Abstract

The rapid propagation of computer virus is one of the greatest threats to current cybersecurity. This work deals with the optimal control problem of virus propagation among computers and external devices. To formulate this problem, two control strategies are introduced: (a) external device blocking, which means prohibiting a fraction of connections between external devices and computers, and (b) computer reconstruction, which includes updating or reinstalling of some infected computers. Then the combination of both the impact of infection and the cost of controls is minimized. In contrast with previous works, this paper takes into account a state-based cost weight index in the objection function instead of a fixed one. By using Pontryagin’s minimum principle and a modified forward-backward difference approximation algorithm, the optimal solution of the system is investigated and numerically solved. Then numerical results show the flexibility of proposed approach compared to the regular optimal control. More numerical results are also given to evaluate the performance of our approach with respect to various weight indexes.

1. Introduction

Computer virus, ranging from Morris worms in 1988 to WannaCry last year, can spread to every corner of our world via Internet in a very short time. The direct and indirect economic losses due to computer virus worldwide amount to as much as several billions and even tens of billions of dollars each year [1]. So a better understanding of the behaviors of virus propagation and predicting its outbreak are of crucial importance to thwart its wide spread. In this scenario, more and more attentions from worldwide scholars have been paid to the dynamical modeling of computer virus propagation through the classical epidemiology approach.

Depending on the topology of propagation networks, all current dynamical models of computer virus fall into two categories: homogeneous models and heterogeneous models [2]. Based on the fact that some virus can infect an arbitrary vulnerable computer through random scanning, the homogeneous models regard the propagation network as fully connected, such as the 1-n-n-1 type D-SEIR malicious propagation model proposed by Mishra et al. [3], SCIR model and SEIRS model proposed by Guillén et al. [4, 5], SLAR model by Dong et al. [6], SIP model proposed by Abazari et al. [7], SVEIR model proposed by Upadhyay et al. [8], and SLBS model proposed by Yang et al. [9, 10]. Instead, the heterogeneous model assumes that the virus could only spread between the direct topological neighbors. The dynamical behaviors of virus spreading over a reduced scale-free network are studied by L.-X. Yang and X. Yang [11] and Keshri et al. [12], respectively. By separating the susceptible compartment into two subcompartments, a heterogeneous WSI model is established and analyzed by Liu et al. [13]. In [14], both the topology of networks and the interaction between computer viruses and honeynet potency are considered. Both homogeneous and heterogeneous models provide significant insights into a detailed and qualitative understanding of how and when computer viruses break out.

The main purpose of modeling virus propagation dynamics is to develop appropriate strategies to suppress its diffusion. One of the most common control strategies is the application of optimal control in virus propagation model. From the perspective of economy, optimal control is used to seek a reasonable tradeoff between cost and benefit. In this context, it has been widely used in the control application of biological viruses [1519], rumors [20, 21], and others [22, 23]. Inspired by these, Zhu et al. proposed a delayed SIR model for computer virus propagation [24]. Then optimal control strategy is applied to other computer virus models such as the SLBS model [25] and its delayed form [26], the SIR model [27], and the SICS model on scale-free network [28].

In this paper, we aim to develop some effective strategies to control the virus propagation among computers and external devices using an optimal control approach. To achieve this, a classical model depicting the virus interactive dynamical behaviors between computers and external devices is adopted to formulate the optimal control problem [29]. Moreover, we note that most of current works assume that the weight indexes in their objective function are constant. In fact, the costs of some control strategies will change with the number of infected computers, because the required resources for the control will undoubtedly increase as more computers get infected. So, motivated by this fact and some related work in epidemiology [30], in this paper, we consider a state-based cost weight index in the objection function instead of a fixed one and solve this problem by using Pontryagin’s minimum principle and a numerical algorithm, respectively.

The rest of this paper is organized as follows. By using Pontryagin’s minimum principle, the optimal control problem is formulated and analyzed in Section 2. In Section 3, the numerical algorithm for the optimal system is given at first. Based on this algorithm, various examples are performed to evaluate the effectiveness of the proposed approach. Finally, this work is outlined in Section 4.

2. Formulation and Analysis of the Problem

In this paper, we take a classic computer virus propagation model [29], which incorporates the interactions between computers and external removable devices, to set our optimal control problem. In the model, all computers are split into the following three classes: susceptible computers (), infected computers (), and recovered computers (), whereas all removable devices are divided into two compartments: susceptible devices () and infected devices (). Under some reasonable assumptions (see [29]), one can derive the following computer virus propagation model: And the definitions of notations and parameters are shown in “Definitions of Notations and Parameters in System (1)”.

