Discrete Dynamics in Nature and Society

Volume 2012 (2012), Article ID 693695, 13 pages

http://dx.doi.org/10.1155/2012/693695

## Propagation Behavior of Virus Codes in the Situation That Infected Computers Are Connected to the Internet with Positive Probability

^{1}College of Computer Science, Chongqing University, Chongqing 400044, China^{2}School of Electronic and Information Engineering, Southwest University, Chongqing 400716, China

Received 23 May 2012; Accepted 4 June 2012

Academic Editor: Yanbing Liu

Copyright © 2012 Lu-Xing Yang and Xiaofan Yang. This is an open access article distributed under the Creative Commons Attribution License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.

#### Abstract

All the known models describing the propagation of virus codes were based on the assumption that a computer is uninfected at the time it is being connected to the Internet. In reality, however, it is much likely that infected computers are connected to the Internet. This paper is intended to investigate the propagation behavior of virus programs provided infected computers are connected to the Internet with positive probability. For that purpose, a new model characterizing the spread of computer virus is proposed. Theoretical analysis of this model indicates that (1) there is a unique (viral) equilibrium, and (2) this equilibrium is globally asymptotically stable. Further study shows that, by taking active measures, the percentage of infected computers can be made below an acceptable threshold value.

#### 1. Introduction

The past few decades have witnessed a rapid progress in computer and communication domains. This progress, however, also provides rich techniques for the development of virus programs. Consequently, antivirus software is indispensable to safeguard data and files stored in computers or transmitted through network [1]. The development of antivirus software, in turn, is preceded by a full understanding of the way that computer viruses spread.

To a certain extent, the propagation of virus codes in a collection of interacting computers is analogous to the diffusion of infectious diseases in a population. Inspired by this analogy, some classical epidemic models were modified to characterize the propagation of computer virus, and the obtained results show that the long-term behavior of virus programs could be predicted [2–10]. Very recently, Yang et al. [11] introduced an interesting virus propagation model, known as the SLBS model, by considering the feature of virus codes that a computer possesses infection ability immediately when it is infected.

To our knowledge, all the known models describing the propagation of virus codes were established on the assumption that a computer is uninfected at the time it is being connected to the Internet. This assumption, however, is inconsistent with the fact that some computers are already infected at their respective connection times. Indeed, Zuo et al. [12] proved that there is no perfect antivirus software that can detect and clear all kinds of virus codes.

This paper is intended to examine the propagation behavior of virus codes in the case that infected computers are connected to the Internet with positive probability. For that purpose, a new computer virus propagation model, which incorporates in the SLBS model the possibility that infected computers are connected to the Internet, is proposed. Stability analysis of this model indicates that there is a unique (viral) equilibrium, which is globally asymptotically stable for any combination of the system parameters. Further investigation shows that, by taking active measures, the percentage of infected computers can be kept below an acceptable threshold value.

The remaining materials of this paper are organized in this fashion: Section 2 describes the new model. Section 3 proves the global asymptotic stability of the viral equilibrium. A few insights are drawn in Section 4 by conducting a parameter analysis. Finally, Section 5 summarizes this work.

#### 2. Model Formulation

At any time, a computer (i.e., node) is classified as either or according as it is connected to the Internet or not at that time, and the nodes all over the world are categorized into the following three classes. (i)* Susceptible nodes*, that is, uninfected nodes. (ii)*Latent nodes*, that is, infected nodes in which all viruses are in their respective latencies. (iii)*Attacked nodes*, that is, infected nodes in which at least one virus is performing its behavior module.

For our purpose, the whole set of internal nodes is partitioned into the following three compartments (i.e., subsets). (i) compartment: the set of all internal susceptible nodes. (ii) compartment: the set of all internal latent nodes. (iii) compartment: the set of all internal attacked nodes.

At time , let , , and denote the respective concentrations of , , and compartments, that is, their respective percentages in all internal nodes. Without ambiguity, , , and will be abbreviated as , , and , respectively.

Our model is based on the following reasonable hypotheses.(H1) The total amount of internal nodes is conservative. (H2)An external node is either susceptible or latent at the time it is being connected to the Internet. (H3)Due to that external susceptible nodes are connected to the Internet, at any time the concentration of compartment increases by . (H4)Due to that external latent nodes are connected to the Internet, at any time the concentration of compartment increases by . (H5)At any time an internal node is disconnected from the Internet with probability . This hypothesis is consistent with hypotheses (H1), (H3), and (H4). (H6)Due to the contact of susceptible nodes with infected nodes through the Internet, at any time an internal susceptible node is infected with probability . (H7)At any time an internal latent node is attacked with probability . (H8)An internal latent node cannot be cured, which means that its user doesnot start antivirus software actively. (H9) Due to the effect of antivirus software, at any time an internal attacked node is cured with probability .

