1. Introduction
With the development of cloud computing and M2M technologies, the threat from worms and their variants is becoming increasingly serious. According to the 2015 Symantec Global Internet Security Threat Report [
1], the year 2014 is a year with far-reaching vulnerabilities, faster attacks, files held for ransom, and far more malicious code than in previous years. Many measures are taken against the propagation of malicious worms, such as anti-virus software, patch, firewall,
etc. However, those measures cannot understand the transmission mechanisms of worms, and cannot predict the spread trends of worms [
2]. Thus, those general defense and detection measures cannot help us to provide more effective measures against malicious worms and their variants.
Mathematical modeling is an important tool in analyzing and controlling the spread of malicious worms. The process of model formulation comprehensively uses assumptions, parameters, and variables. Besides, those models provide us theoretical conclusions, such as basic reproduction rate, feasible region, effective contact rate, and thresholds. Theoretical analysis and numerical simulations are useful tools for testing theoretical results, determining how to change sensitive parameter values, getting key parameters according to known date, and establishing effective control measures. Mathematical models effectively help us understand the mechanisms of worm propagation, predict the spread trends of worm, and develop better approaches for decreasing the transmission of malicious worms.
According to network characteristics, networks can be divided into two kinds: homogeneous and heterogeneous networks. In a homogeneous network, most nodes have similar degrees, and nodes’ degree distribution is very similar; homogeneous networks include regular networks [
3], Erdӧs-Renyi random networks [
4], and small-world networks [
5]. Many epidemic models [
6,
7,
8,
9,
10,
11,
12,
13,
14,
15] have been developed to understand the spreading dynamics based on the fully-connected assumption of the homogeneous network. In those models, whole nodes are divided into different compartments corresponding to different epidemiological states. Nevertheless, this fully-connected assumption is inconsistent with the real world network topology; that is, the assumption that each computer has an equal probability of scanning any other individual in the network is unreasonable. Thus, the homogeneous mixing hypothesis is an overly simplified assumption, and is generally unrealistic. It is not appropriate for modeling epidemic models in heterogeneous networks. Contrary to homogeneous networks, most nodes of heterogeneous network have large fluctuations in degree distribution; heterogeneous networks include scale-free networks [
16], broad-scale networks [
5] and M2M wireless networks. Several models [
17,
18,
19,
20,
21,
22,
23,
24] have been developed to model such complex patterns of interactions in complex network. Of course, the spreading mechanism and dynamics of worm models in different kind networks are different. The M2M (Machine-to-Machine) network is a network that is based on the intelligent interaction among smart devices, and the blending of several heterogeneous networks, such as WAN (Wide Area Network), LAN (Local Area Network) and PAN (Personal Area Network). This decade, M2M communications over wired and wireless links continue to grow, and as such, various applications of M2M have already started to emerge in various sectors such as vehicular, healthcare, smart home technologies, and so on [
25]. In recent years, the damages caused by malicious worms and their variants in M2M wireless networks are becoming increasingly serious, due to the variety of network forms, the openness of information, the mobility of communication applications, the security vulnerability of operating systems, the complexity of network nodes, and so on. Thus, in order to control the large-scale propagation of malicious worms in M2M network, we must consider the heterogeneity of the M2M network into the modeling process.
Although there are approaches to contain the spread of worms, such as antivirus software, intrusion detection system and network firewalls, these approaches can only give an early warning signal about the presence of a worm so that defensive measures can be taken. Currently, worm–anti-worm strategy is one of the most effective ways to restrain the propagation of malicious worms. Benign worms are beneficial worms that can dynamically proactive defend against malicious worm propagation and patch for the susceptible hosts. Even though users lack cybersecurity awareness or make poor security measures, benign worms can also maintain network security. That is why, in this paper, we first consider using benign worms to counter the malicious worms in heterogeneous M2M network.
