Research Article | Open Access

# Defending against the Advanced Persistent Threat: An Optimal Control Approach

**Academic Editor:**Angel M. Del Rey

#### Abstract

The new cyberattack pattern of advanced persistent threat (APT) has posed a serious threat to modern society. This paper addresses the APT defense problem, that is, the problem of how to effectively defend against an APT campaign. Based on a novel APT attack-defense model, the effectiveness of an APT defense strategy is quantified. Thereby, the APT defense problem is modeled as an optimal control problem, in which an optimal control stands for a most effective APT defense strategy. The existence of an optimal control is proved, and an optimality system is derived. Consequently, an optimal control can be figured out by solving the optimality system. Some examples of the optimal control are given. Finally, the influence of some factors on the effectiveness of an optimal control is examined through computer experiments. These findings help organizations to work out policies of defending against APTs.

#### 1. Introduction

Nowadays, the daily operation of most organizations, ranging from large enterprises and financial institutions to government sectors and military branches, depends largely on computers and networks. However, this dependency renders the organizations vulnerable to a wide range of cyberattacks. Traditional cyberattacks include computer viruses, worms, and spyware. Conventional cyber defense measures including firewall and intrusion detection turn out to be effective in withstanding these cyberattacks [1, 2].

The cybersecurity landscape has changed drastically over the past few years. A new type of cyberattack—advanced persistent threat (APT)—has posed an unprecedentedly serious threat to modern society. According to report, many high-profile organizations have experienced APTs [3], and the number of APTs has been increasing rapidly [4]. Compared with traditional cyberattacks, APTs exhibit two distinctive characteristics: (a) The attacker of an APT is a well-resourced and well-organized group, with the goal of stealing as many sensitive data as possible from a specific organization. (b) Based on meticulous reconnaissance, the attacker is going to launch a preliminary advanced social engineering attack on a few target users to gain footholds in the organization and then to gain access to critical information stealthily and slowly [5–7]. Due to these characteristics, APTs can evade traditional detection, causing tremendous damage to organizations. To date, the detection of APTs is far from mature [8, 9]. Consequently, the APT defense problem, that is, the problem of how to effectively defend against APTs, has become a major concern in the field of cybersecurity.

As a branch of applied mathematics, optimal control theory aims to solve a class of optimization problems in which, subject to a set of dynamic constraints, we seek to find a function (control) so that an objective functional is optimized [10, 11]. In real world applications, the set of dynamic constraints represents a dynamic environment, a control represents a time-varying strategy, and the objective functional represents an index to be maximized or minimized. Optimal control theory has been successfully applied to some aspects of cybersecurity [12–19]. To our knowledge, the APT defense problem has yet to be addressed in the framework of optimal control theory. To model the problem as an optimal control problem, we have to formulate an APT defense strategy as a control, characterize the state evolution of an organization as a set of dynamic constraints, and quantify the effectiveness of an APT defense strategy as an objective functional. The key to the modeling process is to accurately characterize the state evolution of an organization by employing the epidemic modeling technique [20].

Individual-level epidemic models refer to epidemic models in which the state evolution of each individual in a population is characterized by one or a few separate differential equations. As compared with the coarse-fined state-level epidemic models [21–26] and the intermediate degree-level epidemic models [27–33], the finest individual-level epidemic models can characterize spreading processes more accurately, because they can perfectly accommodate the network topology. The individual-level epidemic modeling technique has been successfully applied to areas such as the epidemic spreading [34–37], the malware spreading [38–43], and the rumor spreading [44]. In particular, a number of APT attack-defense models have recently been proposed by employing this technique [45–48].

This paper focuses on the APT defense problem. Based on a novel individual-level APT attack-defense model, the effectiveness of an APT defense strategy is quantified. On this basis, the APT defense problem is modeled as an optimal control problem, in which an optimal control represents a most effective APT defense strategy. The existence of an optimal control to the optimal control problem is proved, and an optimality system for the optimal control problem is derived. Therefore, an optimal control can be figured out by solving the optimality system. Some examples of the optimal control are presented. Finally, the influence of some factors on the effectiveness of an optimal control is examined through computer simulations. To our knowledge, this is the first time the APT defense problem is dealt with in this way. These findings help organizations to work out policies of defending against APTs.

