Gen. Math. Notes, Vol. 1, No. 1, November 2010, pp. xx-xx
ISSN 2219-7184; Copyright c

ICSRS Publication, 2010
www.i-csrs.org
Available free online at http://www.geman.in
Modeling the Propagation of Computer Worms and Viruses in computer Networks
Stephen Edward
College of Natural and Mathematical Sciences, School of Mathematical Sciences,Department of Mathematics ,University of Dodoma (UDOM), P.O.Box 259, Dodoma, Tanzania
Email:[email protected]
Abstract
In this paper, we develop a deterministic compartmental mathematical model
that addresses the the propagation of computer virus and worms in a net-
work,control measures such as disconnection from the network and applica-
tion of strong anti-virus were explored to see the impact of virus and worms
propagation under these means.The eective reproduction was computed which
captured the said interventions. Numerical simulation revealed that when each
of the intervention was amplied it had an eect of clearing away both virus
and worms in the network. Lastly,Sensitivity analysis was carried out to deter-
mine eective intervention targets.The sensitivity of the model shows that the
susceptible computers in the network are aected majorly by the rate at which
external computers are connected to the network and the recovery rate of the
susceptible computer due to the anti-virus ability of the network.
Keywords: virus, worms,anti-virus, reproduction number,propagation,network.
2000 MSC No: Use appropriate MSC Nos.
1 Introduction
Computer viruses and network worms are dened as malicious codes that can
replicate themselves and spread among computers 1. The spread of com-
puter viruses still causes enormous nancial losses that large organizations
suer for computer security problems 2. The most devastating computer
virus to date is “My Doom”, which caused over 38 billion US dollar in dam-
ages 3. So, individuals and organizations are troubled by computer viruses

We Will Write a Custom Essay Specifically
For You For Only $13.90/page!


order now

2
Stephen Edward
4. Throughout the past two decades, computer viruses were inherently lim-
ited by the fact that human mediation was required for them to propagate 5.
But, in modern life, human intervention plays a signicant role in preventing
the breakout of computer viruses 6. Myriad of dierent computer viruses
have been made and developed by human programmers to damage the com-
puter systems, erasing data or stealing information. Such viruses may attack
computers through many ways like downloading les via internet, running an
infected program, opening infected e-mail attachments, and using infected USB
devices 7. Mathematical modeling of the spread process of computer virus
is an eective approach to understand the behavior of computer viruses and
how to prevent infection 8. It helps decision makers to put their strategies
to control the spread of computer viruses.
Computer viruses possess a ma jor threat both for standalone and net-
worked computers as they can replicate themselves and spread among com-
puters in the form of malicious programs. Destruction of data by the viruses
cause serious problem for individual user and may cause disastrous situation
for institutional user, even sometimes destroy the whole computer system 1.
Despite the signicant development of anti-virus as a ma jor means of defend-
ing against viruses, the computer viruses are still very much a cause of concern
in computer network. As a promising alternative of anti-virus technique, the
epidemic dynamics of computer viruses aims to understand the way how the
computer viruses can spread across network and to work out global policies of
inhibiting their prevalence. Analogous behavior of computer viruses and their
biological counterparts inspired many researchers to study this new led com-
puter viruses study. Cohen 2 and Murray 3 evidently suggested exploiting
the compartment modeling techniques developed in the epidemic dynamics of
biologically infectious disease to study the spread of computer viruses.
A computer virus is a segment of program code that will copy its code into
one or more larger host programs when it is activated. A worm is a program
that can run independently and travel from machine to machine across network
connections (Spaord, 1990).
As a technical term coined by Cohen, a computer virus is a malicious pro-
gram that can replicate itself and spread from computer to computer. Once
breaking out, a virus can perform devastating operations such as modifying
data, deleting data, deleting les, encrypting les, and formatting disks 1.
In the past, massive outbreaks of computer viruses have brought about huge
nancial losses. With the advent of the era of cloud computing and the Inter-
net of Things, the threat from viruses would become increasingly serious, even
leading to a havoc 2. As we all know, antivirus software is the ma jor means
of defending against viruses. With the continual emergence of new variants
of existing viruses as well as new types of virus strains, the struggle waged
by human being against viruses is doomed to be endless, arduous, and devi-

