#### Abstract

In this paper, we propose a novel heterogeneous model to describe the propagation dynamics of malware (viruses, worms, Trojan horses, etc.) in wireless sensor networks. Our model takes into consideration different battery-level sensor nodes contrary to existing models. In order to control the spread of malware, we design an aperiodically intermittent controller driven by white noise, which has striking advantages of lower cost and more flexible control strategy. We give a distinct condition on stability in probability one using graph-theoretical Lyapunov function and stochastic analysis method. Our results show that the nonlinear malware propagation system can be stabilized by intermittent stochastic perturbation under the intermittent time related to stochastic perturbation intensity. Our theoretical results can be applied to understand the observed mechanisms of malware and design interventions to control the spread of malware. Numerical simulations illustrate our analytical results clearly.

#### 1. Introduction

With the improvement of wireless sensor technology, wireless sensor networks (WSNs) are used in many new scenarios: intelligent transportation network, water quality monitoring, military target detection, etc. Due to wireless feature and special structure of wireless sensor network, it is vulnerable to malware attack which can eavesdrop and paralyze the network [1–3]. Consequently, mathematical modeling and control strategies of malware propagation are of vital importance in order to predict its effects and defend it. In recent years, many scientific literatures have appeared, specifically, global model and the related global behaviour of WSNs by the concept of epidemiology. In the epidemic system, all people separate into different compartments such as *S* (Susceptible), *E* (Exposed), *I* (Infectious), *R* (Recovered), and so on. Toutonji et al. [4] proposed a VEIS-V worm attack propagation model which considers security countermeasures during worm attack. Bimal and Keshri [5] established a SEIRSV model by introducing a maintenance mechanism to sleep nodes. Zhu and Zhao [6] considered a SIR model which has logistic growth. Wang et al. [7] proposed a SCI model to describe the propagation dynamics of mobile sensor worm.

However, the above global models cannot cover individual feature and capability. In this sense, individual-based model will be more accurate to model malware propagation since it values individual diversity and derives both malware relationship and individual feature from malware propagation. Under the framework of heterogeneous complex network theory, the connection topology of nodes can be defined by node degree and the related degree distribution. Several complex network models have been studied for the epidemic model [8–11], alcoholism model [12], information spreading model [13–17], etc. But for wireless sensor network, there are few achievements: del Rey et al. [18] established heterogeneous SIS and SIR models for malware propagation in WSNs; all nodes are separated into three compartments based on the classic SIR epidemic model. Li et al. [19] considered a SIR network malware propagation model; Li’s SIR model is different from del Rey’s heterogeneous model which considers tree-based networks. Inspired by stifler state in the rumor spreading model, Hosseini and Azgomi [20] proposed a SEIRS model. They assumed that nodes could be vaccinated and immunized to the malware infection. All of the above models did not consider sensor’s energy consumption, which affects seriously the information transmission quality. Nodes may not have enough energy to propagate malware by sending information to their neighbors. Proceeding from this angle, infected state should be separated into infected state with high capacity level and infected state with low capacity level. It is worth to mention that most of the results concentrate on dynamic analysis of the deterministic model (global or individual-based model) by the basic reproduction number , which is calculated by the next generation matrix method. But there are rare results on malware control strategies if malware becomes endemic ().

As is well known, stochastic noises can stabilize an unstable system [21–27]. Its application extends to many practical areas, such as sleep improvement, tone discrimination [28], and financial stability [21, 23]. From the consideration of reducing control cost and control time, discontinuous controllers have been designed to stabilize a given system such as feedback control [29–32], pinning control [33], impulsive control [34], adaptive control [35–40], and intermittent control [41–44]. As for intermittent control, control time is divided into periodic and aperiodic type. Periodically intermittent control has been studied by many authors especially in synchronization problems. Zhang et al. [41] designed a periodically intermittent linear controller driven by white noises to stabilize an unstable memristor-based system. As Liu and Chen [45, 46] have mentioned before, the requirement of periodicity is unusual in real world application, while aperiodically intermittent control strategy needs a complex management to study the dynamic behaviour of the controlled system. We highlight Liu and Chen [45, 46] who investigated aperiodically intermittent deterministic controller for complex coupled deterministic system, and sufficient conditions have been given to guarantee global synchronization.

Stochastic control has been proved to be sufficiently useful in many fields. But for the best of our knowledge, there is no work on aperiodically intermittent stochastic stabilization for malware propagation; the application on malware propagation needs to be explored. This motivates us to investigate this kind of scheme oriented to the security issue for WSNs. In this paper, we will design an aperiodically intermittent control strategy. In this strategy, we will focus on quantitative conditions for network to stabilize. The main contributions can be summarized as follows:(i)Compared with the previous works on malware spreading models on WSNs, our model is a new model which considers both individual behaviours and sensor capacitance. It can be used to solar heterogeneous network system.(ii)Compared with the previous works on spreading control, the control itself is random perturbation and the control time is aperiodically intermittent rather than continuous, and starting time and control length are arbitrary. We can control steady rate autonomously by adjusting the work width. In this angle, our control strategy is more flexible.

