Modeling and Analysis of Bifurcation in a Delayed Worm Propagation Model

A delayed worm propagation model with birth and death rates is formulated. The stability of the positive equilibrium is studied. Through theoretical analysis, a critical value τ0 of Hopf bifurcation is derived. The worm propagation system is locally asymptotically stable when time delay is less than τ0. However, Hopf bifurcation appears when time delay τ passes the threshold τ0, which means that the worm propagation system is unstable and out of control. Consequently, time delay should be adjusted to be less than τ0 to ensure the stability of the system stable and better prediction of the scale and speed of Internet worm spreading. Finally, numerical and simulation experiments are presented to simulate the system, which fully support our analysis

Modelling the malware propagation in mobile computer devices

Nowadays malware is a major threat to the security of cyber activities. The rapid development of the Internet and the progressive implementation of the Internet of Things (IoT) increase the security needs of networks. This research presents a theoretical model of malware propagation for mobile computer devices. It is based on the susceptible-exposed-infected-recovered-susceptible (SEIRS) epidemic model. The scheme is based on a concrete connection pattern between nodes defined by both a particular neighbourhood which fixes the connection between devices, and a local rule which sets whether the link is infective or not. The results corroborate the ability of our model to perform the behaviour patterns provided by the ordinary differential equation (ODE) traditional method

Analysis of a Model for Computer Virus Transmission

Computer viruses remain a significant threat to computer networks. In this paper, the incorporation of new computers to the network and the removing of old computers from the network are considered. Meanwhile, the computers are equipped with antivirus software on the computer network. The computer virus model is established. Through the analysis of the model, disease-free and endemic equilibrium points are calculated. The stability conditions of the equilibria are derived. To illustrate our theoretical analysis, some numerical simulations are also included. The results provide a theoretical basis to control the spread of computer virus

Spectral Graph-based Cyber Worm Detection Using Phantom Components and Strong Node Concept

Innovative solutions need to be developed to defend against the continued threat of computer worms. We propose the spectral graph theory worm detection model that utilizes traffic dispersion graphs, the strong node concept, and phantom components to create detection thresholds in the eigenspectrum of the dual basis. This detection method is employed in our proposed model to quickly and accurately detect worm attacks with different attack characteristics. It also intrinsically identifies infected nodes, potential victims, and estimates the worm scan rate. We test our model against the worm-free NPS2013 dataset, a modeled Blaster worm, and the WannaCry CTU-Malware-Capture-Botnet-284-1 and CTU-Malware-Capture-Botnet-285-1 datasets. Our results show that the spectral graph theory worm detection model has better performance rates compared to other models reviewed in literature

Modeling and Bifurcation Research of a Worm Propagation Dynamical System with Time Delay

Both vaccination and quarantine strategy are adopted to control the Internet worm propagation. By considering the interaction infection between computers and external removable devices, a worm propagation dynamical system with time delay under quarantine strategy is constructed based on anomaly intrusion detection system (IDS). By regarding the time delay caused by time window of anomaly IDS as the bifurcation parameter, local asymptotic stability at the positive equilibrium and local Hopf bifurcation are discussed. Through theoretical analysis, a threshold τ0 is derived. When time delay is less than τ0, the worm propagation is stable and easy to predict; otherwise, Hopf bifurcation occurs so that the system is out of control and the containment strategy does not work effectively. Numerical analysis and discrete-time simulation experiments are given to illustrate the correctness of theoretical analysis

Dynamical Analysis of a Viral Infection Model with Delays in Computer Networks

This paper is devoted to the study of an SIRS computer virus propagation model with two delays and multistate antivirus measures. We demonstrate that the system loses its stability and a Hopf bifurcation occurs when the delay passes through the corresponding critical value by choosing the possible combination of the two delays as the bifurcation parameter. Moreover, the direction of the Hopf bifurcation and the stability of the bifurcating periodic solutions are determined by means of the center manifold theorem and the normal form theory. Finally, some numerical simulations are performed to illustrate the obtained results

Dynamics of a Computer Virus Propagation Model with Delays and Graded Infection Rate

A four-compartment computer virus propagation model with two delays and graded infection rate is investigated in this paper. The critical values where a Hopf bifurcation occurs are obtained by analyzing the distribution of eigenvalues of the corresponding characteristic equation. In succession, direction and stability of the Hopf bifurcation when the two delays are not equal are determined by using normal form theory and center manifold theorem. Finally, some numerical simulations are also carried out to justify the obtained theoretical results

SPECTRAL GRAPH-BASED CYBER DETECTION AND CLASSIFICATION SYSTEM WITH PHANTOM COMPONENTS

With cyber attacks on the rise, cyber defenders require new, innovative solutions to provide network protection. We propose a spectral graph-based cyber detection and classification (SGCDC) system using phantom components, the strong node concept, and the dual-degree matrix to detect, classify, and respond to worm and distributed denial-of-service (DDoS) attacks. The system is analyzed using absorbing Markov chains and a novel Levy-impulse model that characterizes network SYN traffic to determine the theoretical false-alarm rates of the system. The detection mechanism is analyzed in the face of network noise and congestion using Weyl’s theorem, the Davis-Kahan theorem, and a novel application of the n-dimensional Euclidean metric. The SGCDC system is validated using real-world and synthetic datasets, including the WannaCry and Blaster worms and a SYN flood attack. The system accurately detected and classified the attacks in all but one case studied. The known attacking nodes were identified in less than 0.27 sec for the DDoS attack, and the worm-infected nodes were identified in less than one second after the second infected node began the target search and discovery process for the WannaCry and Blaster worm attacks. The system also produced a false-alarm rate of less than 0.005 under a scenario. These results improve upon other non-spectral graph systems that have detection rates of less than 0.97 sec and false alarm rates as high as 0.095 sec for worm and DDoS attacks.Lieutenant Commander, United States NavyApproved for public release. distribution is unlimite