The remaining materials are organized in this fashion. Section 2 models the APT defense problem as an optimal control problem. Section 3 studies the optimal control problem. Some most effective APT defense strategies are given in Section 4. Section 5 discusses the influence of different factors on the optimal effectiveness. This work is closed by Section 6.

#### 2. The Modeling of the APT Defense Problem

The goal of this paper is to solve the following problem.

*The APT Defense Problem*. Defend an organization against APTs in an effective way.

To achieve the goal, we have to model the problem. The modeling process consists of the following four steps.

*Step 1. *Introduce preliminary terminologies and notations.

*Step 2. *Establish an APT attack-defense model.

*Step 3. *Quantify the effectiveness of an APT defense strategy.

*Step 4. *Model the APT defense problem as an optimal control problem.

Now, let us proceed by following this four-step procedure.

##### 2.1. Preliminary Terminologies and Notations

Consider an organization with a set of computer systems labeled . Let denote the access network of the organization, where (a) each node stands for a system, that is, , and (b) if and only if system has access to system . Let denote the adjacency matrix for the network, that is, or 0 according to or not.

Suppose an APT campaign to the organization starts at time and terminates at time . Suppose at any time every node in the organization is either* secure*, that is, under the defender’s control, or* compromised*, that is, under the attacker’s control. Let and 1 denote the event that node is secure and compromised at time , respectively. The vectorstands for the* state* of the organization at time . Let and denote the probability of the event that node is secure and compromised at time , respectively. That is,As , the vectorstands for the* expected state* of the organization at time .

From the attacker’s perspective, each secure node in the organization is subject to the external attack. Let denote the cost per unit time for attacking a secure node . The vectorstands for an* attack strategy*. Additionally, each secure node is vulnerable to all the neighboring compromised nodes.

From the defender’s perspective, each secure node in the organization is protected from being compromised. Let denote the cost per unit time for protecting the secure node at time . The vector-valued functionstands for a* prevention strategy*. Additionally, each compromised node in the organization is recovered. Let denote the cost per unit time for recovering the compromised node at time . The vector-valued functionstands for a* recovery strategy*. We refer to the vector-valued functionas an* APT defense strategy*.

##### 2.2. An APT Attack-Defense Model

For fundamental knowledge on differential dynamical systems, see [49]. For our purpose, let us impose a set of hypotheses as follows.(H_{1})Due to the external attack and prevention, a secure node gets compromised at time at the average rate . The rationality of this hypothesis lies in that the average rate is proportional to the attack cost per unit time and is inversely proportional to the prevention cost per unit time.(H_{2})Due to the internal infection and prevention, a secure node gets compromised at time at the average rate , where is a constant, which we refer to as the* infection force*. The rationality of this assumption lies in that the average rate is proportional to the probability of each neighboring node being compromised and is inversely proportional to the prevention cost per unit time.(H_{3})Due to the recovery, a compromised node becomes secure at time at the average rate . The rationality of this assumption lies in that the average rate is proportional to the recovery cost per unit time.

According to these hypotheses, the state transitions of a node are shown in Figure 1. Hence, the time evolution of the expected state of the organization obeys the following dynamical system:

We refer to the model as the* APT attack-defense model*.

The APT attack-defense model can be written in matrix-vector notation as

##### 2.3. The Effectiveness of an APT Defense Strategy

The defender’s goal is to find the most effective APT defense strategy. To achieve the goal, we have to quantify the effectiveness of an APT defense strategy. For this purpose, let us introduce an additional set of hypotheses as follows.(H_{4})The prevention cost per unit time is bounded from above by and from below by , and the recovery cost per unit time is bounded from above by and from below by . That is, the admissible set of APT defense strategies is given by where denote the set of all the Lebesgue square integrable functions defined on the interval [50].(H_{5})The amount of losses caused by a compromised node in the infinitesimal time interval is , where stands for the out-degree of node in the network. The rationality of this hypothesis lies in that the more nodes a node has access to, the more serious the consequence when it is compromised [51, 52].

