Mathematical Models for New Types of Cyberattack and Associated Defence Strategies
View this Special IssueResearch Article  Open Access
Li Miao, Shuai Li, "Stochastic Differential GameBased Malware Propagation in Edge ComputingBased IoT", Security and Communication Networks, vol. 2021, Article ID 8896715, 11 pages, 2021. https://doi.org/10.1155/2021/8896715
Stochastic Differential GameBased Malware Propagation in Edge ComputingBased IoT
Abstract
Internet of Things (IoT) has played an important role in our daily life since its emergence. The applications of IoT cover from the traditional devices to intelligent equipment. With the great potential of IoT, there comes various kinds of security problems. In this paper, we study the malware propagation under the dynamic interaction between the attackers and defenders in edge computingbased IoT and propose an infinitehorizon stochastic differential game model to discuss the optimal strategies for the attackers and defenders. Considering the effect of stochastic fluctuations in the edge network on the malware propagation, we construct the Itô stochastic differential equations to describe the propagation of the malware in edge computingbased IoT. Subsequently, we analyze the feedback Nash equilibrium solutions for our proposed game model, which can be considered as the optimal strategies for the defenders and attackers. Finally, numerical simulations show the effectiveness of our proposed game model.
1. Introduction
Recently, a rapidly increasing number of physical devices and sensors are connecting to the Internet at an unprecedented rate. It has led to the emergence of the Internet of Things (IoT). By deploying smart devices and sensors to collect and analyze the physical data, the IoT can monitor and control the physical environment [1]. IoT has brought great convenience to our daily life in the past few years. For example, the IoT has been widely used in intelligent transportation, smart home appliances, smart healthcare, and other fields [2, 3].
Since the IoT devices typically have limited resources, it is common to forward the physical data to the cloud computing platform, which will need extra bandwidth or cause data security problem. With the advance of IoT, edge computing has been introduced to address the above issues [4–6]. Generally, edge computing provides powerful computing resources at the edge of the Internet and is close to the IoT devices [7, 8]. Edge computing has relieved the pressure of bandwidth and overcome the latency issue. However, edge computing environment is an open ecosystem and the IoT devices with limited resources are more vulnerable to be attacked [9]. Then, the existing defense mechanisms based on cloud computing cannot be used to edge computing because of the geographically dispersed nature of IoT devices. Thus, how to effectively design defense mechanisms to defend against attackers has become a serious problem that desperately needs to be solved. In this paper, we pay attention to the security problem of malware propagation based on the stochastic differential game; in this framework, we try to model an optimal defense strategy for IoT devices.
In edge computingbased IoT, attackers want to infect more IoT devices with malware to gain illegal gains using the attack strategy, while the defenders want to minimize the damage caused by IoT devices infected with malware using the defense strategy. Meanwhile, the IoT devices join or exit the network randomly, which can affect the stability of the edge network. The dynamic interaction between the attackers and defenders leads to the propagation of the malware, and the influence of network instability can be considered as the stochastic elements. In this paper, we propose an infinitehorizon stochastic differential game model to research the malware propagation among IoT devices under the dynamic interaction between attackers and defenders in edge computingbased IoT, considering the stochastic fluctuations in the network. The main contributions of our proposed scheme are as follows:(1)Firstly, we use the infinitehorizon stochastic differential game to model the malware propagation under the dynamic interaction between the attackers and defenders in edge computingbased IoT.(2)Secondly, the Itô stochastic differential equation is used to characterize the effect of stochastic fluctuations of the edge network on the malware propagation.(3)Finally, we discuss the feedback Nash equilibrium solutions for our proposed game model, which can be considered as the optimal strategies for both the attackers and defenders.
This paper is organized as follows. Section 2 introduces related works. Section 3 discusses the security problem of the attackers and defenders in a stochastic differential game theory. The feedback Nash equilibrium solutions for our proposed game model are analyzed in Section 4. Numerical simulations are given in Section 5. Finally, we conclude this paper in Section 6.
