- About this Journal ·
- Abstracting and Indexing ·
- Aims and Scope ·
- Annual Issues ·
- Article Processing Charges ·
- Articles in Press ·
- Author Guidelines ·
- Bibliographic Information ·
- Citations to this Journal ·
- Contact Information ·
- Editorial Board ·
- Editorial Workflow ·
- Free eTOC Alerts ·
- Publication Ethics ·
- Reviewers Acknowledgment ·
- Submit a Manuscript ·
- Subscription Information ·
- Table of Contents

Mathematical Problems in Engineering

Volume 2014 (2014), Article ID 369360, 18 pages

http://dx.doi.org/10.1155/2014/369360

## Analysis of a Delayed Internet Worm Propagation Model with Impulsive Quarantine Strategy

^{1}Key Laboratory of Medical Image Computing, Northeastern University, Ministry of Education, Shenyang 110819, China^{2}College of Information Science and Engineering, Northeastern University, Shenyang 110819, China^{3}Software College, Northeastern University, Shenyang 110819, China

Received 9 December 2013; Accepted 31 March 2014; Published 28 April 2014

Academic Editor: Hamid Reza Karimi

Copyright © 2014 Yu Yao et al. This is an open access article distributed under the Creative Commons Attribution License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.

#### Abstract

Internet worms exploiting zero-day vulnerabilities have drawn significant attention owing to their enormous threats to Internet in the real world. To begin with, a worm propagation model with time delay in vaccination is formulated. Through theoretical analysis, it is proved that the worm propagation system is stable when the time delay is less than the threshold and Hopf bifurcation appears when time delay is equal to or greater than . Then, a worm propagation model with constant quarantine strategy is proposed. Through quantitative analysis, it is found that constant quarantine strategy has some inhibition effect but does not eliminate bifurcation. Considering all the above, we put forward impulsive quarantine strategy to eliminate worms. Theoretical results imply that the novel proposed strategy can eliminate bifurcation and control the stability of worm propagation. Finally, simulation results match numerical experiments well, which fully supports our analysis.

#### 1. Introduction

With the rapid growth of information technologies and network applications, severe challenges, in form of requirement of a suitable defense system, have been posed to make sure of the safety of the valuable information stored on system and in transit. For example, worms that exploit zero-day vulnerabilities have brought severe threats to Internet security in the real world. To date, none of the patches could effectively and reliably immunize the hosts thoroughly against being attacked by those worms. It may take a period of time for users to immunize their computers if they are in infected state. In addition, the failure of some vaccination measures or worm-variants may also lead to high risks that the hosts being immunized would be infected again. On the other hand, the propagation of worms in a system of interacting computers could be compared to contagious diseases in human population. In computer science field, computers are like individuals in an ecological system and thus the same mechanism of birth and death should be considered. Being infected by network worms or quarantined by IDS (intrusion detection systems), hosts will become dangerous and their owners will have to reinstall the system. Another factor to consider is that when new computers are brought, most of them have preinstalled operating systems but without newest safety patches while old computers are discarded and recycled. Consequently, in order to imitate the real world, birth and death rates should be introduced to worm propagations model.

Considering all the above, we firstly construct a worm propagation model with time delay in vaccination based on the classical epidemic Kermack-Mckendrick model [1] to describe the current situation. Through theoretical analysis, it is proved that Hopf bifurcation appears when time delay is equal to or greater than the threshold , which leads the number of infected hosts to be unpredictable and the propagation of worms to be out of control. In order to make up the deficiency of vaccination strategy and eliminate the negative impact of time delay, quarantine strategies are proposed to improve vaccination effect and eliminate bifurcation. The current quarantine strategy generally depends on the intrusion detection system, which can be classified into two categories: misuse and anomaly intrusion detection. Misuse intrusion detection system can accurately detect known worms. Based on misuse intrusion detection system, we propose constant quarantine strategy. Although it does improve vaccination effect, the system is still out of control and Hopf bifurcation is not eliminated either. Furthermore, the system fails to detect unknown worms and worm-variants. Anomaly intrusion detection system is of help in detecting these kinds of worm. However, it is always accompanied by high false-positive rate.

Consequently, this paper proposes a worm propagation model with impulsive quarantine strategy based on a hybrid intrusion detection system that combines both misuse and anomaly intrusion detection to make up for the gaps existing in the two systems. After adoption impulsive quarantine strategy, it is clearly proved that Hopf bifurcation is eliminated thoroughly so that the system is stable.

The rest of the paper is organized as follows. In the next section, related work on time delay and quarantine strategy is introduced. Section 3 provides a worm propagation model with time delay in vaccination. In Section 4, we construct a delayed worm propagation model with constant quarantine and analyze it in detail. Then, in Section 5, a delayed worm propagation model using impulsive quarantine strategy is proposed, and its analysis is performed. Section 6 presents numerical analyses and simulation experiments based on Slammer worm. Simulation results match well with numerical ones. Finally, Section 7 gives the conclusions.