According to the hypotheses, the expected loss of the organization in the time horizon when implementing an APT defense strategy isand the overall cost for implementing the APT defense strategy isHence, the effectiveness of the APT defense strategy can be measured by the quantity Obviously, the smaller this quantity, the more effective the APT defense strategy. LetThen

##### 2.4. The Modeling of the APT Defense Strategy

Based on the previous discussions, the APT defense problem boils down to the following optimal control problem:Here, each control stands for an APT defense strategy, the objective functional stands for the effectiveness of an APT defense strategy, the set of constraints stands for the time evolution of the expected state of the organization, an optimal control stands for a most effective APT defense strategy, and the optimal value stands for the effectiveness of a most effective APT defense strategy.

#### 3. A Theoretical Analysis of the Optimal Control Problem

For fundamental knowledge on optimal control theory, see [10, 11]. This section is devoted to studying the optimal control problem (16).

##### 3.1. The Existence of an Optimal Control

As an optimal control to problem (16) represents a most effective APT defense strategy, it is critical to show that the problem does have an optimal control. For this purpose, we need the following lemma [11].

Lemma 1. *Problem (16) has an optimal control if the following five conditions hold simultaneously. *(C_{1})* is closed and convex.*(C_{2})*There is such that the adjunctive dynamical system is solvable.*(C_{3})* is bounded by a linear function in .*(C_{4})* is convex on .*(C_{5})* for some vector norm , and .*

Next, let us show that the five conditions in Lemma 1 indeed hold.

Lemma 2. *The admissible set is closed.*

*Proof. *Let be a limit point of , and let , be a sequence of points in that approaches . As is complete, we have . Hence, the claim follows from the observation that

Lemma 3. *The admissible set is convex.*

*Proof. *Let , , . As is a real vector space, we get . So, the claim follows from the observation that

Lemma 4. *There is such that the associated adjunctive dynamical system is solvable.*

*Proof. *Consider the adjunctive dynamical systemwhere . As is continuously differentiable, the claim follows from the Continuation Theorem for Differential Dynamical Systems [49].

Lemma 5. * is bounded by a linear function in .*

*Proof. *The claim follows from the observation that, for , ,

Lemma 6. * is convex on .*

*Proof. *Let , . Then

Lemma 7. * One has *

*Proof. *We have

Based on Lemmas 1–7, we get the following result.

Theorem 8. *Problem (16) has an optimal control.*

This theorem guarantees that there is a most effective APT defense strategy.

##### 3.2. The Optimality System

It is known that the optimality system for an optimal control problem offers a method for numerically solving the problem. This subsection is intended to present the optimality system for problem (16). For this purpose, consider the corresponding Hamiltonianwhere is the adjoint.

Theorem 9. *Suppose is an optimal control to problem (16) and is the solution to the adjunctive dynamical system with . Then, there exists with such that, for , ,*

*Proof. *According to the Pontryagin Minimum Principle [10], there exists such thatThus, the first equations in the claim follow by direct calculations. As the terminal cost is unspecified and the final state is free, the transversality condition holds. By using the optimality condition we get (a) eitheror or and (b)Combining the above discussions, we get the optimality system for problem (16) as follows.where , , , .

Applying the forward-backward Euler scheme to the optimality system, we can obtain an optimal control to problem (16), that is, a most effective APT defense strategy.

#### 4. Some Most Effective APT Defense Strategies

In this section, we give some most effective APT defense strategies by solving the optimality system (29). For ease in observation, let us introduce two functions as follows. For an admissible control to problem (16), define the* cumulative effectiveness (CE)* asand define the* superposed control (SC)* asObviously, we have .

For some optimal control problems, let us give the cumulative effectiveness and superposed control for an optimal control.

*Example 10. *Consider problem (16) in which is a scale-free network with nodes which is generated by executing the algorithm given in [53], , , , , , , and . An optimal control to the problem is obtained by solving the optimality system (29). Figure 2 plots the cumulative effectiveness and superposed control for the optimal control. For comparison purpose, the cumulative effectiveness and superposed control for three admissible static controls are also shown in Figure 2.

