Security and Communication Networks

Volume 2018, Article ID 4982523, 10 pages

https://doi.org/10.1155/2018/4982523

## State-Based Switching for Optimal Control of Computer Virus Propagation with External Device Blocking

^{1}School of Cyber Security and Information Law, Chongqing University of Posts and Telecommunications, Chongqing, China^{2}School of Information Technology, Deakin University, Melbourne, VIC, Australia

Correspondence should be addressed to Qingyi Zhu; nc.ude.tpuqc@yquhz

Received 21 February 2018; Accepted 30 April 2018; Published 30 May 2018

Academic Editor: Vasileios A. Karyotis

Copyright © 2018 Qingyi Zhu et al. This is an open access article distributed under the Creative Commons Attribution License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.

#### Abstract

The rapid propagation of computer virus is one of the greatest threats to current cybersecurity. This work deals with the optimal control problem of virus propagation among computers and external devices. To formulate this problem, two control strategies are introduced: (a) external device blocking, which means prohibiting a fraction of connections between external devices and computers, and (b) computer reconstruction, which includes updating or reinstalling of some infected computers. Then the combination of both the impact of infection and the cost of controls is minimized. In contrast with previous works, this paper takes into account a state-based cost weight index in the objection function instead of a fixed one. By using Pontryagin’s minimum principle and a modified forward-backward difference approximation algorithm, the optimal solution of the system is investigated and numerically solved. Then numerical results show the flexibility of proposed approach compared to the regular optimal control. More numerical results are also given to evaluate the performance of our approach with respect to various weight indexes.

#### 1. Introduction

Computer virus, ranging from Morris worms in 1988 to WannaCry last year, can spread to every corner of our world via Internet in a very short time. The direct and indirect economic losses due to computer virus worldwide amount to as much as several billions and even tens of billions of dollars each year [1]. So a better understanding of the behaviors of virus propagation and predicting its outbreak are of crucial importance to thwart its wide spread. In this scenario, more and more attentions from worldwide scholars have been paid to the dynamical modeling of computer virus propagation through the classical epidemiology approach.

Depending on the topology of propagation networks, all current dynamical models of computer virus fall into two categories: homogeneous models and heterogeneous models [2]. Based on the fact that some virus can infect an arbitrary vulnerable computer through random scanning, the homogeneous models regard the propagation network as fully connected, such as the 1-n-n-1 type D-SEIR malicious propagation model proposed by Mishra et al. [3], SCIR model and SEIRS model proposed by Guillén et al. [4, 5], SLAR model by Dong et al. [6], SIP model proposed by Abazari et al. [7], SVEIR model proposed by Upadhyay et al. [8], and SLBS model proposed by Yang et al. [9, 10]. Instead, the heterogeneous model assumes that the virus could only spread between the direct topological neighbors. The dynamical behaviors of virus spreading over a reduced scale-free network are studied by L.-X. Yang and X. Yang [11] and Keshri et al. [12], respectively. By separating the susceptible compartment into two subcompartments, a heterogeneous WSI model is established and analyzed by Liu et al. [13]. In [14], both the topology of networks and the interaction between computer viruses and honeynet potency are considered. Both homogeneous and heterogeneous models provide significant insights into a detailed and qualitative understanding of how and when computer viruses break out.

The main purpose of modeling virus propagation dynamics is to develop appropriate strategies to suppress its diffusion. One of the most common control strategies is the application of optimal control in virus propagation model. From the perspective of economy, optimal control is used to seek a reasonable tradeoff between cost and benefit. In this context, it has been widely used in the control application of biological viruses [15–19], rumors [20, 21], and others [22, 23]. Inspired by these, Zhu et al. proposed a delayed SIR model for computer virus propagation [24]. Then optimal control strategy is applied to other computer virus models such as the SLBS model [25] and its delayed form [26], the SIR model [27], and the SICS model on scale-free network [28].

In this paper, we aim to develop some effective strategies to control the virus propagation among computers and external devices using an optimal control approach. To achieve this, a classical model depicting the virus interactive dynamical behaviors between computers and external devices is adopted to formulate the optimal control problem [29]. Moreover, we note that most of current works assume that the weight indexes in their objective function are constant. In fact, the costs of some control strategies will change with the number of infected computers, because the required resources for the control will undoubtedly increase as more computers get infected. So, motivated by this fact and some related work in epidemiology [30], in this paper, we consider a state-based cost weight index in the objection function instead of a fixed one and solve this problem by using Pontryagin’s minimum principle and a numerical algorithm, respectively.

