A theoretical method for assessing disruptive computer viruses

https://doi.org/10.1016/j.physa.2017.04.044Get rights and content

Highlights

  • To assess the prevalence of disruptive malware, a new epidemic model is proposed.

  • A criterion for the global stability of the virus-free equilibrium is given.

  • A criterion for the existence of a unique viral equilibrium is presented.

  • Some interesting results are drawn from extensive simulation experiments.

  • On this basis, some policies of suppressing disruptive malware are recommended.

Abstract

To assess the prevalence of disruptive computer viruses in the situation that every node in a network has its own virus-related attributes, a heterogeneous epidemic model is proposed. A criterion for the global stability of the virus-free equilibrium and a criterion for the existence of a unique viral equilibrium are given, respectively. Furthermore, extensive simulation experiments are conducted, and some interesting phenomena are found from the experimental results. On this basis, some policies of suppressing disruptive viruses are recommended.

Introduction

The convenience and popularization of the Internet have brought huge benefits to human society. Meanwhile, it offers a shortcut to spread computer viruses, inflicting large economic losses  [1]. Consequently, the problem of how to effectively suppress digital viruses has long been a hot spot in the field of network security research. The epidemic modeling of computer infections is recognized as a feasible approach to the assessment of prevalence of electronic viruses as well as that of effectiveness of different virus-containing strategies  [2]. Since the seminal work by Kephart and White  [3], [4], multifarious computer virus spreading models, ranging from the coarsest population-level models  [5], [6], [7], [8], [9], [10], [11], [12] and the intermediate network-level models  [13], [14], [15], [16], [17] to the finest node-level epidemic models, have been proposed  [18], [19], [20], [21], [22], [23].

Disruptive computer virusese are defined as those whose life period consists of two consecutive phases: the latent phase and the disruptive phase. In the latent phase, a disruptive virus staying in a host does not perform any disruptive operations. Rather, the virus tries to infect as many hosts as possible by sending its copies to them. In the disruptive phase, a disruptive virus staying in a host performs a variety of operations that disrupt the host, such as distorting data, deleting data or files, and destroying the operating system. For example, the notorious Melissa virus propagates by means of emails, paralyzing the email server. As the second instance, the CIH virus propagates through the Internet and emails, destroying the BIOS of all infected hosts on some prescribed dates. To assess the prevalence of disruptive viruses, a number of epidemic models, which are referred to as the Susceptible–Latent–Bursting–Susceptible (SLBS) models, have been suggested  [24], [25], [26], [27], [28], which have been extended towards different directions  [29], [30], [31], [32], [33], [34]. Recently, Yang et al.  [35] established a node-level SLBS model, where all nodes have the same infecting rate, the same curing rate, and the same disruptive rate. In real-world applications, different nodes may enjoy different attributes and different safety levels. Therefore, they may have different infecting rates, different curing rates, and different bursting rates. In such scenarios, heterogeneous SLBS models may be more appropriate.

This paper addresses the issue of assessing the prevalence of disruptive computer viruses in the situation that every node in a network has its own virus-related attributes. For that purpose, a heterogeneous epidemic model is proposed. A criterion for the global stability of the virus-free equilibrium and a criterion for the existence of a unique viral equilibrium are given, respectively. Furthermore, extensive simulation experiments are conducted, and some interesting results are drawn from the experimental results. On this basis, some measures of suppressing disruptive malware are recommended.

The remaining materials of this work are organized in the following pattern. Section  2 formulates the new epidemic model. Section  3 theoretically studies this model, and Section  4 conducts extensive simulation experiments. This work is closed by Section  5.

Section snippets

The new model

Given a population of hosts (nodes) numbered 1,2,,N. Let G=(V,E) be the virus-spreading network, where V={1,2,,N}, and {i,j}E if and only if disruptive viruses can propagate between node i and node j. From now on, G is assumed to be unvaried and connected. Let A=(aij)N×N denote the adjacency matrix of G. Then A is irreducible.