#### 2. Related Work

With the similarity between Internet worms and biological diseases, epidemiological models have been widely used in modeling the propagation of worms [2–6]. To make the worm transmission in computer network work as in the real word, the research within the data-driven framework has been done [7–9]. Although some human factors are included, these models cannot restrain worms effectively. Thus, a variety of containment strategies have been applied to worm propagation models. As far as we know, the use of quarantine strategies has produced a great effect on controlling disease. People use quarantine strategies widely in worm containment enlightened by this [10–16]. In addition, some scholars have done research on time delay [17–19].

However, previous studies have failed to consider the appropriate quarantine strategy to eliminate the negative effect of time delay. For instance, the pulse quarantine strategy that Yao has proposed [12] does lead to worm elimination with a relatively low value, but time delay is not considered, which leads to Hopf bifurcation so that the worm propagation system will be unstable and out of control. In this paper, constant quarantine and impulsive quarantine strategies are proposed to constrain the worms spreading and even eliminate Hopf bifurcation.

#### 3. Worm Propagation Model with Time Delay in Vaccination

With regard to worms exploiting zero-day vulnerabilities, none of the patches could effectively and reliably immunize the hosts. After the hosts are being infected, some measures, such as cutting off the network connection, running manual antivirus, or setting firewall, are taken to remove the worms. With these measures being carried out, the hosts cannot further infect other susceptible hosts, but they are in fact not vaccinated completely. Namely, detecting and cleaning worms take a period of time. Therefore, time delay should be considered in actual conditions. Since time delay exists, infected hosts go through a temporary state (delayed) after vaccination. Consequently, on the basis of KM model, we give a worm propagation model with time delay in vaccination. We assume all hosts are in one of four states: susceptible state (*S*), infected state (*I*), delayed state (*D*), and vaccinated state (*V*). The state transition diagram of the delayed model is given in Figure 1.

Let denote the number of susceptible hosts at time , denote the number of infected hosts at time , denote the number of delayed hosts at time , and denote the number of vaccinated hosts at time . is the infection rate at which susceptible hosts are infected by infected hosts and is the rate of removal of infected from circulation. As worms and worm-variants exist, is the rate that vaccinated hosts back to susceptible hosts. The newborn hosts enter the system with the same rate , of which a portion is recovered by installing patches at birth. Time delay is denoted by .

In order to show it clearly, we list in Notations section some frequently used notations in this paper.

##### 3.1. Description of Delayed Model

From the above definitions in the paper, we write down the complete differential equations of the delayed model: As mentioned above, the population size is set , which is set to unity:

##### 3.2. Stability of the Positive Equilibrium and Bifurcation Analysis

Theorem 1. *The system has a unique positive equilibrium when it satisfies the following condition: **, where , , .*

*Proof. *For system (1), if all the derivatives on the left of equal sign of the system are set to 0, which implies that the system becomes stable, we can derive
Substituting the value of each variable in (3) for each of (2), then we can derive

Obviously, if is satisfied, (4) has one unique positive root and there is one unique positive equilibrium of system (1). The proof is completed.

*According to (2), ; thus, system (1) can be simplified to
The Jacobi matrix of (5) about is given by
The characteristic equation of that matrix can be obtained by
Let
Then , .*

*Theorem 2. The positive equilibrium is locally asymptotically stable without time delay, if the following holds:.*

*Proof. *If , (7) reduces to

According to Routh-Hurwitz criterion, all the roots of (9) have negative real parts. Therefore, it can be deduced that the positive equilibrium is locally asymptotically stable without time delay. The proof is completed.

*Obviously, is a root of (7). After separating the real and imaginary parts, it can be written as
which implies
where
*

*Let ; (12) can be written as
is defined as . Hence, we can get a solution of .*

*Lemma 3. Suppose that , ; is satisfied.(1)If one of the following holds: (a) , ; (b) , ; and , then all roots of (7) have negative real parts when and is a certain positive constant.(2)If the conditions (a) and (b) are not satisfied, then all roots of (7) have negative real parts for all .*

*Proof. *When , (7) can be reduced to

By the Routh-Hurwitz criterion, all roots of (9) have negative real parts and only if

Considering (14), it is easy to see from the characters of cubic algebraic equation that is a strictly monotonically increasing function if . If , or , and , then has no positive root. Hence, (7) has no purely imaginary roots for any , which implies that the positive equilibrium of system (1) is absolutely stable. Therefore, the following theorem on the stability of positive equilibrium can be easily obtained.