Many epidemic models [
26,
27,
28,
29,
30] have studied the spreading dynamics between benign worms and malicious worms in homogeneous networks in recent years, and proved the effectiveness of the worm–anti-worm strategy on decreasing the transmission of malicious worms. However, to our knowledge, there are no epidemic models to consider the worm–anti-worm strategy in a heterogeneous network. Motivated by this, in this paper, we first propose a novel dynamical model to study the dynamics of interactive infection between malicious worms and benign worms in heterogeneous M2M networks. Furthermore, we compare our model to two other worm propagation models that are based on different immunization schemes in heterogeneous M2M networks. Through theory analysis, we find that the dynamics of those models are completely determined by a threshold value, which is the model’s basic reproductive number. Besides, in the absence of birth, death and users’ treatment, we obtain the final size formula of malicious worms based on comprehensive immunization scheme. Numerical simulations support our results. We believe that the results can help restrain the spread of malicious worms.
The rest of the paper is organized as follows.
Section 2 describes some related works of worm propagation models. We formulate the models in
Section 3. In
Section 4, we obtain the basic reproductive number and prove the local and global stability of the worm-free equilibrium.
Section 5 determines the final size formula. In
Section 6, a series of numerical experiments are given to verify the theoretical results. Finally, conclusions are given in
Section 7.
3. The Model
In order to study the influences of the M2M network heterogeneity on worm spreading, in our models, a group is used to represent the topological structure of the M2M network, where is the set of all nodes and is the set of all edges. In this group, a node corresponds to a computer, and an edge represents the potential communication between two nodes. The number of edges emanating from a node is called as the degree of a node. We assume that the total computers can be broken into a number of homogeneous sub-compartments, i.e., all nodes in the same sub-compartment are dynamically equivalent, without any difference. We classify the nodes into compartments based on the number of node degree, i.e., nodes in the same sub-compartment have the same number of node degrees. Our model is based on a system of ordinary differential equations describing the evolution of the number of individuals in each compartment.
Based on the above assumptions, we classify the total nodes into Δ different groups, where is the total number of nodes that have -degree, and Δ is the maximum node degree of total nodes. is the nodes size of the whole network. In order to reflect the heterogeneous nature of an M2M network, we consider nodes degree distribution , i.e., , which is the probability that a node degree chosen randomly is -degree.
According to our different purposes, the infection rates of nodes can be classified into the following compartments: susceptible nodes
, malicious infectious nodes
, benign infectious nodes
and recovered nodes
. The corresponding notations are as following:
, are, respectively, the relative densities of
-nodes,
-nodes,
-nodes, and
-nodes with
-degree at time
. Some frequently used notations of this paper are listed in
Table 1.
Table 1.
Notations of this paper.
Δ | The maximum node degree of total nodes |
| The relative density of -nodes with -degree at time S-nodes with k-degree at time t |
| The relative density of I-nodes with k-degree at time t |
| The relative density of B-nodes with k-degree at time t |
| The relative density of V-nodes with k-degree at time t |
| The total number of nodes with k-degree |
| The nodes size of the whole network |
| The effective infection rate of the malicious worms |
| The effective infection rate of the benign worms |
| The effective repair rate of the benign worms wipe off the malicious worms |
| The recovery rate of S-nodes become V-nodes due to the treatment effect |
| The recovery rate of I-nodes become V-nodes due to the treatment effect |
| The self-destruction rate of the benign worms in the B-nodes |
| The birth or death rate of a node |
| The probability that a randomly chosen link points to a I-node |
| The probability that a randomly chosen link points to a B-node |
| The probability that a node chosen randomly with k-degree |
6. Simulations
In the real world, the degree distribution of network usually obeys a power-law distribution. We choose , , and , then we get and . We use MATLAB simulation tool to verify our theoretical analysis.
Example 1. Consider System (1) with
, then
.
Figure 3a exhibits the time plot of System (1). It shows that the malicious worms will gradually disappear. When
and the other parameters remain the same,
.
Figure 3b shows that the malicious worms are prevalent in the network and all states reach their equilibrium points. This example proves Theorem 1. Furthermore, considering System (1) with the same parameters as
Figure 3b,
Figure 3c exhibits the time plot of different node degrees of malicious infectious nodes. It shows that a higher node degree host is more susceptible to be infected than a lower node degree host.
