A Novel Virus-Patch Dynamic Model.

The distributed patch dissemination strategies are a promising alternative to the conventional centralized patch dissemination strategies. This paper aims to establish a theoretical framework for evaluating the effectiveness of distributed patch dissemination mechanism. Assuming that the Internet offers P2P service for every pair of nodes on the network, a dynamic model capturing both the virus propagation mechanism and the distributed patch dissemination mechanism is proposed. This model takes into account the infected removable storage media and hence captures the interaction of patches with viruses better than the original SIPS model. Surprisingly, the proposed model exhibits much simpler dynamic properties than the original SIPS model. Specifically, our model admits only two potential (viral) equilibria and undergoes a fold bifurcation. The global stabilities of the two equilibria are determined. Consequently, the dynamical properties of the proposed model are fully understood. Furthermore, it is found that reducing the probability per unit time of disconnecting a node from the Internet benefits the containment of electronic viruses.

1 Introduction

Electronic viruses, ranging from host-dependent viruses and network worms to other malicious codes such as Trojans and spyware, have posed a serious threat to our daily work and life [1]. Even more serious, the highly popularized networks, ranging from the Internet and the world wide web to various social networks, offer the major channel for the fast spread of electronic viruses. Consequently, the issue of how to suppress the rampancy of electronic infections on networks has long received considerable attention from the network security community.

The patches for viruses are recognized as the major means of detecting and clearing viruses resident at individual network nodes. For the patches to play a full role, new patches must be disseminated to all nodes on the network in a remarkably short period of time. There are two fundamentally different kinds of patch dissemination strategies: the centralized strategies, in which a central node disseminates new patches directly to all other nodes in the network, and the distributed strategies, in which every newly patched node forwards the patches to some or all of its neighbors according to a well-designed protocol [2-4]. Due to the limited bandwidth of the Internet, the time needed by performing a centralized patch dissemination strategy is often unacceptably long. The distributed patch dissemination strategies are regarded as a promising alternative to their centralized analogs, because the negative impact of the limited bandwidth on the patch dissemination can be reduced significantly.

The design of good patch dissemination strategies is closely related to the evaluation of effectiveness of different patch dissemination strategies. One feasible approach to the evaluation of a patch dissemination strategy is to establish a compartment-based dynamic model capturing both the virus propagation mechanism and the patch dissemination strategy, and then to determine the trend of the number or proportion of infected nodes in the network by analyzing the dynamical properties of the model; a patch dissemination strategy is regarded as effective or ineffective depending on whether or not the proportion of infected nodes approaches an acceptably low value. Kephart and White’s seminal work in the early 1990s opened the door to the compartment modeling of computer infections [5]. From then on, a multitude of epidemic models for electronic viruses, ranging from ordinary models [6-12] and delayed models [13-16] to impulsive models [17-20], have been proposed. All these models capture the centralized patch dissemination mechanism. As a result, they are not suited to the situations of distributed patch dissemination.

Recently, Zhu et al. [21] proposed an epidemic model for electronic viruses, which is known as the original SIPS model in this paper. To a certain extent, this model captures the distributed patch dissemination mechanism, because every recently patched node is assumed to have a chance to forward the patches to a neighboring node. Consequently, this model offers a good start point for assessing the effectiveness of different distributed patch dissemination strategies. The model exhibits complex dynamical properties. Specifically, the model admits up to four potential equilibria, among which two are virus-free and the other two are virulent, and each of the four equilibria can be globally stable under proper conditions. As a result, the viruses on the network may die out or persist depending on the relationship among the model-related parameters.

Apart from the Internet as a channel for virus spreading, various removable storage media, including flash disks and portable hard disks, offer the second channel for virus propagation. The original SIPS model, however, ignores the existence of infected removable storage media. To accurately evaluate the effectiveness of the distributed patch dissemination mechanism, a virus-patch mixed model that takes into account infected removable storage media should be introduced.

This paper is intended to introduce a theoretical framework for evaluating the effectiveness of distributed patch dissemination mechanism. Assuming that the Internet offers P2P service for every pair of nodes on the network, a virus-patch dynamic model incorporating the impact of infected removable storage media is suggested. Certainly, this model captures the interaction of patches with viruses better than the original SIPS model. Surprisingly, our model exhibits much simpler dynamic properties than the original SIPS model. Specifically, our model admits only two potential (viral) equilibria and undergoes a fold bifurcation. The global stabilities of the two equilibria are determined. Consequently, the dynamical properties of the proposed model are fully understand. Furthermore, it is found that reducing the probability per unit time of disconnecting a node from the Internet helps suppress electronic viruses.