To formulate the optimal control problem of system (1), we introduce two types of countermeasures for inhibiting virus propagation: (a) external device blocking, which means prohibiting a fraction of connections between external devices and computers, and (b) computer reconstruction, which includes updating or reinstalling of some infected computers. Let and denote the control strengths of these two control strategies, respectively. And and are in the following two admissible control sets, respectively: where , , and are positive constants. More specifically, and are the minimum allowed control strengths of and , respectively. It is practical to set and to be bounded. For , it is unrealistic to quarantine all external devices from computers. For , the control strength is limited by resource capacity of computer reconstruction.

Then, by incorporating the above control variables, the state system corresponding to system (1) can be written as Compared to system (1), the infection of computers caused by the infective external devices is reduced to in system (3) due to the introduction of . Meanwhile, the recovered force of infective devices also decreases to . And here denotes the fraction of reinstalled computers. Hence, on average, is the number of computers whose state changes to susceptible class from infected class per unit time.

Assume further that the control strategies will be applied if and only if the number of infected computers is above a threshold. Denote the threshold as , where . To minimize the number of infected computers and external devices while keeping the cost of control as low as possible, we consider an optimal control problem to minimize the following objective function: where is the solution of state system (1) computed at and . Here and denote the infection index and the cost index, respectively. Furthermore, let and be the relative weights of computer and device infection, respectively, where . Then we have Considering the fact that the cost of the first strategy is independent of the infection individuals whereas the second is dependent on the number of infective computers , we set the cost index in the following form: where both the positive constants and are set to be 2 in this paper, the positive constant is the relative cost weight associated with the control measure , and depending on is the relative cost weight associated with the control measure . For our purpose, we divide the interval into subintervals , , , and . Then the cost weight can be set as Considering the saturation effect that more cost should be paid to get the same result as the number of infected computers increases, we have and the length of subintervals .

Here, for given and , we have the following two cases.

Case 1 (). In this case, we find a nonnegative integer () such that always holds for , and . Then one can obtain the following sub-objective-function:

Case 2 (). For this case, there is nothing to do until holds for some time . Then go back to Case 1 to seek the optimal control for the minimum for .

In this way, the interval has been divided into multiple subintervals . And plays a role as a switch, determining whether the control should be applied. By iterating the above procedure until holds for some , the optimal solution of state system (3) for can be obtained by composing the optimal solutions for all subintervals , where .

To solve the optimal problem for a subinterval , where , let for denote the adjoint variables, let and denote the optimal control, let , , , , , and for denote the state and adjoint variables evaluated at and . For applying Pontryagin’s minimum principle, one can obtain the following Hamiltonian function: Then the adjoint system can be obtained as

By the optimal conditions, we have which implies that Therefore, by combining state system (3), the adjoint system, and the optimal conditions, we have derived the following optimality system:with transversality conditions where

3. Numerical Results and Discussion

In this section, some numerical results of the proposed optimal control strategies are evaluated. By using a modified forward and backward difference approximation algorithm shown in Algorithm 1, the optimality system can be solved numerically. For the sake of simplicity, the final number of all removable devices is normalized to unity, whereas the final number of all computers is normalized to ten as the assumption in [29]. For our purpose, some parameter values of the system used in the simulations are fixed in Table 1. And the initial conditions of the state system at are chosen as , , , , and . In the first subsection, the performance of proposed optimal control strategies is evaluated by comparison with both regular optimal control and no control. And the effect of objective function weight indexes is evaluated in the second subsection.

Input: , , , , , , , , , , and
Output: and
Divide the into subintervals for .
for    to    do
,
if  
  break
else
  for    to    do  % find index of for
   if    and  
    
    break
   end if
  end for
   for
  
  do
   ,
   
   Calculate , , , , with and   %  forward
   Calculate with for   %  backward
   Calculate , with
  until    or  
   % is a given sufficiently small positive constant
   % is the maximum number of iterations
end if
end for
3.1. Performance of Proposed Optimal Control

According to the problem formulation in Section 2, a simple form of piecewise weight index is considered as follows:That is, no action is required in the slight infection phase with the infection number of computers less than the control threshold. Here the control threshold is set to be 2 (i.e., in proportion). With the increase of the infected computers , a more serious phase is reached, and the optimal control is employed with . When is greater or equal to (i.e., in proportion), the most serious phase is reached; the optimal control is employed with . Moreover, other weight indexes are chosen as , , and , and the control period is set as and .

In Figure 1, the evolution of both the optimal control and the infective proportion of computers is depicted. Obviously, the shape of the control signal is divided into segments by switching based on the infection proportion of computers, which is defined in (16). And the shape of the control signal is divided into segments as the device blocking control strategy is deployed with constant weight index if exceeds the control threshold. Correspondingly, the controlled evolution of infective proportion of computers is split into 3 segments by 2 inflection points: the first segment performs exactly the same as the one without control, whereas the following two segments significantly lie below the one without control.