Figure 3.
(a) Globally asymptotically stable of worm-free equilibrium of System (1) when . (b) Malicious worms of System (1) are prevalent when . (c) The time plot of different node degrees of malicious infectious nodes.
Example 2: Consider System (3) with
,
Figure 4 shows that
is a function of
and
. It illustrates that
is a decreasing function of
but an increasing function of
, which means, if
is large or
is small, more nodes will be immune.
Figure 4.
is a function of and .
Example 3: Consider System (2) with
, we can obtain
.
Figure 5a exhibits the time plot of this system. It shows that the malicious worms will gradually disappear. When
and other parameters remain the same,
.
Figure 5b shows that the malicious worms are prevalent in the network and all states reach their equilibrium points. This example proves Theorem 2.
Figure 5.
(a) Globally asymptotically stable of worm-free equilibrium of System (2) when . (b) Malicious worms of System (2) are prevalent when .
Example 4: Letting
,
Figure 6 shows the time plot of the average densities of malicious infected nodes for different immunization tactics: no immunization, targeted immunization (with
), and benign worms immunization (with the average infection rate of benign worm is
). On purpose, we set the average immunization rates for targeted immunization and benign worms immunization, which are, respectively, 0.087, and then we can make comparison analyses.
Figure 6 indicates that, compared to targeted immunization, benign worms immunization has the absolute predominance to control the spread of malicious worms, even though the average infection rate of benign worms is small.
Figure 6.
The average densities of malicious infected nodes for different immunization tactics.
Acknowledgments
This work was supported by National Natural Science Foundation of China (Grant NO. 61202450, NO. U1405255), and the development project of Fujian provincial strategic emerging industries technologies: Key technologies in development of next generation Integrated High Performance Gateway, Fujian Development, and Reform Commission High-Technical (2013) 266, Fuzhou Science and Technology Bureau (No. 2013-G-84), and Fujian Normal University Innovative Research Team (IRTL1207).
Author Contributions
The research scheme was mainly designed by Jinhua Ma, Zhide Chen, Jianghua Liu. Rongjun Zheng performed the research and analyzed the data. The paper was mainly written by Jinhua Ma. All authors have read and approved the final manuscript.
Conflicts of Interest
The authors declare no conflict of interest.
References
- 2015 Symantec Global Internet Security Threat Report. Available online: http://www.symantec.com/security_response (accessed on 9 October 2015).
- Yang, L. Towards the Epidemiological Modeling of Computer Viruses. Discrete Dyn. Nat. Soc. 2012, 245, 348–349. [Google Scholar] [CrossRef]
- Latifi, S.; Srimani, P.K. A new fixed degree regular network for parallel processing. In Proceedings of the Eighth IEEE Symposium on Parallel and Distributed Processing, New Orleans, LA, USA, 23–26 October 1996; pp. 152–159.
- Erdos, P.; Rényi, A. BRandom graphs. Math. Inst. Hung. Acad. Sci. 1960, 5, 17–61. [Google Scholar]
- Amaral, L.A.N.; Scala, A.; Barthelemy, M.; Stanley, H.E. Classes of small-world networks. Proc. Natl. Acad. Sci. (USA) 2000, 97, 11149–11152. [Google Scholar] [CrossRef] [PubMed]
- Anderson, R.M.; May, R.M. Infectious diseases of humans: Dynamics and control. Infect. Dis. Hum. Dyn. Control 1991, 108, 174–175. [Google Scholar]
- Capasso, V.; Serio, G. A generalization of the Kermack-McKendrick deterministic epidemic model. Math. Biosci. 1978, 42, 43–61. [Google Scholar] [CrossRef]
- Zou, C.; Gong, W.; Towsley, D. Code red worm propagation modeling and analysis. In Proceedings of the 9th ACM Conference on Computer and Communications Security, Washington, DC, USA, 17–21 November 2002; pp. 138–147.