Based on this collection of hypotheses, the new model is formulated as with initial conditions , , and .

Because , this system can be reduced to the following planar system: with initial conditions and . It is easily verified that the simply connected compact set is positively invariant for this system.

#### 3. Model Analysis

This section is devoted to understanding the dynamical behavior of system (2.2) within .

##### 3.1. Equilibrium

Theorem 3.1. *System (2.2) has a unique equilibrium within , where
**
Moreover, this equilibrium is viral, that is .*

*Proof. *All the equilibria of system (2.2) are determined by the following system of equations:
Solving this system, we get as the unique solution within . It is trivial to verify that .

*Remark 3.2. *This theorem shows that the proposed system has no virus-free equilibrium and, hence, doesn't undergo any bifurcation, whereas any known computer virus propagation model undergoes fold or backward bifurcation.

##### 3.2. Local Analysis

Next, let us examine the local stability of the viral equilibrium.

Lemma 3.3. * is locally asymptotically stable.*

*Proof. *Rewrite system (2.2) in the matrix-vector notation as
The Jacobian of evaluated at is
and the corresponding characteristic equation is
where
Let . Since
we have
that is, . Hence,
On the other hand,
By the Hurwitz criterion, the two roots of (3.7) both have negative real parts, and the claimed result follows by the Lyapunov theorem [13].

##### 3.3. Global Analysis

Now, it is the turn to examine the global stability of the viral equilibrium.

Lemma 3.4. *System (2.2) admits no periodic orbit that lies in the interior of .*

*Proof. *Define . Then,
By the Bendixson-Dulac criterion [13], the system has no periodic orbit.

Lemma 3.5. *System (2.2) admits no periodic orbit that passes through a point on , the boundary of .*

*Proof. *By the smoothness of all orbits of system (2.2), it can be concluded that: (1) there is no periodic orbit that passes through a corner of , that is, either (0,0) or (0,1) or (1,0), (2) if there is a periodic orbit that passes through a noncorner point on , then this orbit must be tangent to at this point. On the contrary, suppose there is a periodic orbit that passes through a noncorner point on , then there are three possibilities.*Case *1: , . *Then we have *, *implying that ** is not tangent to ** at this point. A contradiction occurs. **Case *2*: *, . *Then we have **, implying that ** is not tangent to ** at this point, again a contradiction. **Case *3: *, **, **. Then we have **, implying that ** is not tangent to ** at this point, also a contradiction. *

Combining the above discussions, we conclude that there is no periodic orbit that passes through a point on .

We are ready to present the main result of this paper.

Theorem 3.6. * is globally asymptotically stable with respect to .*

*Proof. *The claimed result follows by combining the generalized Poincar-Bendixson theorem [13] with Lemmas 3.3–3.5.

*Remark 3.7. *This theorem shows that, with the elapse of time, the concentrations of latent nodes and attacked nodes would tend to and , respectively.

*Example 3.8. *Consider system (2.2) with , , , , , and . We have , and the phase portrait is presented in Figure 1.

*Example 3.9. *Consider system (2.2) with , , , , , and . We have , and the phase portrait is displayed in Figure 2.

*Example 3.10. *Consider system (2.2) with , , , , , and . We have , and the phase portrait is demonstrated in Figure 3.

*Example 3.11. *Consider system (2.2) with , , , , , and . We have , and the phase portrait is exhibited in Figure 4.

From Figures 1–4 one can see that, for each of these four systems, there exists a globally asymptotically stable viral equilibrium.

#### 4. Discussions

Due to the fact that the proposed model has no virus-free equilibrium, any effort in eradicating virus is doomed to failure. In practical situations, the best achievable goal is to keep the percentage of infected nodes below an acceptable threshold. For that purpose, some valuable suggestions shall be presented in this section.

Theorem 4.1. * if and only if
*

* Proof. *This result follows by substituting (3.1)-(3.2) into and simplifying the resulting inequality.

This theorem has the following three valuable corollaries.

Corollary 4.2. * if and only if , where
*

*Proof. *The claimed result holds by combining Theorem 4.1 with (3.10).

*Example 4.3 4.3. *Consider a class of systems (2.2) with , , , , and . In order that , it is sufficient by Corollary 4.2 that be satisfied. See Figure 5 for how varies with .

Corollary 4.4. * if and only if , where
*

* Proof. *The claimed result holds by Theorem 4.1.

*Example 4.5. *Consider a class of systems (2.2) with , , , , and . In order that , it is sufficient by Corollary 4.4 that be satisfied. See Figure 6 for how varies with .

Corollary 4.6. * if and only if , where
*

* Proof. *The claimed result holds by Theorem 4.1.

*Example 4.7. *Consider system (2.2) with , , , , and . In order that , it is sufficient by Corollary 4.6 that be satisfied. See Figure 7 for how varies with .

