Many Internet networks have limited internal diversity, making them vulnerable to serious malware spreading. A proposed malware-halting technique that uses software diversity can halt infectious outbreaks on these networks.A lthough many networked computing systems are vulnerable to self-propagating malware, large enterprises use automated patching and hardening to make their systems highly immune to malware infections. However, persistent human a ackers compromise enterprise networks using advanced tools, customized malware, and -day exploits that antimalware technology and patching can't detect or mitigate. 1,2 In this article, I investigate so ware diversity's ability to halt infectious malware and argue that diversity increases the time needed for a ackers to compromise enterprise systems, increasing the likelihood of early detection and mitigation of infectious outbreaks.A computing system is viewed as a collection of interconnected computing platforms, and the platforms are considered at the OS and application levels. Compilers with diversity engines generate the platforms' binary images, producing many di erent executable images from a much smaller set of OS and application source codes. 3 Conceptually, a program's binary images are divided into classes where members of the same class share at least one exploitable vulnerability, and members of di erent classes have no common exploitable vulnerability. Assuming the compilers generate equally large classes, the number of classes measures the program's diversity. 4 (For more information on research on diversity, see the "Related Work" sidebar.)Previous research used well-established network models from network science 5 to show how to combine so ware diversity and computer "immunization" to halt multiple simultaneous outbreaks of infectious malware with sparse and inhomogeneous spreading pa erns. 6 is article considers alternative synthetic and empirical networks.
Explanatory Epidemiological ModelMalware exploits vulnerabilities in OSs and application so ware to infect computing devices. An exploitable vulnerability is a mistake in the so ware that enables malware to gain access to a device. Examples of exploitable vulnerabilities are bu er over ows and malformed URLs. 3,7,8 Infectious malware can spread to new vulnerable devices via network shares, removable media, IP a acks, email messages, instant messaging, and peerto-peer networks.
Epidemiological ModelI model the spreading of infectious malware over networked computing devices using a simple graph with N nodes of L (≥1) types, as depicted in Figure 1. ere are roughly N/L nodes of each type uniformly distributed over the graph. e node types represent di erent binary codes on the OS or application level of the computing platforms. Nodes of the same type share an exploitable vulnerability, whereas nodes of di erent types have no common exploitable vulnerability. e edges represent communications between nodes. A good measure of a model's diversity is the number of
