The Influence of User Protection Behaviors on the Control of Internet Worm Propagation

Li, Yihong; Pan, Jinxiao; Song, Lipeng; Jin, Zhen

doi:https://doi.org/10.1155/2013/531781

Abstract and Applied Analysis

On this page

Abstract Introduction Conclusion Acknowledgments References Copyright Related Articles

Research Article | Open Access

Volume 2013 | Article ID 531781 | https://doi.org/10.1155/2013/531781

The Influence of User Protection Behaviors on the Control of Internet Worm Propagation

Yihong Li,¹Jinxiao Pan,^1,2Lipeng Song,³and Zhen Jin²

Academic Editor: Yanni Xiao

Received06 May 2013

Revised21 Jul 2013

Accepted21 Jul 2013

Published11 Sept 2013

Abstract

Computer users’ reactions to the outbreak of Internet worm directly determine the defense capability of the computer and play an important role in the spread of worm. In this paper, in order to characterize the impacts of adaptive user protection behaviors, an improved SIS model is proposed to describe the Internet worm propagation. The results of theoretical analysis indicate that the protective campaigns of users can indeed reduce the worm’s reproduction number to values less than one. But it may not be sufficient to eradicate the worm. In certain condition, a backward bifurcation leading to bistability can occur. These are new findings in the worm propagation model that bring new challenges to control the spread of the worm and further demonstrate the importance of user behaviors in controlling the worm propagation. Corresponding to the analysis results, defense and control strategies are provided.

1. Introduction

A generalized Internet worm is a kind of computer program that can replicate itself and spread from one host to another through the network [1]. Internet worms are built to propagate without warning or user interaction with the characters of rapid pervasive speed, large invasive scale, and severe destructive power. In the modern information and network security, Internet worms have become one of the most serious security threats to the Internet [2].

In order to effectively defense the Internet worm attack and reduce the damage caused by them, the propagation mechanism and control strategies of Internet worms have become active research topics. Mathematical models have been an important tool for investigating and quantifying such effects. Many research efforts have focused on developing effective worm propagation model to understand their propagation mechanisms and examine the effects of defensive measures [3–7]. However, all of these studies are focused on the computer host [8–10] and ignore the user behavior which is closely related to the worm propagation [11].

As stated in [12], the most effective way to protect a host from worm is to patch. But it is almost impossible to achieve for some reasons, one of which is the lack of the security awareness of the computer user. It serves to show that user behaviors play an important role in the spread of Internet worm, and understanding the influence of these behaviors on the spread of worm can be a key to improve control efforts. Several studies have been carried out to evaluate the impact and role of the user behavior factors on worm propagation [13–19], but almost all of these studies are focused on the user’s habitual actions. However, in the real world, users can take actions to combat worm prevalence, and under different actions, there will be different worm prevalence processes [20]. Only a few recent attempts have considered the self-induced behavior changes users adopt during an outbreak. Some approaches model user behaviors by modifying infectious rate or removed rate [21, 22]. However, to fully understand the impact of user behaviors on worm dynamics, there still lacks a formulation of a general behavior worm model.

In the actual network environment, during the outbreak of the Internet worm, the computer users may filter and block suspicious messages with a firewall, no longer browse websites that are suspicious, update the antivirus software to new version timely, and so forth, which can be called user protection behaviors. Certainly, these protection measures can cause associated costs. For instance, some important information may be filtered out, or the speed of the computer operation can be slowed down. Moreover, these bring some inconvenience to normal activities. So users always compare the risk of worm infection with the associated cost of protection measures and then make a personal decision according to the current situation of worm propagation. As a consequence, the states of the computers switch between vulnerable state and protected state relying on the corresponding protection behaviors of users. From this new perspective, in this paper the computers are categorized according to the user behavioral responses to the spread of worm. The degree of protection is different because of the difference of user’s attitudes, belief systems, opinions, awareness of the worm, and environment. For the sake of simplicity, the computers that have not been infected by the worm are divided into two classes roughly, where one is the vulnerable computers and the other one is the protected computers. Incorporated with the worm dynamics, we study the effect of user protection behaviors on worm propagation and control.

The rest of this paper is organized as follows. In Section 2, a worm propagation model coupled with user protection behaviors is established. The basic reproduction number is obtained in Section 3, and the equilibria and the corresponding stability are studied. In Section 4, we carry out some sensitivity analysis about the parameters. In the following section are the simulation results and control strategies. Finally, we conclude in Section 6 with a summary of our findings.