Second, check the dependency of on , , and , respectively. We have where

Theorem 4.8. *, , .*

* Proof. *
The proof is complete.

*Remark 4.9. *This theorem states that is increasing with , , and . Hence, another means of suppressing the concentration of infected nodes is to reduce these parameters.

Finally, examine the dependency of on and , respectively.

Theorem 4.10. * and if .*

*Proof. *By means of the implicit differentiation, it is derived that
Since
then
In view of , one can derive
which implies . Likewise,
The proof is complete.

*Remark 4.11. *This theorem states that in some cases is decreasing with and . Thus, still another means of inhibiting the concentration of infected nodes is to enhance these parameters.

#### 5. Summary

A new model describing the spread of computer virus has been proposed, under which infected computers are assumed to be probably connected to the Internet. To our knowledge, this is the first model with this reasonable assumption. Qualitative analysis of this model has shown that, entirely different from any previously proposed model, the new model admits no virus-free equilibrium. Rather, it possesses a globally asymptotically stable viral equilibrium. Furthermore, it has been indicated that, by adjusting some system parameters, the concentration of infected computers can be reduced.

This work provides a new insight into the modeling of propagation of computer virus, which, in our opinion, would arouse considerable interest from the computer virus community.

#### Acknowledgments

The authors are grateful to the anonymous reviewers for their careful reading and valuable suggestion. This work is supported by Doctorate Foundation of Education Ministry of China (Grant No. 20110191110022).

#### References

- H. Thimbleby, S. Anderson, and P. Cairns, “Framework for modelling Trojans and computer virus infection,”
*Computer Journal*, vol. 41, no. 7, pp. 444–458, 1998. View at Google Scholar · View at Scopus - X. Han and Q. Tan, “Dynamical behavior of computer virus on Internet,”
*Applied Mathematics and Computation*, vol. 217, no. 6, pp. 2520–2526, 2010. View at Publisher · View at Google Scholar · View at Zentralblatt MATH - J. O. Kephart, T. Hogg, and B. A. Huberman, “Dynamics of computational ecosystems,”
*Physical Review. A*, vol. 40, no. 1, pp. 404–421, 1989. View at Publisher · View at Google Scholar - B. K. Mishra and S. K. Pandey, “Dynamic model of worms with vertical transmission in computer network,”
*Applied Mathematics and Computation*, vol. 217, no. 21, pp. 8438–8446, 2011. View at Publisher · View at Google Scholar · View at Zentralblatt MATH - J. R. C. Piqueira and V. O. Araujo, “A modified epidemiological model for computer viruses,”
*Applied Mathematics and Computation*, vol. 213, no. 2, pp. 355–360, 2009. View at Publisher · View at Google Scholar · View at Zentralblatt MATH - L.-P. Song, Z. Jin, G.-Q. Sun, J. Zhang, and X. Han, “Influence of removable devices on computer worms: dynamic analysis and control strategies,”
*Computers & Mathematics with Applications*, vol. 61, no. 7, pp. 1823–1829, 2011. View at Publisher · View at Google Scholar · View at Zentralblatt MATH - F. Wang, Y. Zhang, C. Wang, J. Ma, and S. Moon, “Stability analysis of a SEIQV epidemic model for rapid spreading worms,”
*Computers and Security*, vol. 29, no. 4, pp. 410–418, 2010. View at Publisher · View at Google Scholar · View at Scopus - J. C. Wierman and D. J. Marchette, “Modeling computer virus prevalence with a susceptible-infected-susceptible model with reintroduction,”
*Computational Statistics & Data Analysis*, vol. 45, no. 1, pp. 3–23, 2004. View at Publisher · View at Google Scholar - Y. Yao, X. Xie, H. Guo, G. Yu, F. Gao, and X. Tong, “Hopf bifurcation in Internet worm propagation with time delay in quarantine,”
*Mathematical and Computer Modelling*. In press. View at Publisher · View at Google Scholar - H. Yuan and G. Chen, “Network virus-epidemic model with the point-to-group information propagation,”
*Applied Mathematics and Computation*, vol. 206, no. 1, pp. 357–367, 2008. View at Publisher · View at Google Scholar · View at Zentralblatt MATH - L.-X. Yang, X. Yang, L. Wen, and J. Liu, “A novel computer virus propagation model and its dynamics,”
*International Journal of Computer Mathematics*. In press. - Z. Zuo, Q. Zhu, and M. Zhou, “On the time complexity of computer viruses,”
*IEEE Transactions on Information Theory*, vol. 51, no. 8, pp. 2962–2966, 2005. View at Publisher · View at Google Scholar - R. C. Robinson,
*An Introduction to Dynamical Systems: Continuous and Discrete*, Pearson Prentice Hall, Upper Saddle River, NJ, USA, 2004.