Shouhuai Xu
Abstract
Theoretical modeling of computer virus/worm epidemic dynamics is an important problem that has attracted many studies. However, most existing models are adapted from biological epidemic ones. Although biological epidemic models can certainly be adapted to capture some computer virus spreading scenarios (especially when the so-called homogeneity assumption holds), the problem of computer virus spreading is not well understood because it has many important perspectives that are not necessarily accommodated in the biological epidemic models. In this article, we initiate the study of such a perspective, namely that of adaptive defense against epidemic spreading in arbitrary networks. More specifically, we investigate a nonhomogeneous Susceptible-Infectious-Susceptible (SIS) model where the model parameters may vary with respect to time. In particular, we focus on two scenarios we call semi-adaptive defense and fully adaptive defense, which accommodate implicit and explicit dependency relationships between the model parameters, respectively. In the semi-adaptive defense scenario, the model’s input parameters are given; the defense is semi-adaptive because the adjustment is implicitly dependent upon the outcome of virus spreading. For this scenario, we present a set of sufficient conditions (some are more general or succinct than others) under which the virus spreading will die out; such sufficient conditions are also known as epidemic thresholds in the literature. In the fully adaptive defense scenario, some input parameters are not known (i.e., the aforementioned sufficient conditions are not applicable) but the defender can observe the outcome of virus spreading. For this scenario, we present adaptive control strategies under which the virus spreading will die out or will be contained to a desired level.
- Anderson, R. and May, R. 1991. Infectious Diseases of Humans. Oxford University Press.Google Scholar
- Arnold, L. 1998. Random Dynamical Systems. Springer-Verlag.Google Scholar
- Bailey, N. 1975. The Mathematical Theory of Infectious Diseases and Its Applications. 2nd Ed. Griffin, London.Google Scholar
- Berman, A. and Shaked-Monderer, N. 2003. Completely Positive Matrices. World Scientific Publishing.Google Scholar
- Bhargava, B., Dilley, J., and Riedl, J. 1986. Raid: A robust and adaptable distributed system. In Proceedings of the ACM SIGOPS European Workshop. Google ScholarDigital Library
- Chakrabarti, D., Wang, Y., Wang, C., Leskovec, J., and Faloutsos, C. 2008. Epidemic thresholds in real networks. ACM Trans. Inf. Syst. Secur. 10, 4, 1--26. Google ScholarDigital Library
- Ganesh, A., Massoulie, L., and Towsley, D. 2005. The effect of network topology on the spread of epidemics. In Proceedings of IEEE Infocom’05.Google Scholar
- Hethcote, H. 2000. The mathematics of infectious diseases. SIAM Rev. 42, 4, 599--653. Google ScholarDigital Library
- Kephart, J. and White, S. 1991. Directed-graph epidemiological models of computer viruses. In Proceedings of the IEEE Symposium on Security and Privacy. 343--361.Google Scholar
- Kephart, J. and White, S. 1993. Measuring and modeling computer virus prevalence. In Proceedings of the IEEE Symposium on Security and Privacy. 2--15. Google ScholarDigital Library
- Kermack, W. and McKendrick, A. 1927. A contribution to the mathematical theory of epidemics. Proc. Roy. Soc. Lond. A 115, 700--721.Google ScholarCross Ref
- LaSalle, J. 1960. Some extensions of liapunov’s second method. IRE Trans. Circuit Theory 7, 520--527.Google ScholarCross Ref
- McKendrick, A. 1926. Applications of mathematics to medical problems. Proc. Edin. Math. Soc. 14, 98--130.Google Scholar
- Oseledec, V. 1968. A multiplicative ergodic theorem. characteristic ljapunov, exponents of dynamical systems. Trans. Moscow Math. Soc. 19, 197--231. (English Translation).Google Scholar
- Pesin, Y. B. 1977. Characteristic lyapunov exponents and smooth ergodic theory. Russ. Math. Surv. 32, 55--114.Google ScholarCross Ref
- Wang, Y., Chakrabarti, D., Wang, C., and Faloutsos, C. 2003. Epidemic spreading in real networks: An eigenvalue viewpoint. In Proceedings of the 22nd IEEE Symposium on Reliable Distributed Systems (SRDS’03). 25--34.Google Scholar
- Zou, C., Duffield, N., Towsley, D., and Gong, W. 2005. Adaptive defense against various network attacks. In Proceedings of the Workshop on Steps to Reducing Unwanted Traffic on the Internet (SRUTI’05). 69--75. Google ScholarDigital Library
Index Terms
- Adaptive Epidemic Dynamics in Networks: Thresholds and Control
Recommendations
Push- and pull-based epidemic spreading in networks: Thresholds and deeper insights
Understanding the dynamics of computer virus (malware, worm) in cyberspace is an important problem that has attracted a fair amount of attention. Early investigations for this purpose adapted biological epidemic models, and thus inherited the so-called ...
Epidemic thresholds in real networks
How will a virus propagate in a real network? How long does it take to disinfect a network given particular values of infection rate and virus death rate? What is the single best node to immunize? Answering these questions is essential for devising ...
A Stochastic Model of Multivirus Dynamics
Understanding the spreading dynamics of computer viruses (worms, attacks) is an important research problem, and has received much attention from the communities of both computer security and statistical physics. However, previous studies have mainly ...
Reviews
Soon Ae Chun
The use of biological models (for example, epidemic models) to study the spreading of network-related computer viruses is not new. However, most of these biological models assume the homogeneity of nodes in a network, that is, all nodes are equally powerful in infecting other nodes. They also lack the theoretical treatment of the dynamic nature of the networks, that is, the interplay of attack and defense over time. The authors propose a theoretical model, called the susceptible-infectious-susceptible (SIS) model, to explain the dynamic behavior of adaptive defenses. The parameters in the model change over time, capturing the dynamic evolution of attacks and defenses on a timeline. These parameters include the adjacency matrix for a network ( A ), the probability of cure capability (?( t )), the probability of infection capability (?( t )), the probability of a node being susceptible to a virus attack ( s ( t )), the probability of a node infection ( i ( t )), and the largest eigenvalue of the adjacency matrix A (?). The semi-adaptive defense scenario and the fully adaptive defense scenario are considered. The theory's validity is shown using simulation studies. For the semi-adaptive defense, the sufficient conditions (ratios of ? and ?) under which the virus spreading will (or will not) die out are shown. In addition, the larger the ? value is, the more effective the defense is against the virus spreading. The degree of infection depends on the ratio of ergodic stochastic processes ?(?(0))/?(?(0)) in cases that the spreading does not die out. The paper also shows that a fully adaptive system can adjust its defense strategy levels without knowing the infection capabilities (?( t )) to control the rate of a virus dying out. The theoretical model for the semi-adaptive and adaptive defense systems with non-homogeneity assumption is mathematically proven, and the findings seem significant. But the paper falls short of applying the significance of the results to real network security management. Some illustrative examples, and more explanations of how to model a real network and how to determine and measure the parameters (for example, probability of node infection and defense controls) in the real network, would enhance the reader's appreciation of the issues and results. This would point out the remaining challenges in transferring the theoretical results from an experimental setting to a practical setting. Online Computing Reviews Service
Access critical reviews of Computing literature here
Become a reviewer for Computing Reviews.
Comments