#### Abstract

The widespread use of online game accelerators also induces them to become a medium for hackers to spread Trojan horses. In this paper, we propose a novel compartment model which considered the heterogeneity of online computer game players aiming to characterize the Trojan propagation. Specifically, we distinguish rational game players from impulsive game players in our model. The spreading threshold is obtained, and the global stability of equilibrium is also verified. Moreover, Trojan’s control problem is studied by using Pontryagin’s maximum principle. Numerical results confirm the stability of the system and the effectiveness of the optimal control strategy. Besides, more numerical results also show that some control strategies such as warning and caution should be taken at the very beginning of game player downloading the malicious accelerator.

#### 1. Introduction

Online game accelerator, as a computer program, is used to speed up online computer games. However, as a result of its popularity and wide use, more and more cybercriminals mask Trojan in it to launch attacks today [1]. Once victims are tricked into executing Trojan on their system, their computers will be controlled remotely, and even confidential information such as banking information, passwords, or personal identity will be stolen [2, 3]. On the contrary, most of the game players pay little attention to the system security when they play computer games. Thus, it is easy for attackers to spread Trojan via online game accelerators.

In the area of epidemic disease, establishing a dynamical model is recognized as an effective method to predict the scale of disease outbreaks and develop the constant control measures. Also, researchers use dynamics theory to build mathematical models to solve scientific problems [4–6]. Inspired by this, lots of classical models have been presented to study the spreading mechanism of malware (virus, worms, and Trojan) and the factors affecting its propagation process [7–11]. Considering the earlier studies neglected the network structure in malware propagation, some dynamical models which focused on the network topology were proposed [12–16]. However, most of the aforementioned models are obtained upon the assumption that a susceptible node will be infected once they contact with (e.g., received the malicious hyperlinks, messages, or emails) the infected nodes. In reality, the susceptible nodes will not be infected immediately until they click the malicious links and execute Trojan. Additionally, to our knowledge, there are almost no works on Trojan propagation via online game accelerators. Therefore, in this paper, we propose an SEIR (Susceptible-Exposed-Infected-Recovered) model to address the problem of Trojan propagation via online game accelerators. Especially, we consider that the probability of every game player clicking hyperlinks with malware about game accelerator downloading is determined by the player’s rationality factor and impulse factor together. If the rational factor is greater than the impulsive factor, we define the user as a rational player; otherwise, it is an impulsive player. The detailed process of Trojan infiltration will be discussed later.

Another aspect about dynamics research is to design the time-varying control strategy [17–20]. It is well known that the optimal control theory provides an appropriate framework for such problems [21, 22]. Here, we establish an optimal control system over applying the optimal theory. Based on Pontryagin’s maximum principle, the optimal control strategy is proposed to minimize the infected users as well as minimize the control strategy costs.

This paper is organized as follows. In Section 2, we propose the new model to characterize the Trojan spreading via online game accelerators. In Section 3, we derive the basic reproduction number and the equilibrium of the simplified system. The local asymptotic stability and the global stability of disease-free equilibria and endemic equilibria are studied. In Section 4, we discuss the optimal control measures aiming to seek cost-effective solutions of control for Trojan. Furthermore, in Section 5, we show the numerical simulation to illustrate the theoretical results. Finally, the conclusion and discussion are given in the last section.

#### 2. Model

In this section, we construct a state diagram for Trojan propagation via online game accelerators.

##### 2.1. The New Model

In our model, the whole nodes (computers) in the network are divided into four states: susceptible, exposed, infectious, and recovered, and the state of a node changes among these four states over time. The transmission process is illustrated in Figure 1.(A)Susceptible node , which means that the node (computer) is not infected currently but vulnerable to become infectious(B)Exposed node , which means that the node (computer) is exposed to Trojan and has been infected but cannot infect others(C)Infectious node , which means that the node (computer) has been infected and can infect other nodes(D)Recovered node , which means that the node (computer) is recovered by Trojan killing removal or any other methods and cannot be infected by Trojan anymore

The attack process is described as follows.