In order to examine the performance of proposed state-based switching control with respect to the regular optimal control, two solutions of regular optimal control with constant cost weight indexes and are considered, respectively, in Figures 25, while maintaining all other parameters the same as Figure 1.

Obviously, a lower cost weight index implies a heavier strength control force, which leads to a lower infective proportion. Hence, as shown in Figures 2 and 3, the infective proportions of both computers and devices with always lie below the ones with . The evolution shapes of both computers and devices infective proportion with switching control are located above the other two shapes, respectively, in the initial period of time, because the control is not deployed when the infection proportion is small. Then, in the middle period of time, the evolution curve of the proportion of infected computers with switching control lies between the other two curves with and . Similar observation for the evolution of the proportion of infected devices can be made in Figure 3. Instead, in the final period of time, the evolution seems to act the same as the one with due to the same weight index used in these two cases. The similar characteristics of evolution behaviors of both and can be observed from Figures 4 and 5.

In reality, when performing the same control force, more cost should be paid with the increase of the number of infection computers. So in the application of optimal control it is reasonable to assume that the cost weight index needs to be adjusted dynamically along with the evolution of infection nodes. The proposed optimal control approach provides a flexible solution to this kind of situation: the control is required if and only if the one infected is above the control threshold and a lower cost weight index should be applied with the further increase of infection. Also note that by setting and the proposed approach can be translated into the regular one. As a result, the proposed control strategies perform more reasonably and flexibly than regular optimal control with constant cost weight index.

3.2. Performance of Different Groups of Weight Indexes

In this subsection, 8 groups of numerical experiments are carried out to show the impacts of weight indexes on the solution of optimal control. The parameter values used here can be found in Table 1, and the weight indexes are shown in Table 2, where is of the same form as (16). All experimental results are shown in Figures 69. Then the following visually results can be obtained:

The change of cost weight index has little effect upon the infection reduction, as the shapes of #1, #2, #5, and #6 are, respectively, close to shapes of #3, #4, #7, and #8 shown in Figures 6 and 7.

Both the increase of index and the decrease of and have a remarkable effect on obtaining lower infection solution.

As shown in Figures 8 and 9, higher indexes and mean that weaker optimal controls of and will be applied, respectively.

Moreover, to further show the flexibility of the proposed approach, comparison experiments of various forms of are carried out as shown in Figures 10 and 11. Here, the forms of are chosen as follows, and other weight indexes are chosen as , , and :

3.3. Further Discussion

From the above experiments, we can conclude that the proposed state-based optimal control approach can be applied to contain the spread of virus among computers and external devices; the approach also performs more reasonably and flexibly compared to the conventional optimal control with constant coast weight index. We also note that the original model considered in this paper regards the propagation network as fully connected. However, as mentioned in Introduction, there are an increasing number of heterogeneous models that incorporate the impact of topology. Considering the similarity of applications of optimal control in heterogeneous models [31, 32], we can conclude that our proposed approach is also suitable for these models. In addition, this approach may provide some insights for other related fields such as rumor propagation [33] and marketing [34].

Although the efficiency of the proposed model has been verified by simulation, several issues still need to be settled when it is applied in reality. The first issue is how to determine the precise value of . It may be a good way to obtain it from extensive simulation experiments.

4. Conclusion

In this work, we have formulated an optimal control problem to minimize the tradeoff between spread of virus and costs of control. Instead of a fixed cost weight index used in previous work, we adopted an infection state-based index. By using Pontryagin’s minimum principle, the optimal control problem is analyzed. We also develop a modified forward-backward algorithm to calculate the optimal solution numerically. Finally, the flexibility and effectiveness of our proposed approach are verified by simulations. We will also consider exploring the ideas in strategic networks, with different topologies, and consider how to practically apply the ideas here.

Definitions of Notations and Parameters in System (1)

:The rate at which computers are connected to network
:The recruitment of external devices
:The contact infective force between susceptible and infected computers
:The contact infective force between computers and external devices
:The recovery rates of infective computers
:The recovery rates of external devices
:The rate at which networked computers are disconnected from network
:The rate at which removable devices break down
:Short for , the number of susceptible computers at time
:Short for , the number of infected computers at time
:Short for , the number of recovered computers at time
:Short for , the total number of computers at time , i.e.,
:Short for , the number of susceptible external devices at time
:Short for , the number of infective external devices at time
:Short for , the total number of external devices at time , i.e., .

Data Availability

The data used to support the findings of this study are available from the corresponding author upon request.

Conflicts of Interest

The authors declare that there are no conflicts of interest regarding the publication of this paper.

Acknowledgments

This work is supported by the National Natural Science Foundation of China (nos. 11747125, 61702066, and 61672004), Scientific and Technological Research Program of Chongqing Municipal Education Commission (no. KJ1500434), the Foundation from China Scholarship Council (201707845012), and Chongqing Engineering Research Center of Mobile Internet Data Application.