Bifurcation analysis of a computer virus propagation model

We propose a mathematical model for investigating the efficacy of Countermeasure Competing (CMC) strategy which is a method for reducing the effect of computer virus attacks. Using the Centre Manifold Theory, we determine conditions under which a subcritical (backward) bifurcation occurs at Basic Reproduction Number R0 = 1. In order to illustrate the theoretical findings, we construct a new Nonstandard Finite Difference Scheme (NSFD) that preserves the bifurcation property at R0 = 1 among other dynamics of the continuous model. Earlier results given by Chen and Carley [The impact of countermeasure propagation on the prevalence of computer viruses, IEEE Trans. Syst., Man, Cybern. B. Cybern. 2004] show that the CMC strategy is effective when the countermeasure propagation rate is higher than the virus spreading rate. Our results reveal that even if this condition is not met, the CMC strategy may still successfully eradicate computer viruses depending on the extent of its effectiveness.https://dergipark.org.tr/en/pub/hujmsam2022Mathematics and Applied Mathematic

Optimal and Nonlinear Dynamic Countermeasure under a Node-Level Model with Nonlinear Infection Rate

This paper mainly addresses the issue of how to effectively inhibit viral spread by means of dynamic countermeasure. To this end, a controlled node-level model with nonlinear infection and countermeasure rates is established. On this basis, an optimal control problem capturing the dynamic countermeasure is proposed and analyzed. Specifically, the existence of an optimal dynamic countermeasure scheme and the corresponding optimality system are shown theoretically. Finally, some numerical examples are given to illustrate the main results, from which it is found that (1) the proposed optimal strategy can achieve a low level of infections at a low cost and (2) adjusting nonlinear infection and countermeasure rates and tradeoff factor can be conductive to the containment of virus propagation with less cost

Markovian and stochastic differential equation based approaches to computer virus propagation dynamics and some models for survival distributions

This dissertation is divided in two Parts. The first Part explores probabilistic modeling of propagation of computer \u27malware\u27 (generally referred to as \u27virus\u27) across a network of computers, and investigates modeling improvements achieved by introducing a random latency period during which an infected computer in the network is unable to infect others. In the second Part, two approaches for modeling life distributions in univariate and bivariate setups are developed. In Part I, homogeneous and non-homogeneous stochastic susceptible-exposed-infectious- recovered (SEIR) models are specifically explored for the propagation of computer virus over the Internet by borrowing ideas from mathematical epidemiology. Large computer networks such as the Internet have become essential in today\u27s technological societies and even critical to the financial viability of the national and the global economy. However, the easy access and widespread use of the Internet makes it a prime target for malicious activities, such as introduction of computer viruses, which pose a major threat to large computer networks. Since an understanding of the underlying dynamics of their propagation is essential in efforts to control them, a fair amount of research attention has been devoted to model the propagation of computer viruses, starting from basic deterministic models with ordinary differential equations (ODEs) through stochastic models of increasing realism. In the spirit of exploring more realistic probability models that seek to explain the time dependent transient behavior of computer virus propagation by exploiting the essential stochastic nature of contacts and communications among computers, the present study introduces a new refinement in such efforts to consider the suitability and use of the stochastic SEIR model of mathematical epidemiology in the context of computer viruses propagation. We adapt the stochastic SEIR model to the study of computer viruses prevalence by incorporating the idea of a latent period during which computer is in an \u27exposed state\u27 in the sense that the computer is infected but cannot yet infect other computers until the latency is over. The transition parameters of the SEIR model are estimated using real computer viruses data. We develop the maximum likelihood (MLE) and Bayesian estimators for the SEIR model parameters, and apply them to the \u27Code Red worm\u27 data. Since network structure can be a possibly important factor in virus propagation, multi-group stochastic SEIR models for the spreading of computer virus in heterogeneous networks are explored next. For the multi-group stochastic SEIR model using Markovian approach, the method of maximum likelihood estimation for model parameters of interest are derived. The method of least squares is used to estimate the model parameters of interest in the multi-group stochastic SEIR-SDE model, based on stochastic differential equations. The models and methodologies are applied to Code Red worm data. Simulations based on different models proposed in this dissertation and deterministic/ stochastic models available in the literature are conducted and compared. Based on such comparisons, we conclude that (i) stochastic models using SEIR framework appear to be relatively much superior than previous models of computer virus propagation - even up to its saturation level, and (ii) there is no appreciable difference between homogeneous and heterogeneous (multi-group) models. The \u27no difference\u27 finding of course may possibly be influenced by the criterion used to assign computers in the overall network to different groups. In our study, the grouping of computers in the total network into subgroups or, clusters were based on their geographical location only, since no other grouping criterion were available in the Code Red worm data. Part II covers two approaches for modeling life distributions in univariate and bivariate setups. In the univariate case, a new partial order based on the idea of \u27star-shaped functions\u27 is introduced and explored. In the bivariate context; a class of models for joint lifetime distributions that extends the idea of univariate proportional hazards in a suitable way to the bivariate case is proposed. The expectation-maximization (EM) method is used to estimate the model parameters of interest. For the purpose of illustration, the bivariate proportional hazard model and the method of parameter estimation are applied to two real data sets

