” Physical Review E: Statistical, Nonlinear, and Soft Matter Physics, vol. 86, no. 1, Article ID 016116, 2012. View at Publisher · View at Google Scholar · View at Scopus
  9. R. Pastor-Satorras, C. Castellano, P. Van Mieghem, and A. Vespignani, “Epidemic processes in complex networks,” Reviews of Modern Physics, vol. 87, no. 3, pp. 120–131, 2015. View at Publisher · View at Google Scholar · View at MathSciNet
  10. Z.-K. Zhang, C. Liu, X.-X. Zhan, X. Lu, C.-X. Zhang, and Y.-C. Zhang, “Dynamics of information diffusion and its applications on complex networks,” Physics Reports, vol. 651, pp. 1–34, 2016. View at Publisher · View at Google Scholar · View at MathSciNet
  11. M. Youssef and C. Scoglio, “An individual-based approach to SIR epidemics in contact networks,” Journal of Theoretical Biology, vol. 283, pp. 136–144, 2011. View at Publisher · View at Google Scholar · View at MathSciNet · View at Scopus
  12. S. Xu, W. Lu, and L. Xu, “Push- and pull-based epidemic spreading in networks: Thresholds and deeper insights,” ACM Transactions on Autonomous and Adaptive Systems (TAAS), vol. 7, no. 3, Article ID 2348835, pp. 1–26, 2012. View at Publisher · View at Google Scholar · View at Scopus
  13. L. X. Yang, M. Draief, and X. Yang, “Heterogeneous virus propagation in networks: a theoretical study,” Mathematical Methods in the Applied Sciences, vol. 40, no. 5, pp. 1396–1413, 2017. View at Publisher · View at Google Scholar
  14. L.-X. Yang, X. Yang, and Y. Yan Tang, “A bi-virus competing spreading model with generic infection rates,” IEEE Transactions on Network Science and Engineering, vol. 5, no. 1, pp. 2–13, 2017. View at Publisher · View at Google Scholar · View at Scopus
  15. C. Zhang, T. Feng, Y. Zhao, and G. Jiang, “A new model for capturing the spread of computer viruses on complex-networks,” Discrete Dynamics in Nature and Society, Article ID 956893, 9 pages, 2013. View at Publisher · View at Google Scholar · View at MathSciNet
  16. L.-X. Yang and X.-F. Yang, “The spread of computer viruses over a reduced scale-free network,” Physica A: Statistical Mechanics and its Applications, vol. 396, pp. 173–184, 2014. View at Publisher · View at Google Scholar · View at MathSciNet · View at Scopus
  17. C. Zhang and H. Huang, “Optimal control strategy for a novel computer virus propagation model on scale-free networks,” Physica A: Statistical Mechanics and its Applications, vol. 451, pp. 251–265, 2016. View at Publisher · View at Google Scholar · View at MathSciNet · View at Scopus
  18. J. O. Kephart and S. R. White, “Directed-graph epidemiological models of computer viruses,” in Proceedings of the IEEE Computer Society Symposium on Research in Security and Privacy, pp. 343–359, Oakland, Calif, USA, May 1991. View at Scopus
  19. B. K. Mishra and S. K. Pandey, “Dynamic model of worm s with vertical transmission in computer network,” Applied Mathematics and Computation, vol. 217, no. 21, pp. 8438–8446, 2011. View at Publisher · View at Google Scholar · View at MathSciNet · View at Scopus
  20. J. Ren, X. Yang, Q. Zhu, L. Yang, and C. Zhang, “A novel computer virus model and its dynamics,” Nonlinear Analysis: Real World Applications, vol. 13, no. 1, pp. 376–384, 2012. View at Publisher · View at Google Scholar · View at MathSciNet · View at Scopus
  21. C. Gan and X. Yang, “Theoretical and experimental analysis of the impacts of removable storage media and antivirus software on viral spread,” Communications in Nonlinear Science and Numerical Simulation, vol. 22, no. 1-3, pp. 167–174, 2015. View at Publisher · View at Google Scholar · View at Scopus
  22. J. A. Yorke, “Invariance for ordinary differential equations,” Mathematical Systems Theory, vol. 1, no. 4, pp. 353–372, 1967. View at Publisher · View at Google Scholar · View at MathSciNet · View at Scopus
  23. A. Lajmanovich and J. A. Yorke, “A deterministic model for gonorrhea in a nonhomogeneous population,” Mathematical Biosciences, vol. 28, no. 3-4, pp. 221–236, 1976. View at Publisher · View at Google Scholar · View at MathSciNet · View at Scopus
  24. C. Gan, “Modeling and analysis of the effect of network eigenvalue on viral spread,” Nonlinear Dynamics, vol. 84, no. 3, pp. 1727–1733, 2016. View at Publisher · View at Google Scholar · View at MathSciNet · View at Scopus
  25. H. L. Smith and P. Waltman, The Theory of the Chemostat, Cambridge University Press, Cambridge, UK, 1995. View at Publisher · View at Google Scholar · View at MathSciNet
  26. R. C. Robinson, An Introduction to Dynamical Systems: Continuous and Discrete, Prentice Hall, Englewood Cliffs, 2004.
  27. L.-X. Yang, X. Yang, and Y. Wu, “The impact of patch forwarding on the prevalence of computer virus: a theoretical assessment approach,” Applied Mathematical Modelling, vol. 43, pp. 110–125, 2017. View at Publisher · View at Google Scholar · View at MathSciNet