##### 2.2. Model Description

Firstly, Trojan developers create relationships with real game players. Secondly, developers send malicious hyperlinks such as web links, short messages, compressed packages, or emails to game players and trick them into clicking on these things. The computer game player is infected once he runs the malicious code on his computer. Then, developers can control the computers remotely and even attack other computers on the same network soon after. As shown in Figure 1, the *S*-state node will be exposed with the rate of when they receive the malicious accelerator links from infected nodes. Then, some of exposed nodes enter the *I*-state compartment with the rate of because impulsive players use the malicious online game accelerator, and others enter the *R*-state with the rate of because rational players perform antivirus scanning or take other measures. The infected node will be recovered by Trojan killing removal. The definitions of frequently used variables are given in Table 1.

In addition, we make the following assumptions in the model:(1)All the new jointed nodes are vulnerable to Trojan when they appear for the first time.(2)Once the nodes are vaccinated, they will be immune permanent and cannot be infected by Trojan anymore.(3)The natural death rate of every node in different states is the same.

We present the dynamic process in the following deterministic ordinary differential equations:

#### 3. The Dynamics of the SEIR Model

This section is dedicated to gain insight into the dynamic properties of the model, including the propagation threshold, the equilibrium, and their global stability. Adding the four equations of system (1) together, we have

From equation (2), it isand then

Therefore, the set is a positive invariant of system (1).

##### 3.1. The Basic Reproduction Number and Equilibrium

Let and ; system (1) is reduced as

It is clear that system (5) always has a disease-free equilibrium .

Following the methods in [23, 24], we can rewrite system (5) as follows:where

Then,

Finally, the basic reproduction number of the system is calculated as follows:which represents the number of secondary infections caused by a unique infected individual during its infection time. In our model, shows the Trojan spreading threshold value. If this threshold value is less than one, it represents that Trojan will die out. When it is greater than one, it represents that Trojan will outbreak.

If , we can also obtain a unique endemic equilibrium of system (5), where

##### 3.2. The Stability of Equilibrium

It should be noted that the first three equations of system (5) are independent of the fourth one. Without loss of generality, the system can be omitted as follows:

Lemma 1. *If , the disease-free equilibrium of the system is locally asymptotically stable.*

*Proof. *The Jacobian matrix of linearized system (9) at isso we havewhere , , and . Equation (13) always has a negative characteristic root: . Other roots are determined by the following equation:Based on the relationship between roots and coefficients of the quadratic equation, equation (14) has negative real parts when . According to the Routh–Hurwitz criterion [25], the disease-free equilibrium of the system is locally asymptotically stable.

Lemma 2. *If , the equilibrium of the system is locally asymptotically stable.*

*Proof. *The Jacobian matrix of linearized system (11) isThe characteristic equation of system (15) iswhere , , and . According to the Hurwitz criterion,If , then ; all roots of equation (16) are negative real parts. Thus, the equilibrium is locally asymptotically stable when .

Theorem 1. *If , the disease-free equilibrium of the system is globally asymptotically stable and unstable if .*

*Proof. *Consider the following function :where and ; the time derivative of isLet .

If , if and only if ; thus, and . Therefore, the largest invariant set of is the singleton when .

If , implies that ; thus, , , and . Therefore, the largest invariant set of is the singleton when . By LaSalle’s invariance principle [26], is globally asymptotically stable when .

If , equation (13) has two negative roots and one positive root. Hence, is unstable.

Theorem 2. *If , the endemic equilibrium of the system is globally asymptotically stable.*

*Proof. *Define a Lyapunov function:Then, the derivation of isThen, it is easy to prove that when ; the equality holds only when . Thus, we obtainOne can see that in the largest invariant subset is the singleton . By LaSalle’s invariance principle [26], is globally asymptotically stable when .

#### 4. Optimal Control and Strategies

In this section, an optimal control system is established via the optimal control theory. We aim to minimize the number of infected computers and the corresponding economic losses during the course of an epidemic. Control strategies, such as warning and caution, can realize the control of Trojan at different costs. Assuming that the transmission rate of rational players from exposed to recovered nodes is constant, it fails to well reflect the dynamic control of the countermeasures on the spread of Trojan. In the real world, countermeasures can be flexibly spread on the internet as needed. Therefore, the transmission rate can be regarded as a function of time so that we can adjust the transmission rate dynamically to minimize the spread of Trojan and the corresponding costs. In this section, we regard the rate of users from the compartment to the compartment as the control variable; it means that is varying with time . Model system (5) becomeswith the given objective function

Let denote the control set of , andwhere is the time when the control measures are over and coefficients and are positive weights.