The paper is organized as follows. In Section 2, we establish a new malware propagation model on WSNs at first, which considers different battery-level sensor nodes. Then, we analyze the dynamic behaviour of the model. In Section 3, we design an aperiodically intermittent stochastic noise controller to control malware spreading. The control intensity expression reflects the relationship between system parameters and network topological structure. In Section 4, numerical simulations of the proposed model are given to show the power of aperiodically intermittent noise controller. Finally, we conclude the paper in Section 5.

#### 2. Model Formulation

According to topological structures of WSNs, all nodes partition into groups based on different nodal degrees. Each group is further compartmentalized into four states:(1)Susceptible (): the nodes in this state are prone to being infected by the implantation of malware and will become an infected one if it connects to an infected node.(2)Infectious with high energy level (): the nodes in this state have already been infected by malware successfully and have stored up enough energy to continue propagating the malware.(3)Infectious with low energy level (): the nodes in this state have already been infected by malware successfully but do not have sufficient energy to propagate malware by sending information to their neighbors.(4)Antimalware program activated (): when nodes in state and state are detected to be infected, the nodes will activate antimalware program to clear up the infection. The node activated by the antimalicious program will no longer be invaded by the same malware.

Based on the sensor features and transition characters, the malware propagation process is described as follows: when a susceptible node connects to an infected node, the susceptible node with high energy level becomes an infected node with probability and the susceptible with low energy level node becomes an infected node with probability . Both the contact rates and are positive constants. The malware itself will not cause additional cost to infected node. The infected node with low energy level can become infected node with high level if it is recharged, and the charge rate is a positive constant . The influence of the malware on the natural mortality rate of infected nodes should be ignored and nodes in four states are assigned equal natural mortality rate which satisfies . Figure 1 shows state transition diagram of the model.

Thus, our model can be formulated by the following ordinary differential equations:with initial valueswhere , represents the nodal degree. represents the probability that an edge connects to an infectious sensor node at time . Its expression iswhere represents the average nodal degree. represents the probability that a randomly chosen sensor node has degree , . Obviously, for all and ,

Then, we can deduce system (1) into

About the dynamic behaviour of the above deterministic model (5), we give the following corollary.

Corollary 1. *Define*(1)*If , the malware-free equilibrium is globally asymptotically stable.*(2)*If , there is an endemic equilibrium, and it is persistent.*

*Remark 1. *The threshold is obtained by , which depends on the fluctuations of the degree distribution and system parameters. Since malware will die out when , malware prevention measures can be designed to decrease , such as decreasing node connectivity to decrease the contact rates and increasing monitoring efforts on infective nodes to increase the detective rate .

#### 3. Control Strategy

In this section, we mainly concentrate on the control strategy of malware propagation. In the context of aperiodically intermittent stochastic noise stabilization of the complex heterogeneous network system, we propose a design procedure for the noise control input to stabilize system (5). At first, we consider a stochastic noise driven by Brownian motions and a g-type structure of the controller. The controller’s mathematical expression is , where is a 3*n*-dimensional Brownian motion corresponding to system variables and is the related white noise. To be flexible and to save cost, we design the control time as aperiodically intermittent type, which admits uncertain rest times. We give a sketch of aperiodically intermittent control strategy in Figure 2, under the perturbation of -type; the time span contains the work time and the rest time , and denotes the -th noise width. Naturally, the noise widths satisfy . The stochastic control input system iswherewith , . For the aperiodically intermittent perturbation strategy, the start time and the noise width might be different, but the total perturbation time ratio should be fixed in the long term. Mathematically, there exists a positive scalar , such that the above time nodes satisfy the following assumption:

We call as the control time ratio. Moreover, we assume for stochastic stability analysis, which guarantees the existence of a trivial solution .

Theorem 1. *If the aperiodically perturbed intensity satisfies , then the infected nodes will die out with probability one.*

*Proof. *Define a matrix *M*:We can calculate that . Let be the eigenvector of corresponding to ; then, we havewhere . Define a Lyapunov function:whereand is a constant. Using Itô formula, we obtainwhereNote that can be regarded as a linear growth function of ; as for , we can derive thatwhere represents an elementary matrix or an identity matrix. By condition (11), the above inequation becomesThen, we discuss the time in different time intervals. Obviously, there exists one positive integer such that .(1)If , thenwhich means(2)If , thenwhich meansComparing Case (1) and Case (2), we can conclude for thatTaking the expectation on both sides of the above inequation giveswhere . Since , there exists a positive integer such that when ,which implieswhere . By Chebyshev inequality, for any , we haveIf , from the definition of , we can obtain when . Consequently, we haveThen, we deduce thatSince is arbitrary, we obtainThen, sending , we obtain the minimum control intensity expression:Therefore, system (7) is almost surely stable if is bigger than the minimum control intensity. The proof is complete.