As with the traditional SLBS models, it is assumed that at any time every node in the network is in one of three possible states: susceptible, latent, and disruptive;

Analysis of the new model

This section addresses the dynamics of the heterogeneous SLBS model.

Simulation analysis

Let I(t) denote the fraction of infected nodes at time t. That is, I(t)=1Ni=1N(Li(t)+Bi(t)).

Although Theorem 1 gives a sufficient condition for the global stability of the virus-free equilibrium, and Theorem 2 offers a sufficient condition for the existence of a viral equilibrium, the following questions are yet to be answered.

  • Q1

    If the condition in Theorem 1 holds true, how fast does I(t) approach zero?

  • Q2

    If the condition in Theorem 2 holds true, how about the dynamics of I(t)?

  • Q3

    If neither the

Conclusions and remarks

For the purpose of assessing the prevalence of disruptive computer viruses, a heterogeneous node-level SLBS model has been proposed. A criterion for the global stability of the virus-free equilibrium has been given, and a criterion for the existence of a unique viral equilibrium has been presented. Furthermore, extensive simulation experiments have been conducted, and thereby some interesting results have been concluded. On this basis, some measures of containing the prevalence of disruptive

Acknowledgments

The authors are grateful to the anonymous reviewers for their valuable suggestions. This work was supported by Science and Technology Support Program of China (Grant No. 2015BAF05B03), Natural Science Foundation of China (Grant Nos. 61572006, 71301177), Basic and Advanced Research Program of Chongqing (Grant No. cstc2013jcyjA1658), and Fundamental Research Funds for the Central Universities (Grant No. 106112014CDJZR008823).

References (55)

  • L.X. Yang et al.

    A new epidemic model of computer viruses

    Commun. Nonlinear Sci. Numer. Simul.

    (2014)
  • L. Chen et al.

    Optimal control of a delayed SLBS computer virus model

    Physica A

    (2015)
  • Y. Yao et al.

    Pulse quarantine strategy of Internet worm propagation: Modeling and analysis

    Comput. Electr. Eng.

    (2012)
  • P. Szor

    The Art of Computer Virus Research and Defense

    (2005)
  • Y. Wang et al.

    Modeling the propagation of worms in networks: A survey

    IEEE Commun. Surv. Tutor.

    (2014)
  • J.O. Kephart, S.R. White, Directed-graph epidemiological models of computer viruses, in: Proc. IEEE Computer Society...
  • J.O. Kephart et al.

    Measuring and modeling computer virus prevalence

    IEEE Comput. Soc. Symp. Res. Secur. Priv.

    (1991)
  • B.K. Mishra et al.

    Dynamical model of worms with vertical transmission in computer network

    Appl. Math. Comput.

    (2011)
  • Y. Muroya et al.

    Global stability of a delayed SIRS computer virus propagation model

    Int. J. Comput. Math.

    (2014)
  • Z. Zhang et al.

    Bifurcation of an SIQR computer virus model with time delay

    Discrete Dyn. Nat. Soc.

    (2015)
  • G. Li et al.

    Modeling and analyzing the spread of flash disk worms via multiple subnets

    Discrete Dyn. Nat. Soc.

    (2015)
  • R. Pastor-Satorras et al.

    Epidemic spreading in scale-free networks

    Phys. Rev. Lett.

    (2001)
  • M. Bathelemy et al.

    Velocity and hierarchical spread of epidemic outbreaks in scale-free networks

    Phys. Rev. Lett.

    (2004)
  • P. Van Mieghem et al.

    Virus spread in networks

    IEEE/ACM Trans. Netw.

    (2009)
  • P. Van Mieghem

    The N -Intertwined SIS epidemic network model

    Computing

    (2011)
  • S. Xu et al.

    A stochastic model of multivirus dynamics

    IEEE Trans. Dependable Secure Comput.

    (2012)
  • F.D. Sahneh et al.

    On the existence of a threshold for preventive bahavioral responses to suppress epidemic spreading

    Sci. Rep.

    (2012)
  • Cited by (0)

    View full text