Computer Virus Propagation in a Network Organization: The Interplay between Social and Technological Networks

This paper proposes a holistic view of a network organization's computing environment to examine computer virus propagation patterns. We empirically examine a large-scale organizational network consisting of both social network and technological network. By applying information retrieval techniques, we map nodes in the social network to nodes in the technological network to construct the composite network of the organization. We apply social network analysis to study the topologies of social and technological networks in this organization. We statistically test the impact of the interplay between social and technological network on computer virus propagation using a susceptible-infective-recovered epidemic process. We find that computer viruses propagate faster but reach lower level of infection through technological network than through social network, and viruses propagate the fastest and reach the highest level of infection through the composite network. Overlooking the interplay of social network and technological network underestimates the virus propagation speed and the scale of infection

Trust management schemes for peer-to-peer networks

Peer-to-peer (P2P) networking enables users with similar interests to exchange, or obtain files. This network model has been proven popular to exchange music, pictures, or software applications. These files are saved, and most likely executed, at the downloading host. At the expense of this mechanism, worms, viruses, and malware find an open front door to the downloading host and gives them a convenient environment for successful proliferation throughout the network. Although virus detection software is currently available, this countermeasure works in a reactive fashion, and in most times, in an isolated manner. A trust management scheme is considered to contain the proliferation of viruses in P2P networks. Specifically, a cooperative and distributed trust management scheme based on a two-layer approach to bound the proliferation of viruses is proposed. The new scheme is called double-layer dynamic trust (DDT) management scheme. The results show that the proposed scheme bounds the proliferation of malware. With the proposed scheme, the number of infected hosts and the proliferation rate are limited to small values. In addition, it is shown that network activity is not discouraged by using the proposed scheme. Moreover, to improve the efficiency on the calculation of trust values of ratio based normalization models, a model is proposed for trust value calculation using a three-dimensional normalization to represent peer activity with more accuracy than that of a conventional ratio based normalization. Distributed network security is also considered, especially in P2P network security. For many P2P systems, including ad hoc networks and online markets, reputation systems have been considered as a solution for mitigating the affects of malicious peers. However, a sybil attack, wherein forging identities is performed to unfairly and arbitrarily influence the reputation of peers in a network or community. To defend against sybil attack, each reported transaction, which is used to calculate trust values, is verified. In this thesis, it is shown that peer reputation alone cannot bound network subversion of a sybil attack. Therefore, a new trust management framework, called Sybildefense, is introduced. This framework combines a trust management scheme with a cryptography mechanism to verify different transaction claims issue by peers, including those bogus claims of sybil peers. To improve the efficiency on the identification of honest peers from sybil peers, a k-means clustering mechanism is adopted. Moreover, to include a list of peer’s trustees in a warning messages is proposed to generate a local table for a peer that it is used to identify possible clusters of sybil peers. The defensive performance of these algorithms are compared under sybil attacks. The performance results show that the proposed framework (Sybildefense) can thwart sybil attacks efficiently