In Theorem 1, we give the global stability of the malware-free equilibrium. It is worth to mention that we separate interaction terms in the stochastic model (7) by using the group-theoretic approaching method, and then the infected groups and can be considered separately. Calculating the Lyapunov exponents, we obtain the global stability of the malware-free equilibrium.

*Proof of Corollary 1. *Set ; then, stochastic model (7) becomes deterministic model (5). The control intensity mathematical expression becomesIt implieswhich means . Applying Theorem 1, the malware-free equilibrium is globally asymptotically stable.

To get the endemic equilibrium solution , the right side of system (1) should equal to zero. The solution definitely satisfies the restrictive condition on the total quality of nodes:Combining and solving all the above equations, we can obtain an equation containing and . To guarantee a nontrivial solution of it, need to be bigger than one, and thus we obtain that there is an endemic equilibrium when .

Then, we prove the malware will be persistent when . If , the derivative of function V becomes positive for sufficiently close to except when . Otherwise, system (1) reduces to , which implies as . This establishes the malware-free equilibrium’s unstable property. Since the necessary and sufficient condition for uniform persistence is equivalent to the malware-free equilibrium being unstable, system (1) is persistent.

*Remark 2. * If and for all , system (7) becomes a periodic intermittent system. The minimum control intensity becomesThis agrees with Theorem 1 in Zhang et al. [41]. Our results can be regarded as a generalization of Zhang et al. [41].

*Remark 3. *According to the expression of , the control intensity depends on the network topological structure and system parameters. Apparently, if the degree distribution of WSNs follows a power law (like a scale-free network) and the number of nodes is huge enough, then , so the absence of control intensity, i.e., , is observed. Moreover, the disappearance of malware is related to perturbation time ratios . Thus, we can enhance or weaken noise intensity to decrease or increase the corresponding control time ratios. Control strategy would be designed based on our theoretical results.

#### 4. Numerical Simulation

The aperiodically intermittent noise controller can stabilize system (1) under the intensity . From the expression, control intensity is directly proportional to the contact rates and inversely proportional to the control time ratio. Using Milstein’s higher order method [47], the discretized equations for the system (7) arewhere are independent random variables *N* (0, 1), . Generally, we assume WSN is a scale-free network with the power law distribution , where satisfies . We set the initial values to and .

Choosing parameter values in Table 1, the reproduction number is

According to Corollary 1, the malware is persistent. The top two pictures in Figure 3 show that the solution of system (1) converges to the endemic equilibrium. The last two pictures in Figure 3 show clearly that the number of infected nodes and converge to a positive constant.

To stabilize the above deterministic model, we choose different control intensities by adjusting control time to compare the stabilization effects.(i)Let control time ratio and initial value (900, 50, 50, 0, …, 900, 50, 50, 0). Generating the aperiodically intermittent time intervals randomly, we give two examples in the middle two pictures of Figure 4. We can calculate that ; according to Theorem 1, and all tend to zero; Figure 4 shows clearly that the malware disappears.(ii)Increase the control time ratio to ; specific aperiodically intermittent time intervals are shown in the middle two pictures of Figure 5. We can obtain that , the condition in Theorem 1 is satisfied, and and all tend to zero. The top two and the last two pictures of Figure 5 show clearly that all the infected nodes go to zero.(iii)Adding control time to full time. Figure 6 shows the solution of system (7) converges to the malware-free equilibrium, and all tend to zero, and the malware nodes will disappear. Comparing Figures 4–6, we can conclude that the bigger the perturbation intensity is, the faster the steady speed is.

#### 5. Conclusion

Based on network topology and malware propagation property, we established a heterogeneous wireless sensor network model which considers the influence of energy consumption to node communication. The basic reproduction number has been given which determines the extinction or persistence of malware: if , the malware will die out; if , the malware will be persistent. To control malware spreading, we design a kind of aperiodically intermittent stochastic noise controller, starting time and control length of which are arbitrary. We can control steady rate autonomously by adjusting the work width. Using the straightening operator and Markov inequality, we calculate the specific stochastic noise intensity , which is inversely proportional to intermittent time. When stochastic noise controller’s intensity is greater than , malware propagation will be controlled with probability 1. Otherwise, the malware program will destroy the wireless sensor networks. This stochastic stabilization method presents a new theoretical strategy for wireless sensor network security: stochastic noise controller. Numerical simulations are given to illustrate the stabilization effect of stochastic noise.

#### Data Availability

No data were used to support this study.

#### Conflicts of Interest

The authors declare that they have no conflicts of interest.

#### Acknowledgments

This study was supported by the Guangzhou Education Bureau science foundation project (1201630502) and Research Fund for Guangzhou University (YG2020010).