2. The Worm Propagation Model

We focus on studying the impact of the user behaviors on the worm propagation and control so as to provide theoretical basis for the worm control. Therefore, we shall exclusively consider the random-scanning worm, regardless of the topological structure of the network. That is, all computer hosts in the network are mixing homogeneously and have the vulnerabilities that can be used by the worm.

All computers are divided into three classes: vulnerable computers (worm-free computers), protected computers, and infectious computers (computers that have been infected by the worm and can transmit it to the vulnerable computers). Let , , and denote, at time , the numbers of vulnerable, protected, and infectious computers, respectively. Then is the total number of computers.

By carefully considering the features of Internet worm, the following hypotheses are made.(H1) All newly connected computers are worm-free. These computers are connected to the Internet at positive constant , of which a fraction is protected.(H2) Computers are disconnected from the Internet at rate .(H3) Infectious computers are cured at positive constant rate by running with antivirus software or reinstalling the system, of which a fraction is protected.(H4) Compared to the vulnerable computers, the protected ones have the smaller infection rate by worm. We utilize the fraction to measure the effect of reducing the infection rate due to the protection behaviors. means the protection is completely effective in preventing infection, while means the protection is utterly ineffective. In fact, we know the protection may not be 100% or completely useless, so we consider the case , which is more realistic. (H5) The transformation rate of a computer from vulnerable state to protected state is . In the opposite direction, the transformation rate is .

Integrating the user protection behaviors into the worm propagation, we have the following graphic of the state transition in Figure 1.

According to the flowchart, the worm propagation process that is coupled with the user protection behaviors can be described as the following model: where denotes the infection rate of vulnerable computers due to the successful scans of an infectious computer per time step and is the infection rate of protected computers due to the successful scans of an infectious computer per time step. The probability of successfully finding a vulnerable computer (protected computer) in one scan is (), where is the size of IPv4 address space (the scanning space). Then, () is the number of vulnerable computers (protected computers) infected by an infectious computer per time step. So () is the number of vulnerable computers (protected computers) infected by infectious computers per time step.

Summing up the three equations in system (1), we obtain When , . It is easy to see that system (1) can be shown to be mathematically well posed in the positive invariant region and solutions in exist for all positive time.

Now, we take transformation , , to system (1). For convenience, , , and are used to represent , , and in the following equations: where and is satisfied.

3. The Analysis of Dynamical Behaviors

The objective of this section is to perform theoretical analysis of system (3). We first give the basic reproduction number. Secondly, we study the equilibria and their stability. Finally, we prove the occurrence of saddle-node bifurcation.

3.1. The Basic Reproduction Number

Usually, the basic reproduction number, denoted as , is “the expected number of secondary cases produced, in a completely susceptible population, by a typical infective individual” [23, 24]. Similarly, for a worm propagation model the basic reproduction number is defined as the average number of previously worm-free computers that are infected by a single infectious computer during its lifecycle. In our model, infectious computers come from two sources: those vulnerable () that get infected and those protected () that get infected. By the physical meanings of the system parameters in system (3) (or (1)), the following results are obtained:(a)the average lifetime of an infectious computer is ;(b)an infectious computer converts a vulnerable computer to an infectious one at rate ;(c)an infectious computer converts a protected computer to an infectious one at rate .

Thus, the modified basic reproduction number with the protection measures is obtained as where is the basic reproduction number of the SIS model which does not consider the user protection behaviors. The expressions of and are given in (5). Obviously, the protection behaviors do reduce the basic reproduction number .

3.2. Stability and Bifurcation Analysis

3.2.1. The Worm-Free Equilibrium and Its Stability

Equilibria are obtained by setting the right side of system (3) equal to zero. From the third equation in system (3), we can obtain or . If , the model has a unique worm-free equilibrium: where , .

To study the local stability of the equilibria, we first give the Jacobian matrix of system (3) at an arbitrary equilibrium: Then the corresponding characteristic polynomial at the worm-free equilibrium is derived as so we obtained that the eigenvalues at the worm-free equilibrium are , and , respectively. Consequentially, the following result is obtained.

Theorem 1. System (3) always has a trivial equilibrium , and if , is locally asymptotically stable.

3.2.2. The Existence and Stability of Endemic Equilibrium

In this section, we study the existence and stability of the endemic equilibria for system (3).