2. Related Works
Malware propagation problem is one of the most fundamental problems, for which many kinds of research have been proposed in the literature [10–15]. Malware propagation means that the infected legitimate nodes are able to contaminate other noninfected legitimate nodes, in addition to the attack nodes [16]. The edge users achieve shared interactions through smart applications in edge computingbased IoT, which increase the probability of malware download.
Generally, there are two complementary classes of methods to defend against malware threat: detectionbased method and preventionbased method. Tobias et al. [10] proposed a novel malware detection approach that used the compressionbased graph mining, in which the characteristic behaviors were extracted by the quantitative data flow graphs to derive the detection accuracy. TaeGuen et al. [11] discussed the malware characteristics through the feature vector generation methods and proposed a multimodal deep neural network malware detection model for android applications. The advantage of this method is more suitable for the dynamic environments. Dehghantanha et al. [12] studied the malware detection problem in IoT using the deep learning based method, which provided a new direction for further research. Since various IoT device vulnerabilities, Indre et al. [13] created a system that could detect and prevent malicious connections based on machine learning to enhance network security. Lan et al. [14] researched the propagation of epidemic in complex networks and proposed a dynamic prevention model with a timevarying community network. They considered the subnets of the network as communities and investigated the process of the malware. Khouzani et al. [15] searched the propagation of malware in a batteryconstrained mobile device, considering the fact that malware can control the rate of killing the infectives and the scanning rate of the infectives. The maximum damage caused by the malware was quantified with the optimal control theory, through which the network damage can be minimized by adjusting the relevant parameters.
In addition to successful defense mechanisms to defend against malware threat, another effective defense scheme should consider both the limited resources and the dynamic characteristic of network. In recent years, game theory has been used to solve the decision making between the IoT devices and attackers [17, 18]. Game theory provides a mathematical method for the problems that different players compete with each other or with contradictory goals. Similarly, an effective security scheme in edge computingbased IoT depends not only on the successful defense strategies but also on the attackers’ behaviors.
Spyridopoulos et al. [19] proposed a gamebased security model to solve the malware dissemination prevention problem and analyzed the optimal defense strategy for the defender to minimize the damage of malware and the security cost with the optimal strategy. Quang et al. [20] modeled the problem of defending against attackers in IoT networks as a Bayesian game of incomplete information and showed that there was a threshold for the frequency of active attackers. Liao et al. [21] designed a zerosum stochastic game to analyze the effect of malware in IoT and obtained the optimal defense strategy by the feedback Nash equilibrium solutions for the game model. Sedjelmaci et al. [22] presented a gamebased detection technology for IoT device, which can not only activate the anomaly detection technology but also balance the energy consumption. Kaur et al. [23] proposed a stochastic game net security model, which combined the advantages of game theory and stochastic Petri nets. Shen et al. [24] proposed a multistage privacypreserved game model for malware detection in fogcloudbased IoT networks. In [24], the optimal detection strategy was attained under the consideration of privacy leakage of IoT devices, and the proposed detection scheme overcame the problem of limited resources of IoT devices.
Nevertheless, none of the above research considered the stochastic characteristic of edge network.. In this paper, we introduce an infinitehorizon stochastic differential game to analyze the malware propagation problem in edge computingbased IoT, in which the stochastic characteristic of edge networks is considered.
3. System Model
In this section, we will use the infinitehorizon stochastic differential game to model the malware propagation under the dynamic interaction between the attackers and defenders. An infinitehorizon stochastic differential game involves an dimensional vectorvalued stochastic differential equationwhich describes the evolution of the state and objective functionswhere denotes the expectation operation taken at time , is an matrix, is an dimensional Brownian motion, and the initial state is given in [25].
We consider an edge computingbased IoT environment with IoT devices. Figure 1 shows the architecture of edge computingbased IoT.