*Theorem 4. Assume that and are satisfied, and , or , . and , then the positive equilibrium of system (1) is absolutely stable. Namely, is asymptotically stable for any time delay .*

*Assume that the coefficients in satisfy the condition as follows:, .*

*According to lemma, it is proved that (14) has at least a positive root , namely, the characteristic equation (7) has a pair of purely imaginary roots .*

*In view of the fact that (7) has a pair of purely imaginary roots , the corresponding is given by eliminating in (10) and (11):
Let be the root of (7), so that and are satisfied when .*

*Lemma 5. Suppose . If , then is a pair of purely imaginary roots of (7). In addition, if the conditions in Lemma 3 are satisfied, then
*

This signifies that there exists at least one eigenvalue with positive real part for . Differentiating both sides of (7) with respect to , it can be written as Therefore, where ; then it follows the hypothesis that .

Hence,

The root of characteristic equation (7) crosses from left to right on the imaginary axis as continuously varies from a value less than to one greater than according to Routh’s theorem. Therefore, according to the Hopf bifurcation theorem [20] for functional differential equations, the transverse condition holds and the conditions for Hopf bifurcation are satisfied at . Then the following result can be obtained.

*Theorem 6. Suppose that the conditions and are satisfied.(1)The equilibrium is locally asymptotically stable when , but unstable when .(2)If condition is satisfied, the system will undergo Hopf bifurcation at the positive equilibrium when , where is defined by (17).*

This implies that when time delay , the system will stabilize at its infection equilibrium point, which is beneficial to implement a containment strategy; when , the system will be unstable and worms cannot be effectively controlled.

*4. A Delayed Worm Propagation Model with Constant Quarantine*

*4. A Delayed Worm Propagation Model with Constant Quarantine*

*Enlightened by the methods in disease control, quarantine is selected as an effective way to diminish the speed of worm propagation. The current quarantine strategy generally depends on the intrusion detection system, which can be classified into two categories: misuse and anomaly intrusion detection [12]. As the delayed model cannot make sure of the system stable and controlled, quarantine strategies should be taken into consideration to further control the worm propagation.*

*4.1. Using Constant Quarantine Strategy to Model a Delayed Worm Propagation*

*4.1. Using Constant Quarantine Strategy to Model a Delayed Worm Propagation*

*Misuse intrusion detection system builds a database with the feature of known attack behaviors. The system can recognize the invaders once their behaviors agree with one of the databases and accurately detect known worms [12]. By applying misuse intrusion detection system for its relatively high accuracy, we add a new state called quarantine state () [9], but only infected hosts will be quarantined. denote the number of quarantined hosts at time . Unlike the quarantine strategy against epidemics, the implementation of constant quarantine strategy depends on the misuse intrusion detection system. Infected hosts will be quarantined at rate which depends on the performance of intrusion detection system and network devices. When infected hosts are quarantined, they will get rid of worms and get patched at rate . The state transition diagram of constant quarantine model is given in Figure 2.*

*4.2. Description of Constant Quarantine Model*

*4.2. Description of Constant Quarantine Model*

*According to the definitions above in the paper, the differential equations of constant quarantine model are given as follows:
Similarly,
*

*4.3. Stability of the Positive Equilibrium and Bifurcation Analysis*

*4.3. Stability of the Positive Equilibrium and Bifurcation Analysis*

*Theorem 7. The system has a unique positive equilibrium when it satisfies the following condition:, where , , , .*

*Proof. *For system (22), if all the derivatives on the left of equal sign of the system are set to 0, which implies that the system becomes stable, we can get

Substituting the value of each variable in (24) for each of (23), then we can get

Obviously, if is satisfied, (25) has one unique positive root , and there is one unique positive equilibrium of system (22). The proof is completed.

*According to (23), ; thus, system (22) can be simplified to
The Jacobi matrix of (26) about is given by
The characteristic equation of that matrix can be obtained by
Let
where
then
*

*Theorem 8. The positive equilibrium is locally asymptotically stable without time delay, if the following holds:, , ,where
*

*Proof. *If , (28) reduces to

According to Routh-Hurwitz criterion, all the roots of (33) have negative real parts. Therefore, it can be deduced that the positive equilibrium is locally asymptotically stable without time delay. The proof is completed.

*Obviously, is a root of (28). After separating the real and imaginary parts, it can be written as
which implies
where
*

*Let , and (35) can be written as
is defined as . Hence, we can get a solution of .*

*Lemma 9. Suppose that , , and ; is satisfied.(1)If one of the following holds: (a) , ; (b) , and . Then all roots of (28) have negative real parts when , is a certain positive constant.(2)If the conditions (a) and (b) are not satisfied, then all roots of (28) have negative real parts for all .*

*Proof. *when , (28) can be reduced to

By the Routh-Hurwitz criterion, all roots of (33) have negative real parts and only if

Considering (37), it is easy to see from the characters of cubic algebraic equation that is a strictly monotonically increasing function if . If , or , and , then has no positive root. Hence, (28) has no purely imaginary roots for any , which implies that the positive equilibrium of system (22) is absolutely stable. Therefore, the following theorem on the stability of positive equilibrium can be easily obtained.

