Gen. Math. Notes, Vol. 1, No. 1, November 2010, pp. xx-xx

ISSN 2219-7184; Copyright c

ICSRS Publication, 2010

www.i-csrs.org

Available free online at http://www.geman.in

Modeling the Propagation of Computer Worms and Viruses in computer Networks

Stephen Edward

College of Natural and Mathematical Sciences, School of Mathematical Sciences,Department of Mathematics ,University of Dodoma (UDOM), P.O.Box 259, Dodoma, Tanzania

Email:[email protected]

Abstract

In this paper, we develop a deterministic compartmental mathematical model

that addresses the the propagation of computer virus and worms in a net-

work,control measures such as disconnection from the network and applica-

tion of strong anti-virus were explored to see the impact of virus and worms

propagation under these means.The eective reproduction was computed which

captured the said interventions. Numerical simulation revealed that when each

of the intervention was amplied it had an eect of clearing away both virus

and worms in the network. Lastly,Sensitivity analysis was carried out to deter-

mine eective intervention targets.The sensitivity of the model shows that the

susceptible computers in the network are aected majorly by the rate at which

external computers are connected to the network and the recovery rate of the

susceptible computer due to the anti-virus ability of the network.

Keywords: virus, worms,anti-virus, reproduction number,propagation,network.

2000 MSC No: Use appropriate MSC Nos.

1 Introduction

Computer viruses and network worms are dened as malicious codes that can

replicate themselves and spread among computers 1. The spread of com-

puter viruses still causes enormous nancial losses that large organizations

suer for computer security problems 2. The most devastating computer

virus to date is “My Doom”, which caused over 38 billion US dollar in dam-

ages 3. So, individuals and organizations are troubled by computer viruses

2

Stephen Edward

4. Throughout the past two decades, computer viruses were inherently lim-

ited by the fact that human mediation was required for them to propagate 5.

But, in modern life, human intervention plays a signicant role in preventing

the breakout of computer viruses 6. Myriad of dierent computer viruses

have been made and developed by human programmers to damage the com-

puter systems, erasing data or stealing information. Such viruses may attack

computers through many ways like downloading les via internet, running an

infected program, opening infected e-mail attachments, and using infected USB

devices 7. Mathematical modeling of the spread process of computer virus

is an eective approach to understand the behavior of computer viruses and

how to prevent infection 8. It helps decision makers to put their strategies

to control the spread of computer viruses.

Computer viruses possess a ma jor threat both for standalone and net-

worked computers as they can replicate themselves and spread among com-

puters in the form of malicious programs. Destruction of data by the viruses

cause serious problem for individual user and may cause disastrous situation

for institutional user, even sometimes destroy the whole computer system 1.

Despite the signicant development of anti-virus as a ma jor means of defend-

ing against viruses, the computer viruses are still very much a cause of concern

in computer network. As a promising alternative of anti-virus technique, the

epidemic dynamics of computer viruses aims to understand the way how the

computer viruses can spread across network and to work out global policies of

inhibiting their prevalence. Analogous behavior of computer viruses and their

biological counterparts inspired many researchers to study this new led com-

puter viruses study. Cohen 2 and Murray 3 evidently suggested exploiting

the compartment modeling techniques developed in the epidemic dynamics of

biologically infectious disease to study the spread of computer viruses.

A computer virus is a segment of program code that will copy its code into

one or more larger host programs when it is activated. A worm is a program

that can run independently and travel from machine to machine across network

connections (Spaord, 1990).

As a technical term coined by Cohen, a computer virus is a malicious pro-

gram that can replicate itself and spread from computer to computer. Once

breaking out, a virus can perform devastating operations such as modifying

data, deleting data, deleting les, encrypting les, and formatting disks 1.

In the past, massive outbreaks of computer viruses have brought about huge

nancial losses. With the advent of the era of cloud computing and the Inter-

net of Things, the threat from viruses would become increasingly serious, even

leading to a havoc 2. As we all know, antivirus software is the ma jor means

of defending against viruses. With the continual emergence of new variants

of existing viruses as well as new types of virus strains, the struggle waged

by human being against viruses is doomed to be endless, arduous, and devi-

Title First Line

3

ous; indeed, the development of new types of antivirus software always lags

behind the emergence of new types of viruses. As thus, antivirus technique

cannot predict the evolution trend of viruses and, hence, cannot provide global

suggestions for their prevention and control.

Computer virus is a malicious mobile code which including virus, Tro jan

horses, worm, and logic bomb. It is a program that can copy itself and attack

other computers. And they are residing by erasing data, damaging les, or

modifying the normal operation. Due to the high similarity between computer

virus and biological virus 1, various computer virus propagation models are

proposed 24. This dynamical modeling of the spread process of computer

virus is an eective approach to the understanding of the behavior of computer

viruses because on this basis, some eective measures can be posed to prevent

infection.