If , combined with the second equation of system (3), we can obtain Then, substituting and into the first equation of system (3), a quadratic equation is given as in terms of , where Define ; the number of endemic equilibria is dependent on the sign of , , and . After calculation, we can obtain the following results.

Theorem 2. For system (3), consider the following.(1) If , (9) has a positive root . Correspondingly, system (3) has one endemic equilibrium . (2) If and , (9) also has a positive root . Correspondingly, system (3) has one endemic equilibrium . (3) If , , there will be three cases.(i) If , (9) has two positive roots and . Correspondingly, system (3) has two endemic equilibria and . (ii) If , (9) has a positive root ; then system (3) has one endemic equilibrium .(iii) If , (9) has no positive root, and system (3) has no endemic equilibrium.

Now, we study the stability of endemic equilibria seriatim. Similar to Section 3.2.1, the corresponding characteristic polynomial of an arbitrary endemic equilibrium is derived as Obviously, for any endemic equilibrium, there is an eigenvalue . In order to study the other ones, we set Then the signs of eigenvalues corresponding to the endemic equilibrium are dependent on the distribution of the roots of .

Corresponding to the cases about the existence, we obtain the stability of endemic equilibrium in each case, which are stated as follows.

Theorem 3. For system (3), consider the following. (1)If , then , . In this case, has no intersection point with positive real axis; thus is locally asymptotically stable. (2)If and , then , ; same as case , is locally asymptotically stable. (3)If , , there will be three cases.(i)If , for the positive root , ; same as the above, is a stable node. For , ; in this case, has an intersection point with positive real axis, so is a saddle point.(ii)If , then , ; in this case, one of the eigenvalues corresponding to is equal to zero, so is a nonhyperbolic equilibrium.(iii)If , system (3) has no endemic equilibrium.

3.2.3. The Saddle Node and Bifurcation

According to Theorems 2 and 3, we can see that under the conditions , , and , system (3) has one endemic equilibrium , and it is a nonhyperbolic equilibrium. Utilizing the center manifold theorem [25, 26] and the existence theorem [27], we studied the dynamical behavior near the equilibrium . Taking as the bifurcation parameter, we prove that system (3) could experience saddle-node bifurcation. The detailed results are given as follows (the proofs of Theorems 4 and 5 are provided in Appendices A and B).

Theorem 4. If , , and , system (3) has one positive equilibrium , and is a saddle node.

Theorem 5. System (3) experiences saddle-node bifurcation at the equilibrium as the parameter passes through the bifurcation value.

From the above mathematical analysis, we can see that under certain parameter condition, system (3) would experience backward bifurcation. Combined with the theoretical results, we can rewrite the inequality conditions about , , and in terms of : , , and satisfy the following relationship Then becomes one critical threshold for system (3), and . In addition, we can obtain if . Obviously, .

From Theorems 1–5, we can obtain the following properties.

Corollary 6. For system (3),(1)if and , then two endemic equilibria exist, one of which is locally stable and competes with the locally stable worm-free equilibrium, which is the backward bifurcation (see Figure 2(b));(2)otherwise, the worm-free equilibrium is the unique attractor when , which is the forward bifurcation (see Figure 2(a)).

(a)

(b)

These results can also be given in terms of , , or , and in practice, these parameters are easily controlled. However, the expressions are more complicated. Therefore, we only give corresponding regions in numerical simulation.

4. Sensitivity Analysis

In real world applications, our main objective is to control the percentage of infective computers or eradicate the worm by taking effective measures. In our model, parameters , , , , and are related to human behavioral responses. For our purpose, following Arriola and Hyman [28], the normalized forward sensitivity indices with respect to , , , and are calculated, respectively, as follows: It can be seen that, among these parameters, is an increasing function of and . Opposed to this, and have an inversely proportional relationship with .

By now, for a general worm propagation model with forward bifurcation (Figure 2(a)), we can take measures to increase and decrease , at the same time to make below one. However, for our model, the backward bifurcation (Figure 2(b)) appears under certain parameter values. In this case, reducing below one would not promise to eradicate the worm eventually. As shown in Figure 2(b), there exists a locally stable endemic equilibrium even if . In order to control the worm propagation, the involved parameter values must be further reduced or increased so far that , and enters the region where no endemic equilibria exist (see Figures 2(b) and 9). Therefore, the control of worm propagation is more difficult under the situation in which backward bifurcation appears.