*Theorem 10. Assume that and are satisfied, and , or , , and , then the positive equilibrium of system (22) is absolutely stable. Namely, is asymptotically stable for any time delay .Assume that the coefficients in satisfy the condition as follows:. According to lemma, it is proved that (37) has at least a positive root , namely, the characteristic equation (28) has a pair of purely imaginary roots .In view of the fact that (28) has a pair of purely imaginary roots , the corresponding is given by eliminating in (34):
Let be the root of (28), so that and are satisfied when .*

*Lemma 11. Suppose . If , then is a pair of purely imaginary roots of (28). In addition, if the conditions in Lemma 9 are satisfied, then
*

This signifies that there exists at least one eigenvalue with positive real part for . Differentiating both sides of (28) with respect to , it can be written as Therefore where ; then it follows the hypothesis that .

Hence,

The root of characteristic equation (28) crosses from left to right on the imaginary axis as continuously varies from a value less than to one greater than according to Routh’s theorem. Therefore, according to the Hopf bifurcation theorem for functional differential equations, the transverse condition holds and the conditions for Hopf bifurcation are satisfied at . Then the following result can be obtained.

*Theorem 12. Suppose that the conditions and are satisfied.(1)Equilibrium is locally asymptotically stable when , but unstable when .(2)If condition is satisfied, the system will undergo Hopf bifurcation at the positive equilibrium when , where is defined by (40).*

This implies that when time delay , the system will be stable at its infection equilibrium point so that it is easy to control and eliminate worms; when , the system will be unstable but the threshold is greater than delayed model’s, which illustrates the model with constant quarantine strategy gets stable easier and the users have more time to remove worms.

*5. A Delayed Worm Propagation Model with Impulsive Quarantine*

*5. A Delayed Worm Propagation Model with Impulsive Quarantine*

*5.1. Using Impulsive Quarantine Strategy to Model a Delayed Worm Propagation*

*5.1. Using Impulsive Quarantine Strategy to Model a Delayed Worm Propagation*

*Although constant quarantine strategy based on misuse intrusion detection does improve vaccination effect, the system is out of control and bifurcation is still not eliminated. In addition, the system fails to detect unknown worms and worm-variants. Anomaly intrusion detection system is of help in detecting these kinds of worm. However, the system is accompanied by high false-positive rate. To solve the problem of constant quarantine strategy and anomaly intrusion detection system, we proposed a novel quarantine strategy called impulsive quarantine based on a hybrid intrusion detection system, which can make up for the gaps existing in the two systems. Impulsive quarantine is implemented as follows: constant quarantine of infected hosts found by the misuse detection is performed, while susceptible and infected hosts detected by anomaly detection are quarantined in an impulsive way every units of time. The advantages of this strategy lie in both avoiding a high false-positive rate caused by anomaly detection and making up for the insufficiency of the misuse detection in detecting unknown worms [12]. Impulsive quarantine strategy adds two transitions as a result of the influence of the anomaly detection method. The susceptible and infected hosts detected by anomaly detection method are quarantined at rate and , respectively. Other settings are identical to those of constant quarantine model.*

*The state transition diagram of impulsive quarantine model is given in Figure 3.*

*5.2. Description of Impulsive Quarantine Model*

*5.2. Description of Impulsive Quarantine Model*

*The complete differential equations of the impulsive quarantine model are showed as follows:
where , the impulsive strategy is applied at a discrete time , and is the interval time of impulsive quarantine. is the moment at which we apply the th impulsive quarantine measure, whereas is the time just before the th impulsive quarantine measure is applied.*

*5.3. Global Attractivity of Infection-Free Periodic Solution*

*5.3. Global Attractivity of Infection-Free Periodic Solution*

*We have
Since , then system (45) can be rewritten as
*

*We may see that the first four equations in (47) are independent of the fourth equation. Therefore, the fourth equation can be omitted without loss of generality [21]. Hence, model (47) can be rewritten as
In the following, we introduce some notations and definitions in subsequent sections.*

*Let
Denote , the map defined by the right hand of the four equations of system (48).*

*Let be the space of continuous functions on with uniform norm. The initial conditions for (48) are
*

*Definition 13. *System (48) is said to be permanent if there exists a compact region such that every solution of system (48) with initial conditions (50) will eventually enter and remain in region .