Title First Line
3
ous; indeed, the development of new types of antivirus software always lags
behind the emergence of new types of viruses. As thus, antivirus technique
cannot predict the evolution trend of viruses and, hence, cannot provide global
suggestions for their prevention and control.
Computer virus is a malicious mobile code which including virus, Tro jan
horses, worm, and logic bomb. It is a program that can copy itself and attack
other computers. And they are residing by erasing data, damaging les, or
modifying the normal operation. Due to the high similarity between computer
virus and biological virus 1, various computer virus propagation models are
proposed 24. This dynamical modeling of the spread process of computer
virus is an eective approach to the understanding of the behavior of computer
viruses because on this basis, some eective measures can be posed to prevent
infection.
The computer virus has a latent period, during which individuals are ex-
posed to a computer virus but are not yet infectious. An infected computer
which is in latency, called exposed computer, will not infect other computers
immediately; however, it still can be infected. Based on these characteristics,
delay is used in some models of computer virus to describe that although the
exposed computer does not infect other computers, it still has infectivity 5,
6. Yang et al. 7, 8 proposed an SLB and SLBS models; in these models, the
authors considered that the computer virus has latency, and the computer also
has infectivity in the period of latency. However, they do not show the length
of latency and take into account the impact of articial immunization ways
such as installing antivirus software. And the newly entered in the internet
from the susceptible status to exposed status, the contact rate is the same as
that of susceptible status entering into infected status.
In this paper, a novel model of computer virus, known as SEIR model, is
put forward to describe the susceptible computer which can be infected by
the other infected or exposed computer and come into the exposed status.
In the SEIR model, based on articial immunity, we consider the bilinear
incidence rate for the latent and infection status. Assume that the computers
which newly entered the internet are susceptible, the computers correspond
with exposed computers, and their adequate contact rate is denoted by ?? 1,
and computers also correspond with infected computers, and their adequate
contact rate is denoted by ?? 2. So, the fraction of the computer which
newly entered the internet will enter the class ?? by anti-virus software; the
fraction of computers contact with exposed and infected computer will stay
latent before becoming infectious and enter the class ??. It is shown that the
dynamic behavior of the proposed model is determined by a threshold ?? 0,
and this
The idea of computer virus came into being around 1980 and has con-
tinued threatening the society. During these early stages, the threat of this

4
Stephen Edward
virus was minimal 1. Modern civilized societies are being automated with
computer applications making life easy in the areas such as education, health,
transportation, agriculture and many more. Following recent development in
complex computer systems, the trend has shifted to sophisticate dynamic of
computer virus which is dicult to deal with. In 2001, for example, the cost
associated with computer virus was estimated to be 10.7 United State dollars
for only the rst quarter 1. Consequently, a comprehensive understanding
of computer virus dynamics has become inevitable to researchers considering
the role played by this wonderful device. To ensure the safety and reliability
of computers, this virus burden can be tackled in twofold: microscopic and
macroscopic 2?6. The microscopic level has been investigated by 3, who
developed anti-virus program that removes virus from the computer system
when detected. The program is capable of upgrading itself to ensure that new
virus can be dealt with when attacks computer. The characteristics of this
program are similar to that of vaccination against a disease. They are not able
to guarantee safety in computer network system and also dicult to make good
future predictions. The macroscopic aspect of computer has seen tremendous
attention in the area of modeling the spread of this virus and determining the
long-term behavior of the virus in the network system since 1980 4. The
concept of epidemiological modeling of disease has been applied in the study
of the spread of computer virus in macroscopic scale 6?8. At any time, a computer is classied as internal and external depending
on weather it is connected to internet or not. At that time, all of the internet
computers are further categorized into four classes: (1) susceptible computers,
that is, uninfected computers and new computers which connected to network;
(2) exposed computers, that is, infected but not yet broken-out; (3) infectious
computers; (4) recovered computers, that is, virus-free computer having immu-
nity. Let ??(??), ??(??), ??(??), ??(??) denote their corresponding numbers at
time ??, without ambiguity; ??(??), ??(??), ??(??), ??(??) will be abbreviated
as ??, ??, ??, ??, respectively. The model is formulated as the following system
of dierential equations: We may see that the rst three equations in (1) are
independent of the fourth equation, and therefore, the fourth equation can be
omitted without loss of generality. Hence, system (1) can be rewritten as
2 Model Formulation
The propagation of computer worms and viruses in a network under study is
modeled using four compartments based on the status, that is: Susceptible,
Exposed,Infectious and Recovered. At time t, the total population size ( N)
is divided into: Susceptible (S), Exposed ( E), Infected ( I) and Recovered
( R ) such that: N=S+ E +I+ R as: The per capita recruitment rate
into the susceptible population is denoted . We assume that the infected

Title First Line
5
immigrants are included because they are not able to travel. New infection can
be due to eective contact with either a carriers or a symptomatically infected
individual, where the force of infection of susceptibles is denoted by . A newly
infected individual joins carrier class with a probability of f or symptomatically
infected class with a probability of 1 f. Carriers can change their status to
show symptoms (infected) 16 at the rate . Infected individuals recover at
the rate
1.
At any time, a computer is classied as internal and external depending
on weather it is connected to internet or not. At that time, all of the internet
computers are further categorized into four classes: (1) susceptible computers,
that is, uninfected computers and new computers which connected to network;
(2) exposed computers, that is, infected but not yet broken-out; (3) infectious
computers; (4) recovered computers, that is, virus-free computer having immu-
nity. Let ??(??), ??(??), ??(??), ??(??) denote their corresponding numbers at
time ??, without ambiguity; ??(??), ??(??), ??(??), ??(??) will be abbreviated
as ??, ??, ??, ??, respectively. The model is formulated as the following system
of dierential equations:
Model equations
dS dt
=
N +!R ( + +
1I
1 +