**(a)**

**(b)**

*Example 11. *Consider problem (16) in which is a small-world network with nodes which is generated by executing the algorithm given in [54], , , , , , , and . An optimal control to the problem is obtained by solving the optimality system (29). Figure 3 depicts the cumulative effectiveness and superposed control for the optimal control. For comparison purpose, the cumulative effectiveness and superposed control for three admissible static controls are also shown in Figure 3.

**(a)**

**(b)**

*Example 12. *Consider problem (16) in which is a realistic network given in [55], , , , , , , and . An optimal control to the problem is obtained by solving the optimality system (29). Figure 4 exhibits the cumulative effectiveness and superposed control for the optimal control. For comparison purpose, the cumulative effectiveness and superposed control for three admissible static controls are also shown in Figure 4.

**(a)**

**(b)**

It is seen from the above three examples that a most effective APT defense strategy is significantly superior to any static APT defense strategy in terms of the effectiveness. This observation justifies our method. Additionally, the superposed control drops rapidly to a lower value.

#### 5. Further Discussions

This section is devoted to examining the influence of different factors on the optimal effectiveness of an admissible APT defense strategy. For ease in understanding these influences, let us introduce three quantities as follows. For an optimal control to problem (16), let , , and denote the corresponding expected loss, overall cost, and effectiveness, respectively. That is,

##### 5.1. The Bounds on the Admissible Controls

Definitely, the four bounds on the admissible controls affect the optimal effectiveness of an admissible APT defense strategy. Now, let us examine these influences.

*Example 13. *Consider a set of problems (16) in which is the scale-free network generated in Example 10, , , , , and . (a)Let , . Figures 5(a)–5(c) exhibit the influence of and on , , and , respectively.(b)Let , . Figures 5(d)–5(f) display the influence of and on , , and , respectively.

**(a)**

**(b)**

**(c)**

**(d)**

**(e)**

**(f)**

*Example 14. *Consider a set of problems (16) in which is the small-world network generated in Example 11, , , , , and . (a)Let , . Figures 6(a)–6(c) exhibit the influence of and on , , and , respectively.(b)Let , . Figures 6(d)–6(f) display the influence of and on , , and , respectively.

**(a)**

**(b)**

**(c)**

**(d)**

**(e)**

**(f)**

*Example 15. *Consider a set of problems (16) in which is the realistic network given in Example 12, , , , , and . (a)Let , . Figures 7(a)–7(c) exhibit the influence of and on , , and , respectively.(b)Let , . Figures 7(d)–7(f) display the influence of and on , , and , respectively.The following conclusions are drawn from the above three examples.(a)With the increase of the two lower bounds, goes down, but and go up. In practice, the two lower bounds should be chosen carefully so that a balance between the expected loss and the overall cost is achieved.(b)The influence of the two upper bounds on , , and is almost negligible.

**(a)**

**(b)**

**(c)**

**(d)**

**(e)**

**(f)**

##### 5.2. The Network Topology

Obviously, the topology of the network in an organization affects the optimal effectiveness of an admissible APT defense strategy. Now, let us inspect this influence.

*Example 16. *Consider a set of problems (16) in which , where is a scale-free network with nodes and a power-law exponent of , , , , , , , and . Figure 8 displays the influence of the power-law exponent on , , and , respectively.

It is seen from this example that, with the increase of the power-law exponent of a scale-free network, and decline, but inclines. It is well known that the heterogeneity of a scale-free network increases with its power-law exponent. Therefore, a homogeneously mixed access network is better in terms of the optimal defense effectiveness.

**(a)**

**(b)**

**(c)**

*Example 17. *Consider a set of problems in which , where is a small-world network with nodes and an edge-rewiring probability of , , , , , , , and . Figure 9 exhibits the influence of the edge-rewiring probability on , , and , respectively.

It is seen from this example that, with the increase of the randomness of a small-world network, , , and rise rapidly. Hence, a randomly connected access network is better from the perspective of the optimal defense effectiveness.

**(a)**

**(b)**

**(c)**

#### 6. Concluding Remarks

This paper has addressed the APT defense problem, that is, the problem of how to effectively defend against APTs. By introducing an APT attack-defense model and quantifying the effectiveness of an APT defense strategy, we have modeled the APT defense problem as an optimal control problem in which an optimal control represents a most effective APT defense strategy. Through theoretical study, we have presented the optimality system for the optimal control problem. This implies that an optimal control can be derived by solving the optimality system. The influence of some factors on the optimal effectiveness of an APT defense strategy has been examined.