*The solution of system (48) is a piecewise continuous function , is continuous on , , and exists. Obviously the smooth properties of guarantee the global existence and uniqueness of solutions of system (48) for detail on fundamental properties of impulsive systems [22, 23]. The following lemma is obtained.*

*Lemma 14. Suppose is a solution of system (48) with initial conditions (50), then for all .Denote
It is easy to show that is positively invariant with respect to (48) with initial conditions (48).*

*Lemma 15 (see [21, 22]). Consider the following equation:
where ; for .*

We have(i)if , then ,(ii)if , then .The proofs of case (i) and case (ii) are given in Theorems [24] and [25], respectively.

We first demonstrate the existence of the infection-free periodic solution, in which infected individuals are entirely absent from the population permanently, that is, for all . Under this condition, the , , and must satisfy

First we show below that the susceptible population oscillates with period , in synchronization with the periodic pulse vaccination. From the first and fourth equations of system (53), we have that is globally asymptotically stable, where

From the second and fifth equations of system (53), we have . Further, it follows from the third and sixth equations of system (53) that .

*Therefore is the infection-free periodic solution of system (48). In the rest of this section, we establish the global attractivity condition for the infection-free periodic solution.*

*Theorem 16. The infection-free periodic solution of system (48) is globally attractive provided that , where
*

*Proof. *Since , we can choose sufficiently small such that
It follows from the first equation of (48) that
Thus we consider the comparison impulsive differential system
According to [26], we obtain that the periodic solution of system (59)
is globally asymptotically stable, where

Let be the solution of system (48) with initial values (50) and let be the solution of system (59) with initial value . In view of the comparison theorem in impulsive differential equations [18, 19], there exists an integer such that
that is,
where is defined (55). Further, from the second equation of system (48), we know that (63) implies
Consider the following comparison differential system:
From (57), we have . According to Lemma 15 we have .

Let be the solution of system (48) with initial values (50) and ; let be the solution of system (65) with initial value . Consider the second and the sixth equations of system (48); according to Lemma 15, we have . Incorporating into the positivity of , we know that
Therefore, for any (sufficiently small), there exists an integer such that for all .

For the third equation of system (48), we have
Consider comparison differential equation, for ,
It is easy to see that . According to the comparison theorem, there is a such that, for all ,
Therefore, in view of the positivity of and sufficiently small , it follows from (69) that
Moreover, for the first equation of system (48), we have
Consider the following equations, for and :
According to [27], we know that the periodic solution of system (72)
is globally asymptotically stable, where
According to the comparison theorem in impulsive differential equations, there exists an integer such that
Since that is arbitrarily small, consider (63) and (75); we have that
is globally attractive, that is,
For the fourth equation of system (48), we have
for .

It is easy to obtain that there is a such that
In a similar way, there is a
Since that is arbitrarily small, consider (79) and (80); we have
It follows from (66), (70), (77), and (81) that the infection-free periodic solution is globally attractive. The proof of Theorem 16 is complete.

*6. Numerical and Simulation Experiments*

*6. Numerical and Simulation Experiments**In order to simulate the worm propagation in the real world, the parameters in the experiments are practical values. The Slammer worm is selected for experiments [10]. 750,000 hosts are picked as the population size, and the worm’s average scan rate is 3300 per second. The worm infection rate can be calculated as , which means that average 0.5763 hosts of all the hosts can be scanned by one host. The infection rate is , the recovery rate of infectious hosts is , the quarantine rate is , and the removal rate of quarantined hosts is . The rest of the parameters are , , and . At the beginning, there are 50 infected hosts, while others are susceptible. The following numerical analyses are supplement for the above results.*

*6.1. Numerical Experiments of Worm Propagation Model with Time Delay in Vaccination*

*6.1. Numerical Experiments of Worm Propagation Model with Time Delay in Vaccination**According to the above parameters, as shown in Figure 4, the curves of three kinds of host in system (1) are presented when . All of the three kinds of host get stable quickly, which illustrates that is asymptotically stable. It implies that the number of infected hosts stays very low and can be predicted. Further strategies can be developed and utilized to eliminate worms.*

*However, when time delay gets increased and then reach the threshold , will lose its stability and a bifurcation will occur. Figure 5 shows the susceptible, infected, and vaccinated hosts in system (1) when . In this figure, we can clearly see that the number of infected hosts will outburst after a short period of peace and repeat again and again but not in the same period, which means that it is hard to predict the number of infected hosts and to develop further strategies to eliminate worms.*

*In order to see the influence of time delay, is set to a different value each time with other parameters remaining the same. Figure 6 shows the number of infected hosts in the same coordinate with time delays , , , and . Initially, the four curves are overlapped, which means that time delay has little effect in the initial stage of worm propagation. With time delay increasing, the curve begins to oscillate. When time delay passes through the threshold , the infecting process gets unstable. Meanwhile, it can be discovered that the amplitude and period of the number of infected hosts get increased.*

*In Figure 7, the projection of the phase portrait of system (1) in -space is presented when and . In Figure 8, when , it is clear that the curve converges to a fixed point which suggests that the system is stable. When , the curve converges to a limit circle which implies that the system is unstable. Figure 9 shows bifurcation diagram with from 1 to 100; Hopf bifurcation will occur when .*

