Impact of Network Structure on Malware Propagation: A Growth Curve Perspective

Article

Guo, Hong; Cheng, Hsing Kenneth; Kelley, Ken

University of Notre Dame; State University System of Florida; University of Florida; University of Notre Dame

JOURNAL OF MANAGEMENT INFORMATION SYSTEMS

0742-1222

10.1080/07421222.2016.1172440

2016

296-325

Malicious software, commonly termed malware, continuously presents one of the top security concerns, and causes tremendous worldwide financial losses for organizations. In this paper, we propose a structural risk model to analyze malware propagation dynamics measured by a four-parameter (asymptote, point of inflection, rate, and infection proportion at inflection) growth curve. Using both social network data and technological network infrastructure from a large organization, we estimate the proposed structural risk model based on incident-specific nonlinear growth curves. This paper provides empirical evidence for the explanatory power of the structural characteristics of the underlying networks on malware propagation dynamics. This research provides useful findings for security managers in designing their malware defense strategies. We also simulate three common malware defense strategies (preselected immunization strategies, countermeasure dissemination strategies, and security awareness programs) based on the proposed structural risk model and show that they outperform existing strategies in terms of reducing the size of malware infection.