5. Simulations and Control Strategies

Theoretical results have been provided in previous section; now we use numerical simulations to verify the above results. We fix [29], , and throughout this paper.

5.1. The Effect of Parameters

In Section 4, we have analyzed the effects of , , , and on . To provide an intuitive impression, when , the influences of , , , and on are shown in Figure 3.

(a)

(b)

(c)

(d)

It can be observed that the effects of , , and are stronger and have little or almost no influence on . Moreover, we find that can influence not only the number of infectious computers but also the arrival time of the second peak. It is easy to see that the peak of the second outbreak would be postponed if is increasing. Generally, as the arrival time of the first peak of worm outbreak is very quick, it is too late to make any responses when we are aware of it. Thus, if the arrival time of the second peak of worm outbreak can be postponed, it can give security professionals more time to study the corresponding counter measures.

Although does not appear in the expression for , it is related to the user behavior. So, fixing , , , , (this is the forward bifurcation case, ), we study the influences of on the changes of . From Figure 4, we can see an increase of would lead to a decrease of . That is, even if , the final size of infectious computers can be reduced to a low level by increasing .

In order to display the differences between the forward and backward bifurcation, in the following parts, we carry on numerical simulations for the two cases, respectively.

5.2. Forward Bifurcation

Firstly, to find better control strategies for worm infection, we perform some sensitivity analysis of and the basic reproduction number in terms of the model parameters. Choosing , , , , , we can obtain . Assuming the value of is , , and , respectively, then the corresponding value of is , , and . We show variations of for different values of in Figure 5 with . We can see that is really the threshold for the establishment of the worm in the susceptible pool, and the number of infectious computers increases with the increase of .

Secondly, in Figure 6, we show the influences of initial conditions on the number of infectious computers for the same . We can see has little or almost no influence on .

(a)

(b)

(c)

From the above analysis, we find that as long as we take measures to control the parameter values to make , we will be able to control the spread of the worm. However, we know that in real world the control measures corresponding to involved parameters may not be easy to carry out. Even if controlling parameter values cannot ensure that , the final size of infectious computers can be reduced by reducing the value of as far as possible.

5.3. Backward Bifurcation

Similarly, keeping other parameter values unchanged, we choose , , then , , , and , . Assuming the value of is , , and , respectively, then the corresponding value of is , , and . The inequality is satisfied.

In Figure 7, we show the changes of with time for different . The initial values adopted in Figures 7(a) and 7(b) are and , respectively.

(a)

(b)

Comparing Figure 7(a) with Figure 5, we can find if at , may still tend to a positive endemic level; that is, is not sufficient to control the spread of Internet worm. Comparing Figure 7(a) with Figure 7(b), it can be observed that when , the initial value can influence the evolutions of with time. But the initial value has no influence on the evolutions of with time when and . Thus is not the only threshold condition for the worm eradication, and also plays a key role.

In order to display the impacts of on the evolutions of more clearly, in Figure 8, we assume the initial value of is 10⁶ : 10⁶ : 10⁷. From Figures 8(a)–8(c), we can see that when , for different , will tend to endemic equilibrium or worm-free equilibrium simultaneously, which puts forward new challenges to the worm control. Because the value of depends mainly on the hackers who write malicious code, it is hard to control. Then in order to eradicate the worm, we must take further measures to reduce , so that .

(a)

(b)

(c)

(a)

(b)

(c)

For system (3), the parameters are in cooperation with each other. So in Figure 9, we give the region division of the distribution of endemic equilibria in , , and planes. Thus the parameter space is divided into several parts. In the yellow area, system (3) has two endemic equilibria, one of which is locally asymptotically stable. In the “no endemic equilibrium” region, the worm-free equilibrium is globally asymptotically stable. In the “one endemic equilibrium” region, the unique endemic equilibrium is globally asymptotically stable. From Figure 9, we can obtain the corresponding value ranges of , , and just as easily. This can be an instruction to control parameter values and provides a good basis for the establishment of control measures in practical terms.

Synthesizing the above analysis and simulation results, some control strategies can be implemented: in both cases (forward and backward bifurcation), it is strongly recommended that one should periodically acquire and run antivirus software of the newest version. Filtering and blocking suspicious messages with a firewall is also suggested. Educational efforts should be rolled out to increase the public awareness of worm propagation. Especially in the case of backward bifurcation, in order to control the spread of the worm, one must further strengthen the implementation of these measures.