We seek the optimal solution which satisfies objective function (24). Next, we will analyze the existence of and solve it.

##### 4.1. The Existence of the Optimal Control Solution

Theorem 3. *There exists an optimal solution satisfying the control system.*

*Proof. *According to the Corollary of [27], if the control system satisfies the following five conditions simultaneously, the optimal solution exists:(i) is closed and convex. Suppose is a limit point of ; there exists a sequence of points . The closedness is from . And then, we prove the convexity of . Let and ; we have as is a real vector space. Hence, the convexity is obtained.(ii)For any control variable , the solution of system (23) obviously exists for any initial variable , , , and .(iii)Let the function represent the right parts of the equations of system (23); is continuous and bounded and can be written as a linear function of in four states.(iv) is concave on . We calculate the function , so the function *L* is convex on .(v)There exist two positive constants and such that . Let ; we have .

##### 4.2. Solution to the Optimal Control Problem

In this section, we will deal with the optimal control problem applying Pontryagin’s maximum principle [27]. Define the Hamiltonian aswhere are the adjoint variables to be described later.

Theorem 4. *Let , , , and be the optimal state solutions of dynamic model (25) related to the optimal control . And there exist adjoint variables , , , and that satisfywith the transversality condition**In addition, the optimal control is given by*

*Proof. *According to Pontryagin’s maximum principle with the Hamiltonian function [28], the adjoint equations can be determined by the following equations:with the transversality conditionFurthermore, by the necessary condition, we haveConsidering the optimality condition, we haveIt means that . So, the optimal control problem can be determined by the following system:

#### 5. Numerical Simulations

In this section, due to the difficulty of obtaining the real datasets, we develop simulation methods to verify theoretical results. This work consists of two parts: the first part is the simulations about dynamics of the SEIR model, and the second part is the simulations of the optimal control strategy.

##### 5.1. Numerical Simulations of the Dynamic Model

We set the parameters as , , , , , and , and the initial point is starting from . We can derive that , and the disease-free equilibrium is locally asymptotically stable. In Figure 2, the black line, green line, purple line, and blue line plot the time evolution of the four variables , , , and , respectively. Obviously, the orbits converge to . This indicates that Trojan can be controlled effectively when .

In Figure 3, we set ; the other parameters are the same as those mentioned above. We derive that , and the endemic equilibrium . The black line, green line, purple line, and blue line plot the time evolution of the four variables , , , and , respectively. We can verify that the orbits converge to stationary levels when .

##### 5.2. Numerical Simulations of the Optimal Control Model

This section is to introduce the simulations of the optimal control strategy of system (16), and it is solved by the Runge–Kutta fourth-order method. Let , , , and , and other parameters are the same as above. The dynamical process of is illustrated in Figure 4. This figure shows that control strategies such as antivirus software alerts and reminders from online game companies should be taken at the beginning of Trojan outbreak. To present the effectiveness of the proposed optimal control strategy, we have plotted the evolution of infected nodes and the objective function with different constant control strategies and optimal controls, respectively. Figures 5 and 6 illustrate that the optimal control makes the control costs and outbreak of Trojan minimized.

#### 6. Conclusion and Remarks

In this paper, we introduce the heterogeneity of computer game players to describe the Trojan propagation via online game accelerators. We conclude the epidemic threshold and prove that Trojan will outbreak if it exceeds. In addition, the control problem is suggested in two manners. One is constant control by the study of long-term dynamical behavior, and the other one is time-varying control based on optimal control theory. By Pontryagin’s maximum principle [29], the solution of the optimal control strategy is explicitly given. Numerical simulations are performed to illustrate the theoretical results. We suggest that, at the beginning of the Trojan epidemic, control strategies such as warning and caution should be taken immediately.

However, it must be mentioned that Trojan propagation is complex. In the future work, we will focus on the effects of the network structure in Trojan propagation via the online game accelerator. On the other aspect, it is crucial that users are more likely to believe the warning coming from the internet service provider, antivirus software, or their friends. This issue is also worth studying.

#### Data Availability

The data that support the findings of this study are available from the corresponding authors upon reasonable request.

#### Conflicts of Interest

The authors declare that they have no conflicts of interest.

#### Authors’ Contributions

Both authors contributed equally to this work.

#### Acknowledgments

This work was supported by the National Natural Science Foundation of China under Grant 61772478.