There are many relevant problems to be resolved. The expected loss and overall cost of an APT defense strategy should be appropriately balanced to adapt to specific application scenarios. In practice, the implementation of a recommended defense strategy needs a great effort; the security level of all the systems in an organization must be labeled accurately [6], the defense budget must be made, and the robustness of the defense strategy must be evaluated. As the topology of the access network in an organization may well vary with time, the approach proposed in this work should be adapted to time-varying networks [56–59]. It is of practical importance to deal with the APT defense problem in the game-theoretical framework, where the attacker is strategic [60–63].

#### Conflicts of Interest

The authors declare that there are no conflicts of interest regarding the publication of this paper.

#### Acknowledgments

This work is supported by National Natural Science Foundation of China (Grant no. 61572006), National Sci-Tech Support Program of China (Grant no. 2015BAF05B03), and Fundamental Research Funds for the Central Universities (Grant no. 106112014CDJZR008823).

#### References

- G. K. Kostopoulos,
*Cyberspace and Cybersecurity*, Taylor & Francis, 2012. - P. W. Singer and A. Friedman,
*Cybersecurity and Cyberwar: What Everyone Needs to Know*, Oxford University Press, 2014. - N. Virvilis, D. Gritzalis, and T. Apostolopoulos, “Trusted computing vs. Advanced persistent threats: Can a defender win this game?” in
*Proceedings of the 10th IEEE International Conference on Ubiquitous Intelligence and Computing, UIC 2013 and 10th IEEE International Conference on Autonomic and Trusted Computing, ATC 2013*, pp. 396–403, December 2013. View at: Publisher Site | Google Scholar - S. Rass, S. König, and S. Schauer, “Defending against advanced persistent threats using game-theory,”
*PLoS ONE*, vol. 12, no. 1, Article ID e0168675, 2017. View at: Publisher Site | Google Scholar - C. Tankard, “Advanced Persistent threats and how to monitor and deter them,”
*Network Security*, vol. 2011, no. 8, pp. 16–19, 2011. View at: Publisher Site | Google Scholar - E. Cole,
*Advanced Persistent Threat: Understanding the Danger and How to Protect Your Organization*, Elsevier, 2013. - T. Wrightson,
*Advanced Persistent Threat Hacking: The Art and Science of Hacking Any Organization*, McGraw-Hill Education, 2015. - I. Friedberg, F. Skopik, G. Settanni, and R. Fiedler, “Combating advanced persistent threats: from network event correlation to incident detection,”
*Computers & Security*, vol. 48, pp. 35–57, 2015. View at: Publisher Site | Google Scholar - M. Marchetti, F. Pierazzi, M. Colajanni, and A. Guido, “Analysis of high volumes of network traffic for Advanced Persistent Threat detection,”
*Computer Networks*, vol. 109, pp. 127–141, 2016. View at: Publisher Site | Google Scholar - D. E. Kirk,
*Optimal Control Theory: An Introduction*, Dover Publications, 2004. - D. Liberzon,
*Calculus of Variations and Optimal Control Theory: A Concise Introduction*, Princeton University Press, 2012. - M. H. R. Khouzani, S. Sarkar, and E. Altman, “Maximum damage malware attack in mobile wireless networks,” in
*Proceedings of the IEEE INFOCOM 2010*, pp. 1–9, March 2010. View at: Publisher Site | Google Scholar - M. H. Khouzani and S. Sarkar, “Maximum damage battery depletion attack in mobile sensor networks,”
*Institute of Electrical and Electronics Engineers Transactions on Automatic Control*, vol. 56, no. 10, pp. 2358–2368, 2011. View at: Publisher Site | Google Scholar | MathSciNet - J. Ren, Y. Xu, and C. Zhang, “Optimal control of a delay-varying computer virus propagation model,”
