T.V. Stepanova - Ph.D. (Eng.) Neobit Ltd. E-mail: stepanova@neo-bit.ru

Malware authors tend to organize networks of malware agents, which work together; such networks are called botnets. Modern botnets have sophisticated organization, decentralized or hybrid architecture, utilize random graph, small world or scale free topology [1]. These properties allow botnets to be highly resistant against neutralization techniques, used by defense systems. Botnets also use methods (in addition to botnets' payload), which aim at breaking defense system itself, thus helping botnets in distribution and performing malicious actions. To protect themselves from such attacks, defense systems also turn to distributed architecture. Thus we can talk about mutual counteraction between distributed systems, unfolding on the Internet. This confrontation is characterized by hundreds of variables that describe software, hardware, principles and algorithms of system behavior, system actions etc. Variety of these systems and processes makes it difficult to build a model of this counteraction through the assessment of each participating Internet host. In this work it is proposed to represent opposite sides as multi-agent systems (MAS) and then develop a model of MAS counteraction. Indeterminacy of MAS evolution process and its - adaptability require significant computational and time resources. Therefore it is appropriate to estimate values for set of indicators (Ind = = {indi}), which provide adaptability of the system and ability to optimize its - operations. Main objectives of MAS under review, which form the basis of its behavior strategy, are: ensuring the sustainability of their own (i.e., retention efficiency) under targeted aggressive actions and neutralize the enemy. First class consists of following: controllability, resiliency and durability. Second class consists of following parameters: impact power, integrity power and effective impact power. The last parameter - scalability - is a measure of dispersion of controllability, resiliency, durability, impact power, integrity power and effective impact power for MAS, which size changes from k to n nodes. Proposed model of MAS counteraction utilizes generalized concepts and therefore can be used to describe interaction between different types of distributed systems in Interne. This model allows to build analytical derivation of indicator values and formalize methods to ensure MAS sustainability and can be applied for such tasks as optimization of MAS parameters, evaluation of defense efficiency and risk assessment.