2I
2 +

3E
)S (1)
dE dt
= (

1I
1 +

2I
2 +

3E
)S ( +
1 +

2 +

3)
E (2)
dI 1 dt
=

1E
( +
1)
I
1 (3)
dI 2 dt
=

2E
( +
2)
I
2 (4)
dR dt
=

1I
1 +

2I
2 +

3E
+S !R (5)
where Ndenotes the rate at which external computers are connected to
the network; denotes the recovery rates of susceptible computer due to the
anti-virus ability of network; ;
1 denotes the recovery rates of virus infected
computer due to the anti-virus ability of network;
2 denotes the recovery
rates of worm infected computer due to the anti-virus ability of network;
3
denotes the recovery rate of exposed computer due to the anti-virus ability
of network; denotes the rate at which, when having a connection to one
infected computer, one susceptible computer can become exposed but has
not broken-out; ? denotes the rate of which, when having connection to
one exposed computer, one susceptible computer can become exposed; ??
denotes the rate of the exposed computers cannot be cured by anti-virus
software and broken-out; ?? denotes the recovery rate of infected comput-
ers that are cured; denotes the rate at which one computer is removed

6
Stephen Edward
from the network. All the parameters are nonnegative. Moreover, all feasi-
ble solutions of the system (3) are bounded and enter the region D, where
D = ( S; E ; I
1; I
2; R
)2 R5
+ :
S > 0; E > 0; I
1>
0; I
2>
0; R > 0; N (t)
0 . From the equilibrium equations we can show that E
exists with:

8
Stephen Edward
S
= ab k
((1 f)a + f( + b ))
For E
to exist in the feasible region D, the necessary and sucient condition
is that:
0 S
(
+ !
1
)
( +!
1) or equivalently,
(+ !
1
) S

( +!
1))
1
Dene R
e= k
(+ !
1
)((1 f)a + f( + b ))
( + + !
1)
ab
Then R
eis a threshold parameter that determines the number of equilibria.
We will show in Section (3.2) that R
eis the basic reproduction number.
Proposition . IfR
e
1then E
0is the only equilibrium in system (1-5);
if R
e
1, then there are two equilibria, disease free equilibrium, E
0 and a
unique endemic equilibrium, E
.
3.1 The Basic Reproduction Number, R
0
The basic reproduction number denoted by R
0 is the average number of sec-
ondary infections caused by an infectious individual during his or her entire
period of infectiousness Diekmann et al ?.The basic reproduction number is
an important non-dimensional quantity in epidemiology as it sets the threshold
in the study of a disease both for predicting its outbreak and for evaluating its
control strategies. Thus, whether a disease becomes persistent or dies out in
a community depends on the value of the reproduction number, R
0. Further-
more, stability of equilibria can be analyzed using R
0. If
R
0<
1 it means that
every infectious individual will cause less than one secondary infection and
hence the disease will die out and when R
0
1.The disease free equilibrium point also exists and
is locally asymptotically stable when this disease threshold is less than unity
and unstable otherwise. Our ndings suggest that, it is benecial to minimize
contact with pneumonia patients, avoid touching dead body, encourage hos-
pitalization of Ebola patients, safe burial practices, more training should be
given to medical sta to specially handle pneumonia virus disease and maxi-
mizing pneumonia awareness programs to the population at large. The study
furthermore, recommends that there should be more international co-operation
to prevent cross-border transmission of the disease. As has been studied by
29,30 , it must be pointed out that even though therapeutic treatment of
both aware and unaware EBV patients is imperative to halt the transmission
of this epidemic, however this strategy alone would have been insucient to
stop this epidemic from spreading through a population. This calls for a need
of a combination of several control strategies if we are at all to eradicate this
epidemic. We acknowledge the fact that this work may have shortfalls as fol-
lows. The model could be improved by incorporating the role of environment
and bush meat in the transmission dynamics of EBV. Sensitivity analysis was
not carried out in this work and no optimal control and cost eectiveness of the
control measures were considered in this model which could perhaps yield more
appealing results. However our great attempt in this work has laid a strong
cornerstone to ll these gaps because it has improved our understanding of
pneumonia Transmission dynamics. ACKNOWLEDGEMENTS. This is a text of acknowledgements.
References
My Collection