The remainder of this paper is organized in this fashion: Section 2 describes the new model. Section 3 computes the two potential equilibria for the model. Sections 4 and 5 are devoted to examining the local and global stabilities of the equilibria, respectively. Several numerical examples are given in Section 6. Finally, Section 7 summarizes this work and points out some future topics of research.

2 Model formulation

This section aims to introduce the new virus-patch dynamic model. For brevity, smart electronic devices are referred to as nodes. It is assumed that the Internet offers P2P service for every pair of nodes on the network. Due to the limited carrying capacity of the Internet, it is assumed that the number of nodes on the network, denoted N, is unvaried over time.

Every node is assumed to be in one of three possible states: susceptible, infected, and patched. Susceptible nodes are not installed with the newest patch and hence have no immunity to new viruses, whereas patched nodes are installed with the newest patch and hence possess temporary immunity to new viruses. Let S(t), I(t), and P(t) denote the average numbers of susceptible, infected, and immune nodes on the network at time t, respectively. Clearly, S(t) + I(t) + P(t) ≡ N. For the modeling purpose, the following hypotheses are imposed.

(H1) The nodes outside the network are all susceptible.

(H2) The nodes outside the network are connected to the network at constant rate μ > 0.

(H3) Every node in the network is disconnected from the network with constant probability per unit time δ > 0. Clearly, we have .

(H4) Due to connections with infected nodes, at time t every susceptible node in the network gets infected with probability per unit time β 1 I(t), where β 1 > 0 is a constant. This hypothesis captures the distributed nature of virus propagation.

(H5) Due to existence of infected removable storage media, every susceptible node in the network gets infected with constant probability per unit time β 2 > 0.

(H6) Due to connections with patched nodes, at time t every susceptible or infected node in the network acquires the newest patch with probability per unit time γ 1 P(t), where γ 1 > 0 is a constant. This hypothesis captures the distributed nature of patch dissemination.

(H7) Due to system reinstallation, every infected node in the internet becomes susceptible with constant probability per unit time γ 2 > 0.

(H8) Due to patch invalidation, every patched node in the network becomes susceptible with constant probability per unit time α > 0.

This collection of hypotheses can be presented in the form of Fig 1. On this basis, our new model can be formulated as the following differential dynamical system: with initial condition (S(0), I(0), P(0)) ∈ Ω, where It is easily verified that Ω is positively invariant for the system.

Fig 1

The diagram for the new model.

As , system (1) reduces to the following two-dimensional dynamical system: with initial condition (I(0), P(0)) ∈ Ω*, where It is easily verified that Ω* is positively invariant for the system.

One of our major tasks is to determine the trend of I(t) by studying model (2).

3 Equilibria

An equilibrium for a differential dynamical system is a state of the system that is unvaried over time. The first step to understanding a differential dynamical system is to figure out what equilibria it admits.

Now, let us pick out all equilibria of system (1). Let , , where , , and

Theorem 3.1. Consider system (1).

There is a unique equilibrium, , if .

There are exactly two equilibria, and , if .

Proof. Any equilibrium for system (1) must be a solution to the bilinear algebraic system Direct calculations show that system (1) has at most one equilibrium, , if P = 0, and system (1) has at most two equilibria, and , if P ≠ 0.

First, suppose P = 0. Canceling S from the first two equations of system (3), and rearranging the terms, we get that is a positive root of the quadratic equation As and , it follows that, in any case, is an equilibrium.

Clearly, is an equilibrium only if . Now, suppose P ≠ 0. Canceling S and P from system (3) and rearranging the terms, we get that is a positive root of the quadratic equation As , it follows that is an equilibrium if and As implies , it follows that is indeed an equilibrium if . The proof is complete.

An equilibrium for system (1) or (2) is virus-free if its I-component is zero, otherwise the equilibrium is viral. It is easily verified that (a) is viral, and (b) is viral if . As a result, system (1) possesses no virus-free equilibrium.

Let , . As a consequence of Theorem 3.1, we have the following result.

Theorem 3.2. Consider system (2).

There is a unique equilibrium, , if .

There are exactly two equilibria, and , if .

Clearly, is viral, and is viral if . As a result, system (2) admits no virus-free equilibrium. This theorem clearly shows that under model (2), it is impossible to eradicate viruses on the network once for all.