*6.2. Numerical Experiments of Worm Propagation Model with Constant Quarantine Strategy*

*6.2. Numerical Experiments of Worm Propagation Model with Constant Quarantine Strategy**In order to show the impact of constant quarantine strategy, we analyze the numerical results after adopting the constant quarantine strategy. Further, we compare them with the worm propagation model with time delay.*

*Figure 10 shows the curves of three kinds of host in system (22) when . All of the three kinds of host get stable quickly, which illustrates that is asymptotically stable.*

*When time delay gets increased and then reach the threshold , will lose its stability and a bifurcation will occur. Figure 11 shows the susceptible, infected, and vaccinated hosts in system (22) when . In this figure, we can clearly see that the number of infected hosts will outburst after a short period of peace and repeat again and again but the range is much less than delayed model’s. It implies that the constant quarantine strategy cannot eliminate the Hopf bifurcation, but it can reduce the max number of infected hosts.*

*In Figure 12, when , it is clear that the maximum of infected hosts is diminished sharply from 220,000 to 38,000, which illustrates that constant quarantine strategy has much better inhibition impact than single vaccination. However, constant quarantine strategy cannot eliminate the Hopf bifurcation; the system is still unstable and out of control.*

*Figure 13 shows the projection of the phase portrait of system (22) in -space when and . In Figure 14, when , it is clear that the curve converges to a fixed point which suggests that the system is stable. When , the curve converges to a limit circle which implies that the system is unstable. Figure 15 shows bifurcation diagram with from 1 to 90; we find that Hopf bifurcation will occur when . The threshold is greater than delayed model’s, which illustrates the model gets stable easier and the users have more time to remove worms.*

*6.3. Numerical Experiments of Worm Propagation Model with Impulsive Quarantine Strategy*

*6.3. Numerical Experiments of Worm Propagation Model with Impulsive Quarantine Strategy**The paper performs the numerical experiments and compares the results with constant quarantine model after using impulsive quarantine strategy. The interval time of impulsive quarantine is set . The susceptible and infected hosts detected by the anomaly intrusion detection method are quarantined at rate and , respectively. Other parameters are the same as constant quarantine model.*

*Figure 16 shows the curves of four kinds of host when . All of the four kinds of host get stable more quickly, which illustrates that is asymptotically stable. After using impulsive quarantine strategy, Figure 17 shows the curves of three kinds of hosts when . All kinds of hosts get stable within 4 hours, which implies that Hopf bifurcation has been eliminated thoroughly. In Figure 18, the number of infected hosts has been shown without quarantine, adopting quarantine strategy, and impulsive quarantine strategy, respectively. It is clear that the number of infected hosts is almost 0 after using the impulsive quarantine strategy, which is even much less than model using constant quarantine strategy. The result means that the impulsive quarantine strategy works well. Thus, the system will be stable and controlled so that the worm will not break out again.*

*6.4. Simulation Experiments*

*6.4. Simulation Experiments**The discrete-time simulation is an expanded version of Zou’s program [8] simulating Code Red worm propagation. The system in our simulation experiment consists of 750,000 hosts that can reach each other directly, which is consistent with the numerical experiments, and there is no topology issue in our simulation. At the beginning of simulation, 50 hosts are randomly chosen to be infected and the others are all susceptible. In the simulation experiments, the implement of transition rates of the model is based on probability. Under the propagation parameters of the Slammer worm, some simulation experiments are performed. Figure 19 shows that numerical and simulation curve of infected hosts match well when using the constant quarantine strategy and Figure 20 shows that numerical and simulation curve of infected hosts match well after using the impulsive quarantine strategy, whatever the value of is.*

*7. Conclusions*

*7. Conclusions**By considering that time delay leads to Hopf bifurcation so that the worm propagation system will be out of control, this paper proposes two quarantine strategies: constant quarantine and impulsive quarantine strategy to control the stability of worm propagation. Through theoretical analysis and simulation experiments, the following conclusions can be derived.(1)In order to accord with actual facts in the real world, a worm propagation model with time delay in vaccination is constructed. The critical time delay where Hopf bifurcation appears is obtained. When time delay , the worm propagation system will stabilize at its infection equilibrium point, which is beneficial to implement a containment strategy to eliminate the worm completely. When time delay , Hopf bifurcation appears, implying that the system will be unstable and the worm cannot be effectively controlled.(2)Constant quarantine strategy based on misuse IDS has only some inhibition impact. Through theoretical analysis, the threshold is greater than delayed model’s so that the users have more time to clean worms. Nevertheless, constant quarantine strategy cannot eliminate bifurcation.(3)Impulsive quarantine strategy is proposed, which can both make up for the gaps existing in the misuse and anomaly IDS and eliminate bifurcation. Through theoretical analysis and numerical experiments, the numerical results match theoretical ones well, which fully support our analysis.*

