Journal of Management Information Systems

Volume 33 Number 1 2016 pp. 296-325

Impact of Network Structure on Malware Propagation: A Growth Curve Perspective

Guo, Hong, Cheng, Hsing Kenneth, and Kelley, Ken

ABSTRACT:

Malicious software, commonly termed “malware,” continuously presents one of the top security concerns, and causes tremendous worldwide financial losses for organizations. In this paper, we propose a structural risk model to analyze malware propagation dynamics measured by a four-parameter (asymptote, point of inflection, rate, and infection proportion at inflection) growth curve. Using both social network data and technological network infrastructure from a large organization, we estimate the proposed structural risk model based on incident-specific nonlinear growth curves. This paper provides empirical evidence for the explanatory power of the structural characteristics of the underlying networks on malware propagation dynamics. This research provides useful findings for security managers in designing their malware defense strategies. We also simulate three common malware defense strategies (preselected immunization strategies, countermeasure dissemination strategies, and security awareness programs) based on the proposed structural risk model and show that they outperform existing strategies in terms of reducing the size of malware infection.

Key words and phrases: information systems security, malware defense, malware propagation, malware propagation trajectory, network analysis, social networks, technological networks