*Discrete Dynamics in Nature and Society*, vol. 2013, Article ID 210291, 7 pages, 2013. View at: Publisher Site | Google Scholar - L. Chen, K. Hattaf, and J. Sun, “Optimal control of a delayed SLBS computer virus model,”
*Physica A: Statistical Mechanics and its Applications*, vol. 427, pp. 244–250, 2015. View at: Publisher Site | Google Scholar | MathSciNet - L.-X. Yang, M. Draief, and X. Yang, “The optimal dynamic immunization under a controlled heterogeneous node-based SIRS model,”
*Physica A: Statistical Mechanics and its Applications*, vol. 450, pp. 403–415, 2016. View at: Publisher Site | Google Scholar | MathSciNet - C. Nowzari, V. M. Preciado, and G. . Pappas, “Analysis and control of epidemics: a survey of spreading processes on complex networks,”
*IEEE Control Systems Magazine*, vol. 36, no. 1, pp. 26–46, 2016. View at: Publisher Site | Google Scholar | MathSciNet - T. Zhang, L.-X. Yang, X. Yang, Y. Wu, and Y. Y. Tang, “Dynamic malware containment under an epidemic model with alert,”
*Physica A: Statistical Mechanics and its Applications*, vol. 470, pp. 249–260, 2017. View at: Publisher Site | Google Scholar | MathSciNet - W. Liu and S. Zhong, “Web malware spread modelling and optimal control strategies,”
*Scientific Reports*, vol. 7, Article ID 42308, 2017. View at: Publisher Site | Google Scholar - N. F. Britton,
*Essential Mathematical Biology*, Springer Undergraduate Mathematics Series, Springer, 2003. View at: MathSciNet - J. R. Piqueira and V. O. Araujo, “A modified epidemiological model for computer viruses,”
*Applied Mathematics and Computation*, vol. 213, no. 2, pp. 355–360, 2009. View at: Publisher Site | Google Scholar | MathSciNet - L. Feng, X. Liao, H. Li, and Q. Han, “Hopf bifurcation analysis of a delayed viral infection model in computer networks,”
*Mathematical and Computer Modelling*, vol. 56, no. 7-8, pp. 167–179, 2012. View at: Publisher Site | Google Scholar | MathSciNet - B. K. Mishra and N. Keshri, “Mathematical model on the transmission of worms in wireless sensor network,”
*Applied Mathematical Modelling*, vol. 37, no. 6, pp. 4103–4111, 2013. View at: Publisher Site | Google Scholar - Y. Yao, N. Zhang, W. Xiang, G. Yu, and F. Gao, “Modeling and analysis of bifurcation in a delayed worm propagation model,”
*Journal of Applied Mathematics*, vol. 2013, Article ID 927369, 11 pages, 2013. View at: Publisher Site | Google Scholar - L. Feng, L. Song, Q. Zhao, and H. Wang, “Modeling and Stability Analysis of Worm Propagation in Wireless Sensor Network,”
*Mathematical Problems in Engineering*, vol. 2015, Article ID 129598, 8 pages, 2015. View at: Publisher Site | Google Scholar - J. Ren and Y. Xu, “A compartmental model for computer virus propagation with kill signals,”
*Physica A: Statistical Mechanics and its Applications*, vol. 486, pp. 446–454, 2017. View at: Publisher Site | Google Scholar | MathSciNet - R. Pastor-Satorras and A. Vespignani, “Epidemic spreading in scale-free networks,”
*Physical Review Letters*, vol. 86, no. 14, pp. 3200–3203, 2001. View at: Publisher Site | Google Scholar - R. Pastor-Satorras and A. Vespignani, “Epidemic dynamics in finite size scale-free networks,”
*Physical Review E: Statistical, Nonlinear, and Soft Matter Physics*, vol. 65, no. 3, Article ID 035108, 2002. View at: Publisher Site | Google Scholar - C. Castellano and R. Pastor-Satorras, “Thresholds for epidemic spreading in networks,”
*Physical Review Letters*, vol. 105, no. 21, Article ID 218701, 2010. View at: Publisher Site | Google Scholar - L.-X. Yang, X. Yang, J. Liu, Q. Zhu, and C. Gan, “Epidemics of computer viruses: s complex-network approach,”
