^{1}

^{1}

^{2}

^{1}

^{3}

^{1}

^{2}

^{3}

Peer-to-peer (P2P) botnets have emerged as one of the serious threats to Internet security. To prevent effectively P2P botnet, in this paper, a mathematical model which combines the scale-free trait of Internet with the formation of P2P botnet is presented. Explicit mathematical analysis demonstrates that the model has a globally stable endemic equilibrium when infection rate is greater than a critical value. Meanwhile, we find that, in scale-free network, the critical value is very little. Hence, it is unrealistic to completely dispel the P2P botnet. Numerical simulations show that one can take effective countermeasures to reduce the scale of P2P botnet or delay its outbreak. Our findings can provide meaningful instruction to network security management.

A botnet is a network of thousands of compromised computers (bots) under the control of botmaster, which usually recruits new vulnerable computers by running all kinds of malicious software, such as Trojan horses, worms, and computer viruses [

According to operating mechanism of botnets, there are two kinds of botnets. One is the traditional botnet using Internet relay chat (IRC) as a form of communication for centralized command and control (C&C) structure (see Figure

Centralized botnet.

P2P botnet.

Therefore, threats of P2P botnets to Internet security have drawn widespread attention [

Nevertheless, few people studied the dynamical behaviors of P2P botnets. In [

In this paper, the dynamics of

To model the propagation of the P2P botnet on the Internet, we assume that the total number of nodes on Internet is a constant

Susceptible

Exposed

Infected

Removed

There are five state transitions among these four states.

Propagating the bot program: nodes in the “susceptible” state will change to the “exposed” state with the infection rate

Joining the P2P botnet from exposed state: nodes in the “exposed” state will join the P2P botnet under the control of the botmaster and change to “infected” state at the proportion

Immunizing nodes from susceptible state: nodes in the “susceptible” state will change to the “recovered” state at the proportion

Immunizing nodes from exposed state: nodes in the “exposed” state will change to the “recovered” state at the proportion

Immunizing nodes from infected state: nodes in the “infected” state will change to the “recovered” state at the proportion

Let

In this subsection, we solve the equilibria of system (

The first three equations in system (

There is always a disease-free equilibrium (DFE)

Hence,

If

In what follows, the endemic-equilibrium point

The Jacobian matrix of system (

For system (

For depicting the globally asymptotical stability of

Suppose that the initial relative infected density

Suppose that the solution

Suppose that the initial relative infected densities

The proofs of the above conclusions are similar to those presented in [

Next, main results will be presented.

Suppose that the initial relative infected densities

The proof is completed in the appendix

Combining Lemma

If the endemic-equilibrium

In this subsection we present the results of numerical experiments investigating the effectiveness of theoretic analysis. In order to observe the effects of parameters on transmission process, we use system (

The density of infected nodes with parameters

The density of infected nodes with parameters

From the conclusion of Theorem

In what follows, we consider mainly the effect of the real-time immune measurement and antivirus software on the scale of the P2P botnet.

For fixed model parameters,

For fixed model parameters,

An illustration of the impact of real-time immune measure (

An illustration of the impact of antivirus software (

Additionally, the effect of average degree

An illustration of the impact of average degree

As a new kind of attack platform to network security, P2P botnets have attracted considerable attention. Research is necessary to fully understand the threat and prepare to defend against it. To better exploit the spreading behavior of P2P botnet, in this paper, we present a mathematical model of creation of P2P botnet, which combines the scale-free character of Internet with the formation trait of P2P botnet. Hence, the model can portrait more accurately the dynamical features of P2P botnet propagation. Theoretical analysis shows that the model has a globally stable endemic equilibrium. The influence of some parameters to the scale of P2P botnet has been investigated. Simulation results demonstrate that it is difficult to destroy completely the P2P botnet in reality. This is the reason that many malwares saturate to a very low level of persistence [

The dynamical model we present could be extended to study the growth possibilities of P2P botnets in future work. The model is also possible to predict how botnetmasters could create more potent and aggressive botnets. Such predictions could ultimately be useful to antimalware developers as well.

Substituting (

In what follows, consider the convergence of the sequence defined in (

By induction, for all

On the other hand, substituting (

According to Proposition

Let

If for all

Thus, by induction, for each

Both

Substituting

Lemma

The authors declare that there is no conflict of interests regarding the publication of this paper.

This work is supported by the National Natural Science Foundation of China (61379125), Program for Basic Research of Shan’xi Province (2012011015-3), Higher School of Science and Technology Innovation Project of Shan’xi Province (2013148), Key Construction Disciplines of Xinzhou Teachers University (ZDXK201204, XK201307), Research Project of Chongqing University of Science and Technology (CK2013B15), and Research Program of Chongqing Municipal Education Commission (KJ131401).