6. Conclusion

In the vast majority of Internet worm models [30–35], the basic reproduction number is the critical threshold condition. Various actions are taken to control the system parameter values so that , then the solutions of the system will approach worm-free equilibrium finally; that is, the spread of worm can be controlled. In our paper, by characterizing the user protection behaviors, we propose a mathematical model which is coupled with the adaptive user protection behaviors for the Internet worm propagation. The theoretical analysis demonstrates that the protection behavior can reduce the value of the basic reproduction number to below one. Besides, we find that the simple model exhibits a very interesting and rich spectrum of dynamical behaviors, such as backward bifurcation, saddle-node bifurcation. Thus, in this case, the basic reproduction number below one is not the only threshold condition for the computer worm control. In the backward bifurcation case, one must further strengthen the protection to control the spread of worm. These results show that whether the user selects protection has an important effect on worm controlling. Moreover, enhancing the protection consciousness of users or speeding up the antivirus software upgrade can delay the arrival time of second peak of infectious computer, which is essential for the security professionals. To sum up, our results are new discoveries in the field of Internet worm propagation and can bring new perspectives to defense and control worm propagation.

Appendices

A. The Proof of Theorem 4

In this subsection, we investigate the dynamics near in the second item of case (III) by the center manifold theorem [25, 26]. Firstly, using , system (3) is qualitatively equivalent to From the previous analysis, we can obtain that the eigenvalues corresponding to are and .

Secondly, shifting to the origin via and , system (A.1) can be transformed into

Thirdly, define the transformation which transformed system (A.2) into the following standard form where and , with , , , , and , are satisfied.

By the existence theorem [27], there exists a center manifold for system (A.4), which can be expressed locally as follows: with sufficiently small, and is the derivative of with respect to .

To compute the center manifold , we suppose has the form By the local center manifold theorem, the center manifold (A.6) satisfies where .

Rewrite and as and , respectively, where Substituting (A.4) into (A.7) and then equating coefficients on each power of to zero yields Then, we get the approximation for : Substituting (A.10) in the first equation of system (A.4), we achieve So from (A.11) (see [36, page 338–340]), we get the following. If , , and , system (3) has one positive equilibrium , and is a saddle node.

B. The Proof of Theorem 5

From Section 3.2, we can see that when , , and if the sign of changes, system (3) will experience a saddle-node bifurcation. In this part, we give the proof.

Let us consider as a control parameter, define , , where .

Rewrite system (A.1) as Then we have has a simple eigenvalue with eigenvector and has an eigenvector , corresponding to . Furthermore, the following conditions are satisfied: According to the theorem (see [37, page 148]), we obtain the following result. System (3) experiences a saddle-node bifurcation at the equilibrium as the parameter passes through the bifurcation value .

Conflict of Interests

No conflict of interests exists in the submission of this paper, and the paper is approved by all authors for publication.

Acknowledgments

This work is supported by the National Natural Science Foundation of China (11171314, 61171179, 11247244, 61301259, and 61379125), Program for Basic Research of Shanxi province (2012011015-3).

