#### Date of Award

Fall 2011

#### Degree Type

Dissertation

#### Degree Name

Doctor of Philosophy (PhD)

#### Graduate Group

Electrical & Systems Engineering

#### First Advisor

Saswati Sarkar

#### Abstract

Malware attacks constitute a serious security risk that threatens our ever-expanding wireless networks. Developing reliable security measures against outbreaks of malware facilitate the proliferation of wireless technologies.

The first step towardthis goal is to investigate potential attack strategies and the extent of damage they can incur. Given the flexibility that software-based operation provides, it is reasonable to expect that new malware will not demonstrate a fixed behavior over time. Instead, malware can dynamically change the parameters of their infective hosts in response to the dynamics of the network, in order to maximize their overall damage.

We first considerpropagation of malware in a battery-constrained mobile wirelessnetwork by an epidemic model in which the worm can dynamicallycontrol the transmission ranges and/or the media scanning rates of the infective nodes. The malware at each infective node may seek to contact more susceptible nodes by amplifying the transmission range andthe media scanning rate and thereby accelerate its spread. Thismay however lead to (a)~easier detection of the malware and thus moreeffective counter-measure by the network, and (b)~faster depletion of the battery which may in turn thwart further spread of the infection and/or exploitation of that node. We prove, using Pontryagin Maximum Principle from optimal control theory, that the maximum damage in this case can be attained using simple three-phase strategies: in the first phase, infective nodesuse maximum transmission ranges and media access rates to amass infective nodes.In the next phase, infective nodes reduce their access attempts and enter a stealth-mode to preserve their battery and hide from detection. In the last phase, they once again use maximum transmission attempts with largest rates but this time the primary effect is killing the infective nodes by draining their batteries.

In an alternative attack scenario, we consider the case in which the malware can control the rate of killing the infective nodes as an independent parameter of control. At each moment of time the worm at each node faces the following decisions: (i)~choosing the transmission ranges and media scanning rates so as to maximize the spread of infection subject to not exhausting its batteries by the end of the operation interval; and (ii)~whether to kill the node to inflict a large cost on the network, however at the expense of losing the chance of infecting more susceptible nodes at later times. We establish structural properties of the optimal strategy of theattacker over time.Specifically, we prove that it is optimal forthe attacker to defer killing of the infective nodes in the propagation phase until reaching a certain time and then start theslaughter with maximum effort. We also show that in the optimalattack policy, the battery resources are used according to a decreasing function of time, i.e., most aggressively during the initial phaseof the outbreak.

Upon detection of a malware outbreak, the network manager can counter the propagation of the malware by reducing the communication rates of the nodes and patching. We in turn investigate the optimal defense policies of rate reduction and patching.

We introduce quarantining the malware by reducing the reception gain of nodes as a defense mechanism. In applying this counter-measure we confront a trade-off: reducing the communication range suppresses the spread of the malware, however,it also deteriorates the network performance by introducing delay. Using Pontryagin's Maximum Principle, we derive structural characteristics of the optimal communication range as a function of timefor a wide class of cost functions. In both of the defense controls, our numerical computations reveal that the dynamic optimal controls significantly outperforms static choices and is also robust to errors in estimation of the network and attack parameters.

The distribution of patches consumes bandwidth which is specially scarce in wireless networks, and must therefore be judiciously controlled in order to attain desired trade-offs between security risks and bandwidth consumption. We consider both *non-replicative* and *replicative* dissemination of patches:a pre-determined set of dispatcher nodes distribute the patches in the former, whereas the dispatcher set continually grows in the latter as the nodes that receive the patch become dispatchers themselves. In each case, the desired trade-offs can be attained by activating at any given time only fractions of dispatchers and selecting their packet transmission rates. We formulate the above trade-offs as optimal control problems that seek to minimize the aggregate network costs that depend on security risks and the overall extra energy and bandwidth used in the network for dissemination of the security patches. We prove that the dynamic control strategies have simple structures: when the cost function associated with the energy/bandwidth consumed in patching is concave, the control strategies are bang-bang with at most one jump from the maximum to the minimum value, i.e., maximum patching rates until a certain threshold and then stop. When the cost function is strictly convex, the above transition is strict but continuous. We compare the efficacy of different dispatch models and also those of the optimum dynamic and static controls using numerical computations.

Next, we consider the case in which both malware and network can dynamically vary their parameters over time in response to the changes of the state of the system and also to each other's controls.The infinite dimension of freedom introduced by variation over time and antagonistic and strategic optimization of malware and network against each other demand new attempts for modeling and analysis. We develop a zero-sum dynamic game model and investigate the structural properties of the saddle-point strategies. We specifically show that saddle-point strategies are still simple threshold-based policies and hence, a robust dynamic defense is practicable. Finally, we develop a unified mathematical framework for calculating optimal controls of systems governed by epidemic evolution using Pontryaginâ€™s Maximum Principle, and we demonstrate how it can be applied to contexts beyond network security. Specifically, we show how our framework can be specialized for marketing, dissemination of messages in DTN or p2p networks, health-care, etc. This dissertation in part demonstrates how using simple real analysis arguments, one can extract substantial information about the structure of optimal policies for nonlinear systems in the absence a closed-form solution.

#### Recommended Citation

Khouzani, MHR., "Optimal Control of Mobile Malware Epidemics" (2011). *Publicly Accessible Penn Dissertations*. 444.

http://repository.upenn.edu/edissertations/444