4 Local stability analysis

Given an equilibrium E* for a differential dynamical system. E* is stable if any orbit for the system that starts from a point near E* always stays in the proximity of E*, otherwise E* is a repeller. E* is attracting if any orbit for the system that starts from a point near E* approaches E*. E* is asymptotically stable if it is stable and attracting.

Given an equilibrium for a differential dynamic system, the next thing to do is to figure out its local stability. In this section, the local stabilities of the two equilibria, and , for system (2) are examined.

Theorem 4.1. Consider system (1).

is asymptotically stable if .

is a saddle point, with one positive eigenvalue and two negative eigenvalues, if .

Proof. The Jacobian of system (1) evaluated at is The associated characteristic equation is Note from the second equation of algebraic system (3) that , the three roots of this equation are So, ξ 2 < 0 if , and ξ 2 > 0 if . Thus, the claimed result follows from the Lyapunov theorem [22].

Theorem 4.2. Consider system (1). is locally asymptotically stable if .

Proof. The Jacobian of system (1) evaluated at E 2 is The corresponding characteristic equation is Note that β 1 S 2 < γ 2+δ, the three roots of this equation are The claimed result follows from the Lyapunov theorem [22].

Remark 1. Theorems 4.1 and 4.2 tell us that system (1) undergoes a fold bifurcation [23]. Fig 2 demonstrates the way and vary with the increase of γ 1, showing that a fold bifurcation occurs.

Fig 2

The way I 1 and I 2 vary with the increase of γ 1.

As a direct consequence of Theorems 4.1 and 4.2, we have

Theorem 4.3. Consider system (2).

is asymptotically stable if .

is asymptotically stable and is a saddle point if .

5 Global stability analysis

Given an equilibrium E* for a differential dynamical system and a subset D of the domain for the system containing E*. E* is asymptotically stable with respect to D if (a) E* is stable, and (b) any orbit starting from within D approaches E*.

Given the local stability of an equilibrium for a differential dynamical system, the next thing to do is to figure out its global stability. This section is devoted to examining the global stabilities of the two equilibria, E 1 and E 2, for system (2). For that purpose, let us briefly survey the theory of asymptotically autonomous systems.

Definition 5.1. Consider a pair of n-dimensional differential dynamical systems, and defined in some positively invariant set X ⊂ R. System (6) is called asymptotically autonomous, with system (7) as its limit system, if lim f(t,x) = g(x) holds locally uniformly in X.

Definition 5.2. The ω-limit set of a forward bounded solution x(t) to system (6) satisfying x(t 0) = x 0, denoted ω(t 0,x 0), is defined as y ∈ ω(t 0,x 0) ⇔ y = lim x(t ) for some sequence t → ∞.

Below is the well-known Thieme’s Theorem concerning asymptotically autonomous systems [24].

Theorem 5.1 (Thieme). Let n = 2 and ω be the ω–limit set of a forward bounded solution x(t) of the asymptotically autonomous system (6). Assume that there exists a neighborhood of ω which contains at most finitely many equilibria of system (7). Then the following trichotomy holds:

ω consists of a single equilibrium for system (7).

ω is the union of periodic orbits for system (6) and possibly of centers for system (7) that are surrounded by periodic orbits for system (6) lying in ω.

ω contains equilibria for system (7) that are cyclically chained to each other in ω by orbits of system (7).

We are ready to make clear the global stabilities of E 1 and E 2. First, we have the following result.

Lemma 5.1. Consider system (2).

There is no periodic solution within Ω*.

is asymptotically stable with respect to Ω* if .

is attracting with respect to {(I, P) ∈ Ω*:P = 0} and is attracting with respect to {(I, P) ∈ Ω*:P ≠ 0} if .

Proof.

Let In the interior of Ω*, we have By the Bendixson-Dulac criterion [22], system (2) has no periodic orbit in the interior of Ω*. Now, consider an arbitrary point, , on the boundary of Ω*. There are three possibilities, which are treated respectively. In view of the orbit smoothness and that there is no periodic orbit falling in the set {(I, P) ∈ Ω*:P = 0}, system (2) admits no periodic orbit in the whole Ω*.

, . Then, .

, . Then, .

. Then, .

The claimed result follows from the generalized Poincare-Bendixson theorem [22], the first assertion of this lemma, and Corollary 2.

Consider an arbitrary solution, (I(t), P(t)), to system (2). There are three possibilities. The proof is complete.

P(0) = 0. This implies that P(t) ≡ 0. Plugging it into the first equation of system (2) and solving the resulting equation, we get that .