References

D. M. Kienzle and M. C. Elder, “Recent worms: a survey and trends,” in Proceedings of the 2003 ACM Workshop on Rapid Malcode (WORM '03), pp. 1–10, ACM, New York, NY, USA, October 2003.
View at: Google Scholar
O. A. Toutonji, S.-M. Yoo, and M. Park, “Stability analysis of VEISV propagation modeling for network worm attack,” Applied Mathematical Modelling, vol. 36, no. 6, pp. 2751–2761, 2012.
View at: Publisher Site | Google Scholar | Zentralblatt MATH | MathSciNet
X. Fan and Y. Xiang, “Modeling the propagation of Peer-to-Peer worms,” Future Generation Computer Systems, vol. 26, no. 8, pp. 1433–1443, 2010.
View at: Publisher Site | Google Scholar
X. Yang and L.-X. Yang, “Towards the epidemiological modeling of computer viruses,” Discrete Dynamics in Nature and Society, vol. 2012, Article ID 259671, 11 pages, 2012.
View at: Publisher Site | Google Scholar
L.-X. Yang, X. Yang, J. Liu, Q. Zhu, and C. Gan, “Epidemics of computer viruses: s complex-network approach,” Applied Mathematics and Computation, vol. 219, no. 16, pp. 8705–8717, 2013.
View at: Publisher Site | Google Scholar | MathSciNet
Q. Zhu, X. Yang, L.-X. Yang, and C. Zhang, “Optimal control of computer virus under a delayed model,” Applied Mathematics and Computation, vol. 218, no. 23, pp. 11613–11619, 2012.
View at: Publisher Site | Google Scholar | MathSciNet
C. C. Zou, W. Gong, and D. Towsley, “Code red worm propagation modeling and analysis,” in Proceedings of the 9th ACM Conference on Computer and Communications Security, pp. 138–147, ACM, New York, NY, USA, November 2002.
View at: Google Scholar
X. Yang, B. K. Mishra, and Y. Liu, “Theory, model, and methods,” Discrete Dynamics in Nature and Society, vol. 2012, Article ID 473508, 2 pages, 2012.
View at: Publisher Site | Google Scholar
W. Yu, X. Wang, A. Champion, D. Xuan, and D. Lee, “On detecting active worms with varying scan rate,” Computer Communications, vol. 34, no. 11, pp. 1269–1282, 2011.
View at: Publisher Site | Google Scholar
Y.-H. Choi, L. Li, P. Liu, and G. Kesidis, “Worm virulence estimation for the containment of local worm outbreak,” Computers and Security, vol. 29, no. 1, pp. 104–123, 2010.
View at: Publisher Site | Google Scholar
L.-X. Yang and X. Yang, “Propagation behavior of virus codes in the situation that infected computers are connected to the internet with positive probability,” Discrete Dynamics in Nature and Society, vol. 2012, Article ID 693695, 13 pages, 2012.
View at: Publisher Site | Google Scholar | Zentralblatt MATH | MathSciNet
X. Zheng, T. Li, and Y. Fang, “Strategy of fast and light-load cloud-based proactive benign worm countermeasure technology to contain worm propagation,” The Journal of Supercomputing, vol. 62, pp. 1451–1479, 2012.
View at: Google Scholar
M. E. J. Newman, “Spread of epidemic disease on networks,” Physical Review E, vol. 66, no. 1, Article ID 016128, 11 pages, 2002.
View at: Publisher Site | Google Scholar | MathSciNet
L.-X. Yang and X. Yang, “The spread of computer viruses under the influence of removable storage devices,” Applied Mathematics and Computation, vol. 219, no. 8, pp. 3914–3922, 2012.
View at: Publisher Site | Google Scholar | MathSciNet
C. C. Zou, D. Towsley, and W. Gong, “Email virus propagation modeling and analysis,” Tech. Rep. TR-CSE-03-04, University of Massachusettes, Amherst, Mass, USA, 2003.
View at: Google Scholar
G. Chen and R. S. Gray, “Simulating non-scanning worms on peer-to-peer networks,” in Proceedings of the 1st International Conference on Scalable Information Systems (InfoScale '06), pp. 1–13, Hong Kong, June 2006.
View at: Publisher Site | Google Scholar
C. C. Zou, D. Towsley, and W. Gong, “Modeling and simulation study of the propagation and defense of internet e-mail worms,” IEEE Transactions on Dependable and Secure Computing, vol. 4, no. 2, pp. 106–118, 2007.
View at: Publisher Site | Google Scholar
C. Gan, X. Yang, W. Liu, Q. Zhu, and X. Zhang, “Propagation of computer virus under human intervention: a dynamical model,” Discrete Dynamics in Nature and Society, vol. 2012, Article ID 106950, 8 pages, 2012.
View at: Publisher Site | Google Scholar | MathSciNet
X. Sun, Y.-H. Liu, J.-Q. Zhu, and F.-P. Li, “Research on simulation and modeling of social network worm propagation,” Chinese Journal of Computers, vol. 34, no. 7, pp. 1252–1261, 2011.