- Zou, C.; Gong, W.; Towsley, D. Worm propagation modeling and analysis under dynamic quarantine defense. Workshop Rapid Malcode 2003, 23, 51–60. [Google Scholar]
- Chen, Z.; Gao, L.; Kwiat, K. Modeling the spread of active worms. In Proceedings of the Twenty-Second Annual Joint Conference of the IEEE Computer and Communications (INFOCOM 2003), San Francisco, CA, USA, 30 March–3 April 2003; pp. 1890–1900.
- Mishra, B.K.; Saini, D.K. SEIRS epidemic model with delay for transmission of malicious objects in computer network. Appl. Math. Comput. 2007, 188, 1476–1482. [Google Scholar] [CrossRef]
- Toutonji, O.A.; Yoo, S.M.; Park, M. Stability analysis of VEISV propagation modeling for network worm attack. Appl. Math. Model. 2012, 36, 2751–2761. [Google Scholar] [CrossRef]
- Zhu, Q.; Yang, X.; Yang, L.; Zhang, C. Optimal control of computer virus under a delayed model. Appl. Math. Comput. 2012, 218, 11613–11619. [Google Scholar] [CrossRef]
- Zhu, Q.; Yang, X.; Yang, L.; Zhang, X. A mixing propagation model of computer viruses and countermeasures. Nonlinear Dyn. 2013, 73, 1433–1441. [Google Scholar] [CrossRef]
- Yang, L.; Yang, X.; Zhu, Q.; Wen, L. A computer virus model with graded cure rates. Nonlinear Anal. Real World Appl. 2013, 14, 414–422. [Google Scholar] [CrossRef]
- Hein, D.I.O.; Schwind, D.W.I.M.; König, W. Scale-free networks. Wirtschaftsinformatik 2006, 48, 267–275. [Google Scholar] [CrossRef]
- Liu, J.; Zhang, T. Epidemic spreading of an SEIRS model in scale-free networks. Commun. Nonlinear Sci. Numer. Simul. 2011, 16, 3375–3384. [Google Scholar] [CrossRef]
- Wang, L.; Dai, G. Global Stability of Virus Spreading in Complex Heterogeneous Networks. Siam J. Appl. Math. 2008, 68, 1495–1502. [Google Scholar] [CrossRef]
- Yang, M.; Chen, G.; Fu, X. A modified SIS model with an infective medium on complex networks and its global stability. Physica A 2011, 390, 2408–2413. [Google Scholar] [CrossRef]
- Zhang, H.; Fu, X. Spreading of epidemics on scale-free networks with nonlinear infectivity. Nonlinear Anal. 2009, 70, 3273–3278. [Google Scholar] [CrossRef]
- Olinky, R.; Stone, L. Unexpected epidemic thresholds in heterogeneous networks: The role of disease transmission. Phys. Rev. E 2004, 70, 193–204. [Google Scholar] [CrossRef]
- Li, C.-H.; Tsai, C.-C.; Yang, S.-Y. Analysis of epidemic spreading of an SIRS model in complex heterogeneous networks. Commun. Nonlinear Sci. Numer. Simul. 2014, 19, 1042–1054. [Google Scholar] [CrossRef]
- Small, M. Staged progression model for epidemic spread on homogeneous and heterogeneous networks. J. Syst. Sci. Complex. 2011, 24, 619–630. [Google Scholar]
- Gan, C.; Yang, X.; Liu, W.; Zhu, Q.; Jin, J.; He, L. Propagation of computer virus both across the Internet and external computers: A complex-network approach. Commun. Nonlinear Sci. Numer. Simul. 2014, 19, 2785–2792. [Google Scholar] [CrossRef]
- Fadlullah, Z.M.; Fouda, M.M.; Kato, N.; Takeuchi, A.; Iwasaki, N.; Nozaki, Y. Toward intelligent machine-to-machine communications in smart grid. IEEE Commun. Mag. 2011, 49, 60–65. [Google Scholar] [CrossRef]
- Zhou, H.; Wen, Y.; Zhao, H. Modeling and analysis of active benign worms and hybrid benign worms containing the spread of worms. In Proceedings of the Sixth IEEE International Conference on Networking (ICN '07), Saint Luce, Martinique, 22–28 April 2007; p. 65.
