Using Approximate Bayesian Computation to Empirically Test Email Malware Propagation Models Relevant to Common Intervention Actions

• Published in: 2016 IEEE 27th International Symposium on Software Reliability Engineering (ISSRE) pp. 287 - 297
• Main Authors: Condon, Edward, Cukier, Michel
• Format: Conference Proceeding
• Language: English
• Published: IEEE 01.10.2016
• Subjects: approximate Bayesian computation; Computational modeling; connection topologies; Data models; Electronic mail; empirical testing; human factors; Malware; malware propagation; Sociology; Statistics; Topology
• ISSN: 2332-6549
• DOI: 10.1109/ISSRE.2016.24

There are different ways for malware to spread from device to device. Some methods depend on the presence of a vulnerability that can be exploited along with some action taken by a user of the device. Malware propagating through email are one such example. While existing research has explored potential factors and models for simulating this form of propagation, it remains for these potential factors and models to be empirically tested and supported using field collected incident data. We review a common model for simulating the spread of email malware and use simulations to illustrate the potential impacts of connection topologies and different distributions of associated user actions. We use simulations to examine the potential impact of two types of commonly available interventions-patching vulnerable devices and blocking the transmission of infected messages in combination with different connection topologies and different distributions of user actions. Finally, we explore the use of Approximate Bayesian Computation (ABC) as a method to compare simulation results to empirical data to assess different model features, and to infer corresponding model parameter values from field collected email malware incident data.