View at: Publisher Site | Google Scholar
H. Yuan and G. Chen, “Network virus-epidemic model with the point-to-group information propagation,” Applied Mathematics and Computation, vol. 206, no. 1, pp. 357–367, 2008.
View at: Publisher Site | Google Scholar | Zentralblatt MATH | MathSciNet
L. Feng, X. Liao, Q. Han, and L. Song, “Modeling and analysis of peer-to-peer botnets,” Discrete Dynamics in Nature and Society, vol. 2012, Article ID 865075, 18 pages, 2012.
View at: Publisher Site | Google Scholar | Zentralblatt MATH | MathSciNet
L.-P. Song, X. Han, D.-M. Liu, and Z. Jin, “Adaptive human behavior in a two-worm interaction model,” Discrete Dynamics in Nature and Society, vol. 2012, Article ID 828246, 13 pages, 2012.
View at: Publisher Site | Google Scholar | Zentralblatt MATH | MathSciNet
O. Diekmann, J. A. P. Heesterbeek, and J. A. J. Metz, “On the definition and the computation of the basic reproduction ratio $R_{0}$ in models for infectious diseases in heterogeneous populations,” Journal of Mathematical Biology, vol. 28, no. 4, pp. 365–382, 1990.
View at: Publisher Site | Google Scholar | Zentralblatt MATH | MathSciNet
R. M. Anderson and R. M. May, Infectious Diseases of Humans, Oxford University, Oxford, UK, 1991.
J. Carr, Applications of Center Manifold Theory, Springer, New York, NY, USA, 1981.
L. Perko, Differential Equations and Dynamical Systems, vol. 7 of Texts in Applied Mathematics, Springer, New York, NY, USA, 3rd edition, 2001.
View at: MathSciNet
S. Wiggins, Introduction to Applied Nonlinear Dynamical Systems and Chaos, vol. 2 of Texts in Applied Mathematics, Springer, New York, NY, USA, 1990.
View at: MathSciNet
L. Arriola and J. Hyman, Forward and Adjoint Sensitivity Analysis: With Applications in Dynamical Systems, Lecture Notes in Linear Algebra and Optimisation, Mathematical and Theoretical Biology Institute, 2005.
A. Zeitoun and S. Jamin, “Rapid Exploration of Internet Live Address Space Using Optimal Discovery Path,” in Proceedings of IEEE Global Telecommunications Conference (GLOBECOM '03), pp. 2885–2890, San Francisco, Calif, USA, December 2003.
View at: Google Scholar
L.-P. Song, Z. Jin, G.-Q. Sun, J. Zhang, and X. Han, “Influence of removable devices on computer worms: dynamic analysis and control strategies,” Computers & Mathematics with Applications, vol. 61, no. 7, pp. 1823–1829, 2011.
View at: Publisher Site | Google Scholar | MathSciNet
Q. Zhu, X. Yang, and J. Ren, “Modeling and analysis of the spread of computer virus,” Communications in Nonlinear Science and Numerical Simulation, vol. 17, no. 12, pp. 5117–5124, 2012.
View at: Publisher Site | Google Scholar | Zentralblatt MATH | MathSciNet
B. K. Mishra and S. K. Pandey, “Effect of anti-virus software on infectious nodes in computer network: a mathematical model,” Physics Letters A, vol. 376, pp. 2389–2393, 2012.
View at: Google Scholar
L.-X. Yang, X. Yang, L. Wen, and J. Liu, “A novel computer virus propagation model and its dynamics,” International Journal of Computer Mathematics, vol. 89, no. 17, pp. 2307–2314, 2012.
View at: Publisher Site | Google Scholar | Zentralblatt MATH | MathSciNet
C. Gan, X. Yang, W. Liu, and Q. Zhu, “A propagation model of computer virus with nonlinear vaccination probability,” Communications in Nonlinear Science and Numerical Simulation.
View at: Publisher Site | Google Scholar
L.-X. Yang, X. Yang, Q. Zhu, and L. Wen, “A computer virus model with graded cure rates,” Nonlinear Analysis: Real World Applications, vol. 14, no. 1, pp. 414–422, 2013.
View at: Publisher Site | Google Scholar | Zentralblatt MATH | MathSciNet
A. A. Andronov, E. A. Leontovich, I. I. Gordon, and A. G. Maier, Qualitative Theory of Second-Order Dynamical Systems, John Wiley & Sons, New York, NY, USA, 1973.
J. Guckenheimer and P. Holmes, Nonlinear Oscillations, Dynamical Systems, and Bifurcations of Vector Fields, vol. 42 of Applied Mathematical Sciences, Springer, New York, NY, USA, 1983.
View at: MathSciNet

Copyright

Copyright © 2013 Yihong Li et al. This is an open access article distributed under the Creative Commons Attribution License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.

PDF Download Citation

Download other formats

Order printed copies

Views

792

Downloads

1292

Citations