*Furthermore, various factors can affect worm propagation. The paper focuses on analyzing the influence of time delay. Other impact factors to worm propagation will be a major emphasis of our future research.*

*Notations*

*Notations*: | Total number of hosts in the network |

: | Number of susceptible hosts at time |

: | Number of infected hosts at time |

: | Number of delayed hosts at time |

: | Number of quarantined hosts at time |

: | Number of vaccinated hosts at time |

: | Infection rate |

: | Removal rate of infected hosts |

: | Rate from vaccinated to susceptible hosts |

: | Birth and death rates |

: | Birth ratio of susceptible hosts |

: | Quarantine rate |

: | Removal rate of quarantined hosts |

: | The interval time of impulsive quarantine |

: | Quarantine rate of susceptible hosts using impulsive quarantine |

: | Quarantine rate of infected hosts using impulsive quarantine |

: | Time delay of detecting and removing worms. |

*Conflict of Interests*

*Conflict of Interests**The authors declare that there is no conflict of interests regarding the publication of this paper.*

*Acknowledgments*

*Acknowledgments**This paper is supported by Program for New Century Excellent Talents in University (NCET-13-0113); Natural Science Foundation of Liaoning Province of China under Grant no. 201202059; Program for Liaoning Excellent Talents in University under LR2013011; Fundamental Research Funds of the Central Universities under Grants no. N120504006 and N100704001; and MOE-Intel Special Fund of Information Technology (MOE-INTEL-2012-06).*