The rest of this paper is organized as follows. By using Pontryagin’s minimum principle, the optimal control problem is formulated and analyzed in Section 2. In Section 3, the numerical algorithm for the optimal system is given at first. Based on this algorithm, various examples are performed to evaluate the effectiveness of the proposed approach. Finally, this work is outlined in Section 4.

#### 2. Formulation and Analysis of the Problem

In this paper, we take a classic computer virus propagation model [29], which incorporates the interactions between computers and external removable devices, to set our optimal control problem. In the model, all computers are split into the following three classes: susceptible computers (), infected computers (), and recovered computers (), whereas all removable devices are divided into two compartments: susceptible devices () and infected devices (). Under some reasonable assumptions (see [29]), one can derive the following computer virus propagation model: And the definitions of notations and parameters are shown in “Definitions of Notations and Parameters in System (1)”.

To formulate the optimal control problem of system (1), we introduce two types of countermeasures for inhibiting virus propagation: (a) external device blocking, which means prohibiting a fraction of connections between external devices and computers, and (b) computer reconstruction, which includes updating or reinstalling of some infected computers. Let and denote the control strengths of these two control strategies, respectively. And and are in the following two admissible control sets, respectively: where , , and are positive constants. More specifically, and are the minimum allowed control strengths of and , respectively. It is practical to set and to be bounded. For , it is unrealistic to quarantine all external devices from computers. For , the control strength is limited by resource capacity of computer reconstruction.

Then, by incorporating the above control variables, the state system corresponding to system (1) can be written as Compared to system (1), the infection of computers caused by the infective external devices is reduced to in system (3) due to the introduction of . Meanwhile, the recovered force of infective devices also decreases to . And here denotes the fraction of reinstalled computers. Hence, on average, is the number of computers whose state changes to susceptible class from infected class per unit time.

Assume further that the control strategies will be applied if and only if the number of infected computers is above a threshold. Denote the threshold as , where . To minimize the number of infected computers and external devices while keeping the cost of control as low as possible, we consider an optimal control problem to minimize the following objective function: where is the solution of state system (1) computed at and . Here and denote the infection index and the cost index, respectively. Furthermore, let and be the relative weights of computer and device infection, respectively, where . Then we have Considering the fact that the cost of the first strategy is independent of the infection individuals whereas the second is dependent on the number of infective computers , we set the cost index in the following form: where both the positive constants and are set to be 2 in this paper, the positive constant is the relative cost weight associated with the control measure , and depending on is the relative cost weight associated with the control measure . For our purpose, we divide the interval into subintervals , , , and . Then the cost weight can be set as Considering the saturation effect that more cost should be paid to get the same result as the number of infected computers increases, we have and the length of subintervals .

Here, for given and , we have the following two cases.

*Case 1 (). *In this case, we find a nonnegative integer () such that always holds for , and . Then one can obtain the following sub-objective-function:

*Case 2 (). *For this case, there is nothing to do until holds for some time . Then go back to Case 1 to seek the optimal control for the minimum for .

In this way, the interval has been divided into multiple subintervals . And plays a role as a switch, determining whether the control should be applied. By iterating the above procedure until holds for some , the optimal solution of state system (3) for can be obtained by composing the optimal solutions for all subintervals , where .

To solve the optimal problem for a subinterval , where , let for denote the adjoint variables, let and denote the optimal control, let , , , , , and for denote the state and adjoint variables evaluated at and . For applying Pontryagin’s minimum principle, one can obtain the following Hamiltonian function: Then the adjoint system can be obtained as

By the optimal conditions, we have which implies that Therefore, by combining state system (3), the adjoint system, and the optimal conditions, we have derived the following optimality system:with transversality conditions where

#### 3. Numerical Results and Discussion

In this section, some numerical results of the proposed optimal control strategies are evaluated. By using a modified forward and backward difference approximation algorithm shown in Algorithm 1, the optimality system can be solved numerically. For the sake of simplicity, the final number of all removable devices is normalized to unity, whereas the final number of all computers is normalized to ten as the assumption in [29]. For our purpose, some parameter values of the system used in the simulations are fixed in Table 1. And the initial conditions of the state system at are chosen as , , , , and . In the first subsection, the performance of proposed optimal control strategies is evaluated by comparison with both regular optimal control and no control. And the effect of objective function weight indexes is evaluated in the second subsection.