*Applied Mathematics and Computation*, vol. 219, no. 16, pp. 8705–8717, 2013. View at: Publisher Site | Google Scholar | MathSciNet - J. Ren, J. Liu, and Y. Xu, “Modeling the dynamics of a network-based model of virus attacks on targeted resources,”
*Communications in Nonlinear Science and Numerical Simulation*, vol. 31, no. 1-3, pp. 1–10, 2016. View at: Publisher Site | Google Scholar | MathSciNet - W. Liu, C. Liu, Z. Yang, X. Liu, Y. Zhang, and Z. Wei, “Modeling the propagation of mobile malware on complex networks,”
*Communications in Nonlinear Science and Numerical Simulation*, vol. 37, pp. 249–264, 2016. View at: Publisher Site | Google Scholar | MathSciNet - L.-X. Yang and X. Yang, “The effect of network topology on the spread of computer viruses: a modelling study,”
*International Journal of Computer Mathematics*, vol. 94, no. 8, pp. 1591–1608, 2017. View at: Publisher Site | Google Scholar | MathSciNet - P. Van Mieghem, J. Omic, and R. Kooij, “Virus spread in networks,”
*IEEE/ACM Transactions on Networking*, vol. 17, no. 1, pp. 1–14, 2009. View at: Publisher Site | Google Scholar - P. Van Mieghem, “The N-intertwined SIS epidemic network model,”
*Computing*, vol. 93, no. 2-4, pp. 147–169, 2011. View at: Publisher Site | Google Scholar - F. D. Sahneh, F. N. Chowdhury, and C. M. Scoglio, “On the existence of a threshold for preventive behavioral responses to suppress epidemic spreading,”
*Scientific Reports*, vol. 2, article 632, 2012. View at: Publisher Site | Google Scholar - F. D. Sahneh, C. Scoglio, and P. Van Mieghem, “Generalized epidemic mean-field model for spreading processes over multilayer complex networks,”
*IEEE/ACM Transactions on Networking*, vol. 21, no. 5, pp. 1609–1620, 2013. View at: Publisher Site | Google Scholar - S. Xu, W. Lu, and Z. Zhan, “A stochastic model of multivirus dynamics,”
*IEEE Transactions on Dependable and Secure Computing*, vol. 9, no. 1, pp. 30–45, 2012. View at: Publisher Site | Google Scholar - S. Xu, W. Lu, and L. Xu, “Push- and pull-based epidemic spreading in networks: Thresholds and deeper insights,”
*ACM Transactions on Autonomous and Adaptive Systems (TAAS)*, vol. 7, no. 3, Article ID 2348835, 2012. View at: Publisher Site | Google Scholar - S. Xu, W. Lu, L. Xu, and Z. Zhan, “Adaptive epidemic dynamics in networks: Thresholds and control,”
*ACM Transactions on Autonomous and Adaptive Systems (TAAS)*, vol. 8, no. 4, article no. 19, 2014. View at: Publisher Site | Google Scholar - L. Yang, M. Draief, and X. Yang, “Heterogeneous virus propagation in networks: a theoretical study,”
*Mathematical Methods in the Applied Sciences*, vol. 40, no. 5, pp. 1396–1413, 2017. View at: Publisher Site | Google Scholar | MathSciNet - L.-X. Yang, X. Yang, and Y. Wu, “The impact of patch forwarding on the prevalence of computer virus: A theoretical assessment approach,”
*Applied Mathematical Modelling*, vol. 43, pp. 110–125, 2017. View at: Publisher Site | Google Scholar - L.-X. Yang, X. Yang, and Y. Yan Tang, “A bi-virus competing spreading model with generic infection rates,”
*IEEE Transactions on Network Science and Engineering*, no. 99, 2017. View at: Publisher Site | Google Scholar - L. Yang, P. Li, X. Yang, Y. Wu, and Y. Y. Tang, “On the competition of two conflicting messages,”
*Nonlinear Dynamics*, vol. 91, no. 3, pp. 1853–1869, 2018. View at: Publisher Site | Google Scholar - S. Xu, W. Lu, and H. Li, “A stochastic model of active cyber defense dynamics,”
*Internet Mathematics*, vol. 11, no. 1, pp. 23–61, 2015. View at: Publisher Site | Google Scholar | MathSciNet - R. Zheng, W. Lu, and S. Xu, “Active cyber defense dynamics exhibiting rich phenomena,” in