*References*

*References*

- S. Qing and W. Wen, “A survey and trends on internet worms,”
*Computers and Security*, vol. 24, no. 4, pp. 334–346, 2005. View at Publisher · View at Google Scholar · View at Scopus - R. M. Anderson and R. M. May,
*Infected Diseases of Human, Dynamics and Control*, Oxford University Press, Oxford, UK, 1992. - Q. Zhu, X. Yang, and J. Ren, “Modeling and analysis of the spread of computer virus,”
*Communications in Nonlinear Science and Numerical Simulation*, vol. 17, no. 12, pp. 5117–5124, 2012. View at Publisher · View at Google Scholar · View at Zentralblatt MATH · View at MathSciNet - B. K. Mishra and S. K. Pandey, “Fuzzy epidemic model for the transmission of worms in computer network,”
*Nonlinear Analysis: Real World Applications*, vol. 11, no. 5, pp. 4335–4341, 2010. View at Publisher · View at Google Scholar · View at Scopus - B. K. Mishra and S. K. Pandey, “Dynamic model of worms with vertical transmission in computer network,”
*Applied Mathematics and Computation*, vol. 217, no. 21, pp. 8438–8446, 2011. View at Publisher · View at Google Scholar · View at Zentralblatt MATH · View at MathSciNet - J. Ren, X. Yang, Q. Zhu, L.-X. Yang, and C. Zhang, “A novel computer virus model and its dynamics,”
*Nonlinear Analysis: Real World Applications*, vol. 13, no. 1, pp. 376–384, 2012. View at Publisher · View at Google Scholar · View at Zentralblatt MATH · View at MathSciNet - S. Yin, S. X. Ding, A. Haghani, H. Hao, and P. Zhang, “A comparison study of basic data-driven fault diagnosis and process monitoring methods on the benchmark Tennessee Eastman process,”
*Journal of Process Control*, vol. 22, no. 9, pp. 1567–1581, 2012. View at Publisher · View at Google Scholar - S. Yin, S. X. Ding, A. H. A. Sari, and H. Hao, “Data-driven monitoring for stochastic systems and its application on batch process,”
*International Journal of Systems Science*, vol. 44, no. 7, pp. 1366–1376, 2013. View at Publisher · View at Google Scholar · View at Zentralblatt MATH · View at MathSciNet - S. Yin, L. Hao, and S. Ding, “Real-time implementation of fault-tolerant control systems with performance optimization,”
*IEEE Transactions on Industrial Electronics*, vol. 61, no. 5, pp. 2402–2411, 2013. View at Google Scholar - L.-X. Yang, X. Yang, Q. Zhu, and L. Wen, “A computer virus model with graded cure rates,”
*Nonlinear Analysis: Real World Applications*, vol. 14, no. 1, pp. 414–422, 2013. View at Publisher · View at Google Scholar · View at Zentralblatt MATH · View at MathSciNet - C. C. Zou, W. Gong, and D. Towsley, “Code red worm propagation modeling and analysis,” in
*Proceedings of the 9th ACM Conference on Computer and Communications Security*, pp. 138–147, ACM, November 2002. View at Scopus - C. C. Zou, W. Gong, and D. Towsley, “Worm propagation modeling and analysis under dynamic quarantine defense,” in
*Proceedings of the ACM Workshop on Rapid Malcode (WORM '03)*, pp. 51–60, ACM, October 2003. View at Scopus - Y. Yao, X.-W. Xie, H. Guo, G. Yu, F.-X. Gao, and X.-J. Tong, “Hopf bifurcation in an Internet worm propagation model with time delay in quarantine,”
*Mathematical and Computer Modelling*, vol. 57, no. 11-12, pp. 2635–2646, 2013. View at Publisher · View at Google Scholar · View at Scopus - Y. Yao, W. Xiang, A. Qu, G. Yu, and F. Gao, “Hopf bifurcation in an SEIDQV worm propagation model with quarantine strategy,”
*Discrete Dynamics in Nature and Society*, vol. 2012, Article ID 304868, 18 pages, 2012. View at Publisher · View at Google Scholar · View at Zentralblatt MATH · View at MathSciNet - Y. Yao, L. Guo, H. Guo, G. Yu, F.-X. Gao, and X.-J. Tong, “Pulse quarantine strategy of internet worm propagation: modeling and analysis,”
*Computers and Electrical Engineering*, vol. 38, no. 5, pp. 1047–1061, 2012. View at Publisher · View at Google Scholar · View at Scopus - F. Wang, Y. Zhang, C. Wang, J. Ma, and S. Moon, “Stability analysis of a SEIQV epidemic model for rapid spreading worms,”
*Computers and Security*, vol. 29, no. 4, pp. 410–418, 2010. View at Publisher · View at Google Scholar · View at Scopus - H.-F. Huo and Z.-P. Ma, “Dynamics of a delayed epidemic model with non-monotonic incidence rate,”
*Communications in Nonlinear Science and Numerical Simulation*, vol. 15, no. 2, pp. 459–468, 2010. View at Publisher · View at Google Scholar · View at Zentralblatt MATH · View at MathSciNet - C. Zhang, W. Liu, J. Xiao, and Y. Zhao, “Hopf bifurcation of an improved SLBS model under the influence of latent period,”
*Mathematical Problems in Engineering*, vol. 2013, Article ID 196214, 10 pages, 2013. View at Publisher · View at Google Scholar - Z. Zhang and H. Yang, “Stability and Hopf bifurcation in a delayed SEIRS worm model in computer network,”
*Mathematical Problems in Engineering*, vol. 2013, Article ID 319174, 9 pages, 2013. View at Publisher · View at Google Scholar · View at MathSciNet - J. Ren, X. Yang, L.-X. Yang, Y. Xu, and F. Yang, “A delayed computer virus propagation model and its dynamics,”
*Chaos, Solitons & Fractals*, vol. 45, no. 1, pp. 74–79, 2012. View at Publisher · View at Google Scholar · View at Zentralblatt MATH · View at MathSciNet - C.-H. Li, C.-C. Tsai, and S.-Y. Yang, “Analysis of the permanence of an SIR epidemic model with logistic process and distributed time delay,”
*Communications in Nonlinear Science and Numerical Simulation*, vol. 17, no. 9, pp. 3696–3707, 2012. View at Publisher · View at Google Scholar · View at Zentralblatt MATH · View at MathSciNet - B. D. Hassard, N. D. Kazarinoff, and Y. H. Wan,
*Theory and Applications of Hopf Bifurcation*, vol. 41 of*London Mathematical Society Lecture Note Series*, Cambridge University Press, Cambridge, Mass, USA, 1981. View at MathSciNet - T. Dong, X. Liao, and H. Li, “Stability and Hopf bifurcation in a computer virus model with multistate antivirus,”
*Abstract and Applied Analysis*, vol. 2012, Article ID 841987, 16 pages, 2012. View at Publisher · View at Google Scholar - D. D. Bainov and P. S. Simeonov,
*Impulsive Differential Equations: Periodic Solutions and Applications*, Longman, Harlow, UK, 1993. - V. Lakshmikantham, D. D. Baĭnov, and P. S. Simeonov,
*Theory of Impulsive Differential Equations*, vol. 6 of*Series in Modern Applied Mathematics*, World Scientific Publishing, Teaneck, NJ, USA, 1989. View at MathSciNet - Y. Kuang,
*Delay Differential Equations with Applications in Population Dynamics*, vol. 191 of*Mathematics in Science and Engineering*, Academic Press, Boston, Mass, USA, 1993. View at MathSciNet - S. Gao, Z. Teng, and D. Xie, “The effects of pulse vaccination on SEIR model with two time delays,”
*Applied Mathematics and Computation*, vol. 201, no. 1-2, pp. 282–292, 2008. View at Publisher · View at Google Scholar · View at Zentralblatt MATH · View at MathSciNet

*
*