Stochastic propagation modeling and early detection of malicious mobile code

Epidemic models are commonly used to model the propagation of malicious mobile code like a computer virus or a worm. In this dissertation, we introduce stochastic techniques to describe the propagation behavior of malicious mobile code. We propose a stochastic infection-immunization (INIM) model based on the standard Susceptible-Infected-Removed (SIR) epidemic model, and we get an explicit solution of this model using probability generating function (pgf.). Our experiments simulate the propagation of malicious mobile code with immunization. The simulation results match the theoretical results of the model, which indicates that it is reliable to use INIM model to predict the propagation of malicious mobile code at the early infection stage when immunization factor is considered. In this dissertation, we also propose a control system that could automatically detect and mitigate the propagation of malicious mobile programs at the early infection stage. The detection method is based on the observation that a worm always opens as many connections as possible in order to propagate as fast as possible. To develop the detection algorithm, we extend the traditional statistical process control technique by adding a sliding window. We do the experiment to demonstrate the training process and testing process of a control system using both real and simulation data set. The experiment results show that the control system detects the propagation of malicious mobile code with zero false negative rate and less than 6% false positive rate. Moreover, we introduce risk analysis using Sequential Probability Ratio Test (SPRT) to limit the false positive rate. Examples of risk control using SPTR are presented. Furthermore, we analyze the network behavior using the propagation models we developed to evaluate the effect of the control system in a network environment. The theoretical analysis of the model shows that the propagation of malicious program is reduced when hosts in a network applied the control system. To verify the theoretical result, we also develop the experiment to simulate the propagation process in a network. The experiment results match the mathematical results

Stochastic propagation modeling and early detection of malicious mobile code

Epidemic models are commonly used to model the propagation of malicious mobile code like a computer virus or a worm. In this dissertation, we introduce stochastic techniques to describe the propagation behavior of malicious mobile code. We propose a stochastic infection-immunization (INIM) model based on the standard Susceptible-Infected-Removed (SIR) epidemic model, and we get an explicit solution of this model using probability generating function (pgf.). Our experiments simulate the propagation of malicious mobile code with immunization. The simulation results match the theoretical results of the model, which indicates that it is reliable to use INIM model to predict the propagation of malicious mobile code at the early infection stage when immunization factor is considered. In this dissertation, we also propose a control system that could automatically detect and mitigate the propagation of malicious mobile programs at the early infection stage. The detection method is based on the observation that a worm always opens as many connections as possible in order to propagate as fast as possible. To develop the detection algorithm, we extend the traditional statistical process control technique by adding a sliding window. We do the experiment to demonstrate the training process and testing process of a control system using both real and simulation data set. The experiment results show that the control system detects the propagation of malicious mobile code with zero false negative rate and less than 6% false positive rate. Moreover, we introduce risk analysis using Sequential Probability Ratio Test (SPRT) to limit the false positive rate. Examples of risk control using SPTR are presented. Furthermore, we analyze the network behavior using the propagation models we developed to evaluate the effect of the control system in a network environment. The theoretical analysis of the model shows that the propagation of malicious program is reduced when hosts in a network applied the control system. To verify the theoretical result, we also develop the experiment to simulate the propagation process in a network. The experiment results match the mathematical results

Do Social Networks Solve Information Problems for Peer-to-Peer Lending?Evidence from Prosper.com

This paper studies peer-to-peer (p2p) lending on the Internet. Prosper.com, the first p2p lending website in the US, matches individual lenders and borrowers for unsecured consumer loans. Using transaction data from June 1, 2006 to July 31, 2008, we examine what information problems exist on Prosper and whether social networks help alleviate the information problems. As we expect, data identifies three information problems on Prosper.com. First, Prosper lenders face extra adverse selection because they observe categories of credit grades rather than the actual credit scores. This selection is partially offset when Prosper posts more detailed credit information on the website. Second, many Prosper lenders have made mistakes in loan selection but they learn vigorously over time. Third, as Stiglitz and Weiss (1981) predict, a higher interest rate can imply lower rate of return because higher interest attracts lower quality borrowers. Micro-finance theories argue that social networks may identify good risks either because friends and colleagues observe the intrinsic type of borrowers ex ante or because the monitoring within social networks provides a stronger incentive to pay off loans ex post. We find evidence both for and against this argument. For example, loans with friend endorsements and friend bids have fewer missed payments and yield significantly higher rates of return than other loans. On the other hand, the estimated returns of group loans are significantly lower than those of non-group loans. That being said, the return gap between group and non-group loans is closing over time. This convergence is partially due to lender learning and partially due to Prosper eliminating group leader rewards which motivated leaders to fund lower quality loans in order to earn the rewards