Computer Virus: Theory, Model, and MethodsView this Special Issue
Research Article | Open Access
Lu-Xing Yang, Xiaofan Yang, "Propagation Behavior of Virus Codes in the Situation That Infected Computers Are Connected to the Internet with Positive Probability", Discrete Dynamics in Nature and Society, vol. 2012, Article ID 693695, 13 pages, 2012. https://doi.org/10.1155/2012/693695
Propagation Behavior of Virus Codes in the Situation That Infected Computers Are Connected to the Internet with Positive Probability
All the known models describing the propagation of virus codes were based on the assumption that a computer is uninfected at the time it is being connected to the Internet. In reality, however, it is much likely that infected computers are connected to the Internet. This paper is intended to investigate the propagation behavior of virus programs provided infected computers are connected to the Internet with positive probability. For that purpose, a new model characterizing the spread of computer virus is proposed. Theoretical analysis of this model indicates that (1) there is a unique (viral) equilibrium, and (2) this equilibrium is globally asymptotically stable. Further study shows that, by taking active measures, the percentage of infected computers can be made below an acceptable threshold value.
The past few decades have witnessed a rapid progress in computer and communication domains. This progress, however, also provides rich techniques for the development of virus programs. Consequently, antivirus software is indispensable to safeguard data and files stored in computers or transmitted through network . The development of antivirus software, in turn, is preceded by a full understanding of the way that computer viruses spread.
To a certain extent, the propagation of virus codes in a collection of interacting computers is analogous to the diffusion of infectious diseases in a population. Inspired by this analogy, some classical epidemic models were modified to characterize the propagation of computer virus, and the obtained results show that the long-term behavior of virus programs could be predicted [2–10]. Very recently, Yang et al.  introduced an interesting virus propagation model, known as the SLBS model, by considering the feature of virus codes that a computer possesses infection ability immediately when it is infected.
To our knowledge, all the known models describing the propagation of virus codes were established on the assumption that a computer is uninfected at the time it is being connected to the Internet. This assumption, however, is inconsistent with the fact that some computers are already infected at their respective connection times. Indeed, Zuo et al.  proved that there is no perfect antivirus software that can detect and clear all kinds of virus codes.
This paper is intended to examine the propagation behavior of virus codes in the case that infected computers are connected to the Internet with positive probability. For that purpose, a new computer virus propagation model, which incorporates in the SLBS model the possibility that infected computers are connected to the Internet, is proposed. Stability analysis of this model indicates that there is a unique (viral) equilibrium, which is globally asymptotically stable for any combination of the system parameters. Further investigation shows that, by taking active measures, the percentage of infected computers can be kept below an acceptable threshold value.
The remaining materials of this paper are organized in this fashion: Section 2 describes the new model. Section 3 proves the global asymptotic stability of the viral equilibrium. A few insights are drawn in Section 4 by conducting a parameter analysis. Finally, Section 5 summarizes this work.
2. Model Formulation
At any time, a computer (i.e., node) is classified as either or according as it is connected to the Internet or not at that time, and the nodes all over the world are categorized into the following three classes. (i) Susceptible nodes, that is, uninfected nodes. (ii)Latent nodes, that is, infected nodes in which all viruses are in their respective latencies. (iii)Attacked nodes, that is, infected nodes in which at least one virus is performing its behavior module.
For our purpose, the whole set of internal nodes is partitioned into the following three compartments (i.e., subsets). (i) compartment: the set of all internal susceptible nodes. (ii) compartment: the set of all internal latent nodes. (iii) compartment: the set of all internal attacked nodes.
At time , let , , and denote the respective concentrations of , , and compartments, that is, their respective percentages in all internal nodes. Without ambiguity, , , and will be abbreviated as , , and , respectively.