The computer virus has a latent period, during which individuals are ex-

posed to a computer virus but are not yet infectious. An infected computer

which is in latency, called exposed computer, will not infect other computers

immediately; however, it still can be infected. Based on these characteristics,

delay is used in some models of computer virus to describe that although the

exposed computer does not infect other computers, it still has infectivity 5,

6. Yang et al. 7, 8 proposed an SLB and SLBS models; in these models, the

authors considered that the computer virus has latency, and the computer also

has infectivity in the period of latency. However, they do not show the length

of latency and take into account the impact of articial immunization ways

such as installing antivirus software. And the newly entered in the internet

from the susceptible status to exposed status, the contact rate is the same as

that of susceptible status entering into infected status.

In this paper, a novel model of computer virus, known as SEIR model, is

put forward to describe the susceptible computer which can be infected by

the other infected or exposed computer and come into the exposed status.

In the SEIR model, based on articial immunity, we consider the bilinear

incidence rate for the latent and infection status. Assume that the computers

which newly entered the internet are susceptible, the computers correspond

with exposed computers, and their adequate contact rate is denoted by ?? 1,

and computers also correspond with infected computers, and their adequate

contact rate is denoted by ?? 2. So, the fraction of the computer which

newly entered the internet will enter the class ?? by anti-virus software; the

fraction of computers contact with exposed and infected computer will stay

latent before becoming infectious and enter the class ??. It is shown that the

dynamic behavior of the proposed model is determined by a threshold ?? 0,

and this

The idea of computer virus came into being around 1980 and has con-

tinued threatening the society. During these early stages, the threat of this

4

Stephen Edward

virus was minimal 1. Modern civilized societies are being automated with

computer applications making life easy in the areas such as education, health,

transportation, agriculture and many more. Following recent development in

complex computer systems, the trend has shifted to sophisticate dynamic of

computer virus which is dicult to deal with. In 2001, for example, the cost

associated with computer virus was estimated to be 10.7 United State dollars

for only the rst quarter 1. Consequently, a comprehensive understanding

of computer virus dynamics has become inevitable to researchers considering

the role played by this wonderful device. To ensure the safety and reliability

of computers, this virus burden can be tackled in twofold: microscopic and

macroscopic 2?6. The microscopic level has been investigated by 3, who

developed anti-virus program that removes virus from the computer system

when detected. The program is capable of upgrading itself to ensure that new

virus can be dealt with when attacks computer. The characteristics of this

program are similar to that of vaccination against a disease. They are not able

to guarantee safety in computer network system and also dicult to make good

future predictions. The macroscopic aspect of computer has seen tremendous

attention in the area of modeling the spread of this virus and determining the

long-term behavior of the virus in the network system since 1980 4. The

concept of epidemiological modeling of disease has been applied in the study

of the spread of computer virus in macroscopic scale 6?8. At any time, a computer is classied as internal and external depending

on weather it is connected to internet or not. At that time, all of the internet

computers are further categorized into four classes: (1) susceptible computers,

that is, uninfected computers and new computers which connected to network;

(2) exposed computers, that is, infected but not yet broken-out; (3) infectious

computers; (4) recovered computers, that is, virus-free computer having immu-

nity. Let ??(??), ??(??), ??(??), ??(??) denote their corresponding numbers at

time ??, without ambiguity; ??(??), ??(??), ??(??), ??(??) will be abbreviated

as ??, ??, ??, ??, respectively. The model is formulated as the following system

of dierential equations: We may see that the rst three equations in (1) are

independent of the fourth equation, and therefore, the fourth equation can be

omitted without loss of generality. Hence, system (1) can be rewritten as

2 Model Formulation

The propagation of computer worms and viruses in a network under study is

modeled using four compartments based on the status, that is: Susceptible,

Exposed,Infectious and Recovered. At time t, the total population size ( N)

is divided into: Susceptible (S), Exposed ( E), Infected ( I) and Recovered

( R ) such that: N=S+ E +I+ R as: The per capita recruitment rate

into the susceptible population is denoted . We assume that the infected

Title First Line

5

immigrants are included because they are not able to travel. New infection can

be due to eective contact with either a carriers or a symptomatically infected

individual, where the force of infection of susceptibles is denoted by . A newly

infected individual joins carrier class with a probability of f or symptomatically

infected class with a probability of 1 f. Carriers can change their status to

show symptoms (infected) 16 at the rate . Infected individuals recover at

the rate

1.