- Ma, J.; Chen, Z.; Wu, W.; Zheng, R.; Liu, J. Influences of Removable Devices on the Anti-Threat Model: Dynamic Analysis and Control Strategies. Information 2015, 6, 536–549. [Google Scholar] [CrossRef]
- Wang, F.; Yang, Y.; Zhang, Y.; Ma, J. Stability analysis of the interaction between malicious and benign worms. In Future Computer and Information Technology; Zheng, D., Zhang, L., Eds.; WIT Press: Southampton, UK, 2013; pp. 217–225. [Google Scholar]
- Zheng, X.; Li, T.; Fang, Y. Strategy of fast and light-load cloud-based proactive benign worm countermeasure technology to contain worm propagation. J. Supercomput. 2012, 62, 1451–1479. [Google Scholar] [CrossRef]
- Fan, X.; Xiang, Y. Modeling the Propagation Process of Topology-Aware Worms: An Innovative Logic Matrix Formulation. In Proceedings of the Sixth IFIP International Conference on Network and Parallel Computing (NPC '09), Gold Coast, Australia, 19–21 October 2009; pp. 182–189.
- Wang, Y.; Wen, S.; Cesare, S.; Zhou, W.; Xiang, Y. The Microcosmic Model of Worm Propagation. Comput. J. 2011, 54, 1700–1720. [Google Scholar] [CrossRef]
- Fan, X.; Xiang, Y. Modeling the propagation of Peer-to-Peer worms. Future Gener. Comput. Syst. 2010, 26, 1433–1443. [Google Scholar] [CrossRef]
- Fan, X.; Xiang, Y. Modeling the propagation of Peer-to-Peer worms under quarantine. In Proceedings of the 2010 IEEE Network Operations and Management Symposium (NOMS), Osaka, Japan, 19–23 April 2010; pp. 942–945.
- Fan, X.; Xiang, Y. Propagation Modeling of Peer-to-Peer Worms. In Proceedings of the IEEE 24th International Conference on Advanced Information Networking and Applications (AINA), Perth, Australia, 20–23 April 2010; pp. 1128–1135.
- Wang, Y.; Wen, S.; Xiang, Y. Modeling worms propagation on probability. In Proceedings of the IEEE 5th International Conference on Network and System Security (NSS), Milan, Italy, 6–8 September 2011; pp. 49–56.
- Faloutsos, M.; Faloutsos, P.; Faloutsos, C. On power-law relationships of the Internet topology. Acm Sigcomm Comput. Commun. Rev. 1999, 29, 251–262. [Google Scholar] [CrossRef]
- Jin, Z.; Zhang, J.; Song, L.; Sun, G.; Kan, J.; Zhu, H. Modelling and analysis of influenza A (H1N1) on networks. BMC Public Health 2011, 11. [Google Scholar] [CrossRef]
- Diekmann, O.; Heesterbeek, J.A.; Ja, M. On the definition and the computation of the basic reproduction ratio R0 in models for infectious diseases in heterogeneous populations. J. Math. Biol. 1990, 28, 365–382. [Google Scholar] [CrossRef] [PubMed]
- Heffernan, J.M.; Smith, R.J.; Wahl, L.M. Perspectives on the basic reproductive ratio. J. R. Soc. Interface 2005, 2, 281–293. [Google Scholar] [CrossRef] [PubMed]
- Lasalle, J.P. The Stability of Dynamical Systems. Reg. Conf. 1976, 40, 1096–1105. [Google Scholar]
© 2015 by the authors; licensee MDPI, Basel, Switzerland. This article is an open access article distributed under the terms and conditions of the Creative Commons Attribution license (http://creativecommons.org/licenses/by/4.0/).