*Proceedings of the Symposium and Bootcamp on the Science of Security, HotSoS 2015*, April 2015. View at: Publisher Site | Google Scholar - L.-X. Yang, P. Li, X. Yang, and Y. Y. Tang, “Security evaluation of the cyber networks under advanced persistent threats,”
*IEEE Access*, vol. 5, pp. 20111–20123, 2017. View at: Publisher Site | Google Scholar - R. Zheng, W. Lu, and S. Xu, “Preventive and Reactive Cyber Defense Dynamics Is Globally Stable,”
*IEEE Transactions on Network Science and Engineering*, 2017. View at: Publisher Site | Google Scholar - R. C. Robinson,
*An Introduction to Dynamical Systems: Continuous and Discrete*, Pearson Education, Inc., 2004. View at: MathSciNet - E. M. Stein and R. Shakarchi,
*Real analysis*, vol. 3 of*Princeton Lectures in Analysis*, Princeton University Press, Princeton, NJ, 2005. View at: MathSciNet - D. Kempe, J. Kleinberg, and E. Tardos, “Influential nodes in a diffusion model for social networks,” in
*Proceedings of ICALP*, pp. 1127–1138, 2005. View at: Google Scholar - W. Chen, Y. Wang, and S. Yang, “Efficient influence maximization in social networks,” in
*Proceedings of the 15th ACM SIGKDD International Conference on Knowledge Discovery and Data Mining (KDD '09)*, pp. 199–208, ACM, July 2009. View at: Publisher Site | Google Scholar - A.-L. Barabasi and R. Albert, “Emergence of scaling in random networks,”
*American Association for the Advancement of Science: Science*, vol. 286, no. 5439, pp. 509–512, 1999. View at: Publisher Site | Google Scholar | MathSciNet - D. J. Watts and S. H. Strogatz, “Collective dynamics of 'small-world' networks,”
*Nature*, vol. 393, no. 6684, pp. 440–442, 1998. View at: Publisher Site | Google Scholar - http://konect.uni-koblenz.de/networks/arenas-email.
- Y. Schwarzkopf, A. Rákos, and D. Mukamel, “Epidemic spreading in evolving networks,”
*Physical Review E: Statistical, Nonlinear, and Soft Matter Physics*, vol. 82, no. 3, Article ID 036112, 2010. View at: Publisher Site | Google Scholar - P. Holme and J. Saramäki, “Temporal networks,”
*Physics Reports*, vol. 519, no. 3, pp. 97–125, 2012. View at: Publisher Site | Google Scholar - M. Karsai, N. Perra, and A. Vespignani, “Time varying networks and the weakness of strong ties,”
*Scientific Reports*, vol. 4, article no. 4001, 2014. View at: Publisher Site | Google Scholar - E. Valdano, L. Ferreri, C. Poletto, and V. Colizza, “Analytical computation of the epidemic threshold on temporal networks,”
*Physical Review X*, vol. 5, no. 2, Article ID 021005, 2015. View at: Publisher Site | Google Scholar - T. Alpcan and T. Basar,
*Network Security: A Decision and Game-Theoretic Approach*, Cambridge University Press, 2010. - M. H. Manshaei, Q. Zhu, T. Alpcan, T. Basar, and J.-P. Hubaux, “Game theory meets network security and privacy,”
*ACM Computing Surveys*, vol. 45, no. 3, article 25, 2013. View at: Publisher Site | Google Scholar - X. Liang and Y. Xiao, “Game theory for network security,”
*IEEE Communications Surveys & Tutorials*, vol. 15, no. 1, pp. 472–486, 2013. View at: Publisher Site | Google Scholar - P. Hu, H. Li, H. Fu, D. Cansever, and P. Mohapatra, “Dynamic defense strategy against advanced persistent threat with insiders,” in
*Proceedings of the 34th IEEE Annual Conference on Computer Communications and Networks, IEEE INFOCOM 2015*, pp. 747–755, May 2015. View at: Publisher Site | Google Scholar

#### Copyright

Copyright © 2018 Pengdeng Li et al. This is an open access article distributed under the Creative Commons Attribution License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.