At any time, a computer is classied as internal and external depending

on weather it is connected to internet or not. At that time, all of the internet

computers are further categorized into four classes: (1) susceptible computers,

that is, uninfected computers and new computers which connected to network;

(2) exposed computers, that is, infected but not yet broken-out; (3) infectious

computers; (4) recovered computers, that is, virus-free computer having immu-

nity. Let ??(??), ??(??), ??(??), ??(??) denote their corresponding numbers at

time ??, without ambiguity; ??(??), ??(??), ??(??), ??(??) will be abbreviated

as ??, ??, ??, ??, respectively. The model is formulated as the following system

of dierential equations:

Model equations

dS dt

=

N +!R ( + +

1I

1 +

2I

2 +

3E

)S (1)

dE dt

= (

1I

1 +

2I

2 +

3E

)S ( +

1 +

2 +

3)

E (2)

dI 1 dt

=

1E

( +

1)

I

1 (3)

dI 2 dt

=

2E

( +

2)

I

2 (4)

dR dt

=

1I

1 +

2I

2 +

3E

+S !R (5)

where Ndenotes the rate at which external computers are connected to

the network; denotes the recovery rates of susceptible computer due to the

anti-virus ability of network; ;

1 denotes the recovery rates of virus infected

computer due to the anti-virus ability of network;

2 denotes the recovery

rates of worm infected computer due to the anti-virus ability of network;

3

denotes the recovery rate of exposed computer due to the anti-virus ability

of network; denotes the rate at which, when having a connection to one

infected computer, one susceptible computer can become exposed but has

not broken-out; ? denotes the rate of which, when having connection to

one exposed computer, one susceptible computer can become exposed; ??

denotes the rate of the exposed computers cannot be cured by anti-virus

software and broken-out; ?? denotes the recovery rate of infected comput-

ers that are cured; denotes the rate at which one computer is removed

6

Stephen Edward

from the network. All the parameters are nonnegative. Moreover, all feasi-

ble solutions of the system (3) are bounded and enter the region D, where

D = ( S; E ; I

1; I

2; R

)2 R5

+ :

S > 0; E > 0; I

1>

0; I

2>

0; R > 0; N (t)

0 . From the equilibrium equations we can show that E

exists with:

8

Stephen Edward

S

= ab k

((1 f)a + f( + b ))

For E

to exist in the feasible region D, the necessary and sucient condition

is that:

0 S

(

+ !

1

)

( +!

1) or equivalently,

(+ !

1

) S

( +!

1))

1

Dene R

e= k

(+ !

1

)((1 f)a + f( + b ))

( + + !

1)

ab

Then R

eis a threshold parameter that determines the number of equilibria.

We will show in Section (3.2) that R

eis the basic reproduction number.

Proposition . IfR

e

1then E

0is the only equilibrium in system (1-5);

if R

e

1, then there are two equilibria, disease free equilibrium, E

0 and a

unique endemic equilibrium, E

.

3.1 The Basic Reproduction Number, R

0

The basic reproduction number denoted by R

0 is the average number of sec-

ondary infections caused by an infectious individual during his or her entire

period of infectiousness Diekmann et al ?.The basic reproduction number is

an important non-dimensional quantity in epidemiology as it sets the threshold

in the study of a disease both for predicting its outbreak and for evaluating its

control strategies. Thus, whether a disease becomes persistent or dies out in

a community depends on the value of the reproduction number, R

0. Further-

more, stability of equilibria can be analyzed using R

0. If

R

0<

1 it means that

every infectious individual will cause less than one secondary infection and

hence the disease will die out and when R

0

1.The disease free equilibrium point also exists and

is locally asymptotically stable when this disease threshold is less than unity

and unstable otherwise. Our ndings suggest that, it is benecial to minimize

contact with pneumonia patients, avoid touching dead body, encourage hos-

pitalization of Ebola patients, safe burial practices, more training should be

given to medical sta to specially handle pneumonia virus disease and maxi-

mizing pneumonia awareness programs to the population at large. The study

furthermore, recommends that there should be more international co-operation

to prevent cross-border transmission of the disease. As has been studied by

29,30 , it must be pointed out that even though therapeutic treatment of

both aware and unaware EBV patients is imperative to halt the transmission

of this epidemic, however this strategy alone would have been insucient to

stop this epidemic from spreading through a population. This calls for a need

of a combination of several control strategies if we are at all to eradicate this

epidemic. We acknowledge the fact that this work may have shortfalls as fol-

lows. The model could be improved by incorporating the role of environment

and bush meat in the transmission dynamics of EBV. Sensitivity analysis was

not carried out in this work and no optimal control and cost eectiveness of the

control measures were considered in this model which could perhaps yield more

appealing results. However our great attempt in this work has laid a strong

cornerstone to ll these gaps because it has improved our understanding of

pneumonia Transmission dynamics. ACKNOWLEDGEMENTS. This is a text of acknowledgements.

References

My Collection