Our model is based on the following reasonable hypotheses.(H1) The total amount of internal nodes is conservative. (H2)An external node is either susceptible or latent at the time it is being connected to the Internet. (H3)Due to that external susceptible nodes are connected to the Internet, at any time the concentration of compartment increases by . (H4)Due to that external latent nodes are connected to the Internet, at any time the concentration of compartment increases by . (H5)At any time an internal node is disconnected from the Internet with probability . This hypothesis is consistent with hypotheses (H1), (H3), and (H4). (H6)Due to the contact of susceptible nodes with infected nodes through the Internet, at any time an internal susceptible node is infected with probability . (H7)At any time an internal latent node is attacked with probability . (H8)An internal latent node cannot be cured, which means that its user doesnot start antivirus software actively. (H9) Due to the effect of antivirus software, at any time an internal attacked node is cured with probability .
Based on this collection of hypotheses, the new model is formulated as with initial conditions , , and .
Because , this system can be reduced to the following planar system: with initial conditions and . It is easily verified that the simply connected compact set is positively invariant for this system.
3. Model Analysis
This section is devoted to understanding the dynamical behavior of system (2.2) within .
Theorem 3.1. System (2.2) has a unique equilibrium within , where Moreover, this equilibrium is viral, that is .
Proof. All the equilibria of system (2.2) are determined by the following system of equations: Solving this system, we get as the unique solution within . It is trivial to verify that .
Remark 3.2. This theorem shows that the proposed system has no virus-free equilibrium and, hence, doesn't undergo any bifurcation, whereas any known computer virus propagation model undergoes fold or backward bifurcation.
3.2. Local Analysis
Next, let us examine the local stability of the viral equilibrium.
Lemma 3.3. is locally asymptotically stable.
Proof. Rewrite system (2.2) in the matrix-vector notation as The Jacobian of evaluated at is and the corresponding characteristic equation is where Let . Since we have that is, . Hence, On the other hand, By the Hurwitz criterion, the two roots of (3.7) both have negative real parts, and the claimed result follows by the Lyapunov theorem .
3.3. Global Analysis
Now, it is the turn to examine the global stability of the viral equilibrium.
Lemma 3.4. System (2.2) admits no periodic orbit that lies in the interior of .
Proof. Define . Then, By the Bendixson-Dulac criterion , the system has no periodic orbit.
Lemma 3.5. System (2.2) admits no periodic orbit that passes through a point on , the boundary of .
Proof. By the smoothness of all orbits of system (2.2), it can be concluded that: (1) there is no periodic orbit that passes through a corner of , that is, either (0,0) or (0,1) or (1,0), (2) if there is a periodic orbit that passes through a noncorner point on , then this orbit must be tangent to at this point. On the contrary, suppose there is a periodic orbit that passes through a noncorner point on , then there are three possibilities.
Case 1: , . Then we have , implying that is not tangent to at this point. A contradiction occurs.
Case 2: , . Then we have , implying that is not tangent to at this point, again a contradiction.
Case 3: , , . Then we have , implying that is not tangent to at this point, also a contradiction.
Combining the above discussions, we conclude that there is no periodic orbit that passes through a point on .
We are ready to present the main result of this paper.
Theorem 3.6. is globally asymptotically stable with respect to .
Remark 3.7. This theorem shows that, with the elapse of time, the concentrations of latent nodes and attacked nodes would tend to and , respectively.
Due to the fact that the proposed model has no virus-free equilibrium, any effort in eradicating virus is doomed to failure. In practical situations, the best achievable goal is to keep the percentage of infected nodes below an acceptable threshold. For that purpose, some valuable suggestions shall be presented in this section.
Theorem 4.1. if and only if
This theorem has the following three valuable corollaries.
Corollary 4.2. if and only if , where
Corollary 4.4. if and only if , where
Proof. The claimed result holds by Theorem 4.1.
Corollary 4.6. if and only if , where
Proof. The claimed result holds by Theorem 4.1.
Second, check the dependency of on , , and , respectively. We have where
Theorem 4.8. , , .
Proof. The proof is complete.
Remark 4.9. This theorem states that is increasing with , , and . Hence, another means of suppressing the concentration of infected nodes is to reduce these parameters.