. This implies that . Plugging it into the first equation of system (2) and solving the resulting equation, we get that .

P(0) ≠ 0, . Solving the second equation of system (2), we get Note that It follows from Eqs (8) and (9) that system (2) is equivalent to the following nonautonomous system: which converges locally uniformly to the limit system Clearly, system (11) has as its unique equilibrium. It follows by the Thieme’s theorem, the first assertion of this lemma, and Corollary 2 that .

We are ready to establish the main results in this paper.

Theorem 5.2. Consider system (1),

is asymptotically stable with respect to Ω if .

and are asymptotically stable with respect to {(S, I, P) ∈ Ω:P = 0} and {(S, I, P) ∈ Ω:P ≠ 0}, respectively, if .

Proof. The claims follow by combining Theorems 4.1–4.2 with Lemma 5.1.

This theorem presents the complete dynamics for system (1). It is concluded from this theorem that (a) the number of infected nodes approaches if , (b) the number of infected nodes approaches if and initially there is no patched node, and (c) the number of infected nodes approaches if and initially there exist patched nodes. Consequently, the trend of the number of infected nodes is already perfectly clear.

6 Numerical examples and discussions

First, let us illustrate the function of Theorem 5.2.

Example 1. Consider system (1) with μ = 100, δ = 0.2, β 1 = 0.001, β 2 = 0.1, γ 1 = 0.0002, γ 2 = 0.1, and α = 0.1. As , it follows from Theorem 5.2 that is asymptotically stable with respect to the whole Ω. Fig 3 shows a time plot for the system, and Fig 4 displays the phase portrait for its equivalent two-dimensional system.

Fig 3

A time plot for the system given in Example 1.

Fig 4

The phase portrait for the equivalent two-dimensional system of the system given in Example 1.

Example 2. Consider system (1) with μ = 200, δ = 0.3, β 1 = 0.001, β 2 = 0.4, γ 1 = 0.002, γ 2 = 0.2, and α = 0.3. As , it follows from Theorem 5.2 that is asymptotically stable with respect to , and is asymptotically stable with respect to . Fig 5 demonstrates a time plot for the system, and Fig 6 exhibits the phase portrait for its equivalent two-dimensional system.

Fig 5

A time plot for the system given in Example 2.

Fig 6

The phase portrait for the equivalent two-dimensional system of the system given in Example 2.

Next, let us use Theorem 5.2 to better suppress electronic viruses. For that purpose, we need the following result.

Theorem 6.1. Consider system (1). Then, if .

Proof. Note that and , we conclude that . The proof is complete.

Fig 7 illustrates how and vary with the increasing β 1 provided , from which it can be seen that , in agreement with Theorem 6.1.

Fig 7

The way I 1 and I 2 vary with the increasing β 1, provided .

The parameter stands for the saturated number of nodes in the Internet and hence is very large. As a result, the condition of is met in real-world situations. It follows from Theorem 6.1 that a lower value is desired to contain the viral prevalence. A question arises naturally: how can we achieve a lower value? To answer this question, we need the following result.

Theorem 6.2. if .

Proof. Differentiating with respect to δ on both sides of Eq (5) with respect δ, replace I with , and rearranging the terms, we get

This theorem shows that reducing the probability per unit time of disconnecting a node from the Internet could benefit the containment of electronic viruses. This interesting phenomenon is attributed to the fact that, compared with the nodes outside the network, the nodes in the network have a chance to acquire the patches for the newest viruses and hence become more robust to malware.

7 Conclusions

Assuming that the underlying Internet offers P2P service for every pair of nodes on the network, a dynamic model capturing both the virus propagation mechanism and the distributed patch dissemination mechanism has been proposed. As the infected removable storage media is taken into account, this model captures the real-world situations better than the original SIPS model. The dynamical properties of the proposed model has been fully understood, and it has been found that reducing the probability per unit time of disconnecting a node from the Internet could benefit the containment of electronic viruses.

Towards the evaluation of different distributed patch dissemination strategies, numerous work has yet to be done. First, the proposed model needs modification to adapt to scale-free networks [25, 26] or even general networks [27, 28]. Second, the patch dissemination network may be different from the virus propagation network [2], and future virus-patch dynamical models should characterize this difference. Next, it is worthwhile to study cost-effective patch dissemination strategies by exploiting the optimal control theory [29]. Last, the proposed model can be extended to other situations such as information or rumor propagation [30-32].