Finally, examine the dependency of on and , respectively.
Theorem 4.10. and if .
Proof. By means of the implicit differentiation, it is derived that Since then In view of , one can derive which implies . Likewise, The proof is complete.
Remark 4.11. This theorem states that in some cases is decreasing with and . Thus, still another means of inhibiting the concentration of infected nodes is to enhance these parameters.
A new model describing the spread of computer virus has been proposed, under which infected computers are assumed to be probably connected to the Internet. To our knowledge, this is the first model with this reasonable assumption. Qualitative analysis of this model has shown that, entirely different from any previously proposed model, the new model admits no virus-free equilibrium. Rather, it possesses a globally asymptotically stable viral equilibrium. Furthermore, it has been indicated that, by adjusting some system parameters, the concentration of infected computers can be reduced.
This work provides a new insight into the modeling of propagation of computer virus, which, in our opinion, would arouse considerable interest from the computer virus community.
The authors are grateful to the anonymous reviewers for their careful reading and valuable suggestion. This work is supported by Doctorate Foundation of Education Ministry of China (Grant No. 20110191110022).
- H. Thimbleby, S. Anderson, and P. Cairns, “Framework for modelling Trojans and computer virus infection,” Computer Journal, vol. 41, no. 7, pp. 444–458, 1998.
- X. Han and Q. Tan, “Dynamical behavior of computer virus on Internet,” Applied Mathematics and Computation, vol. 217, no. 6, pp. 2520–2526, 2010.
- J. O. Kephart, T. Hogg, and B. A. Huberman, “Dynamics of computational ecosystems,” Physical Review. A, vol. 40, no. 1, pp. 404–421, 1989.
- B. K. Mishra and S. K. Pandey, “Dynamic model of worms with vertical transmission in computer network,” Applied Mathematics and Computation, vol. 217, no. 21, pp. 8438–8446, 2011.
- J. R. C. Piqueira and V. O. Araujo, “A modified epidemiological model for computer viruses,” Applied Mathematics and Computation, vol. 213, no. 2, pp. 355–360, 2009.
- L.-P. Song, Z. Jin, G.-Q. Sun, J. Zhang, and X. Han, “Influence of removable devices on computer worms: dynamic analysis and control strategies,” Computers & Mathematics with Applications, vol. 61, no. 7, pp. 1823–1829, 2011.
- F. Wang, Y. Zhang, C. Wang, J. Ma, and S. Moon, “Stability analysis of a SEIQV epidemic model for rapid spreading worms,” Computers and Security, vol. 29, no. 4, pp. 410–418, 2010.
- J. C. Wierman and D. J. Marchette, “Modeling computer virus prevalence with a susceptible-infected-susceptible model with reintroduction,” Computational Statistics & Data Analysis, vol. 45, no. 1, pp. 3–23, 2004.
- Y. Yao, X. Xie, H. Guo, G. Yu, F. Gao, and X. Tong, “Hopf bifurcation in Internet worm propagation with time delay in quarantine,” Mathematical and Computer Modelling. In press.
- H. Yuan and G. Chen, “Network virus-epidemic model with the point-to-group information propagation,” Applied Mathematics and Computation, vol. 206, no. 1, pp. 357–367, 2008.
- L.-X. Yang, X. Yang, L. Wen, and J. Liu, “A novel computer virus propagation model and its dynamics,” International Journal of Computer Mathematics. In press.
- Z. Zuo, Q. Zhu, and M. Zhou, “On the time complexity of computer viruses,” IEEE Transactions on Information Theory, vol. 51, no. 8, pp. 2962–2966, 2005.
- R. C. Robinson, An Introduction to Dynamical Systems: Continuous and Discrete, Pearson Prentice Hall, Upper Saddle River, NJ, USA, 2004.
Copyright © 2012 Lu-Xing Yang and Xiaofan Yang. This is an open access article distributed under the Creative Commons Attribution License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.