We first use the SEIRS model [26] to describe the spread of the malware in edge computingbased IoT. Like the SEIRS model, we divide the IoT devices into susceptible, exposed, infective, and recovered classes. The devices in the infectious state show that the device has been infected by the malware and the susceptible device is prone to be infected, but not infected. The exposed IoT device shows that it has been infected but not yet infectious, and the device in the recovery state represents that it has been immune to malicious attacks. We use , , , and to denote the number of them at time , respectively (that is, ).
Let denote the rate of transmitting malware between a susceptible and an infectious IoT device, denote the rate of exposed IoT devices becoming infectious, denote the rate of infectious IoT devices becoming recovered, denote recovered IoT devices becoming susceptible, denote the number of IoT devices from susceptible to exposed caused by the attacker strategy at time , and denote the number of IoT devices from infectious to recovered caused by the defender strategy at time . As shown in Figure 2, due to the dynamic interaction between the attackers and defenders, the spread of the malware in edge computingbased IoT can be described as the following differential equations:
In edge computingbased IoT, the parameters , , , and also may fluctuate because of the effect of stochastic fluctuations of the edge network on the malware propagation. To characterize the fluctuation of the parameters , , , and , we work on a complete probability space with a filtration satisfying the usual conditions [27]. By the central limit theorem, the fluctuation of the parameters , , , and follows a normal distribution. Then, we may replace the parameters , , , and by , , , and , respectively, where is standard Brownian motion defined on the complete probability space with and is a positive constant describing the intensity of the fluctuation for . Thus, the differential equations (3) can be rewritten as the following It ô stochastic differential equations:
As mentioned in Section 1, in edge computingbased IoT, attackers want to make malware infect more IoT devices to gain illegal gains using the attack strategy, while defenders want to reduce the damage caused by IoT devices infected with malware using the defense strategy. More accurately, the aim of the attackers includes maximizing the number of infectious IoT devices and the number of IoT devices from susceptible to exposed and reducing the payoff of the attack strategy; the aim of the defenders includes minimizing the number of infectious IoT devices and the number of IoT devices from susceptible to exposed and reducing the payoff of the defense strategy. Inspired by Alpcan and Başar [28], the payoff of the attack strategy and the defense strategy can be described as and , respectively, where and are positive constants. Thus, the objective functions of the attackers and defenders can be formulated aswhere and are positive constants, and are constants, and is the discount factor. Note that represents the benefits of each infectious IoT devices to the defenders while represents the losses of each infectious IoT devices to the defenders; describes that the payoff of the attack strategy is proportional to the number of IoT devices from susceptible to exposed caused by the attack strategy while describes that the payoff of the defense strategy is proportional to the number of IoT devices from infectious to recovered caused by the attack strategy.
In summary, the malware propagation under the dynamic interaction between the attackers and defenders can be formulated as the infinitehorizon stochastic differential game:subject to the stochastic dynamicswherefor , , , and .
4. Nash Equilibrium Solution
In this section, we will discuss the feedback Nash equilibrium solutions for game 67 to obtain the optimal strategies for the defender and attackers. Each participant is assumed to be rational and the decision making of each participant depends on their own objective functions in this game. The feedback Nash equilibrium solutions for game 12 can be characterized by the following theorem [25].
Theorem 1. An tuple of strategies provides a feedback Nash equilibrium solution to game 12 if there exist continuously twice differentiable functions , , satisfying the following set of partial differential equations:where denotes the covariance matrix with its element in row and column denoted by .
To obtain the feedback Nash equilibrium solutions for game 67, we consider the alternative problemsubject to the stochastic dynamicswhere for , , and are given by equations (9)–(11).
Invoking Theorem 1, we obtain two feedback strategies and constituting the feedback Nash equilibrium solutions for game 1314, if there exist continuously twice differentiable functions , , satisfying the following set of partial differential equations:where is given byfor , , , and .
Applying the maximization operator in equation (15), we obtain the feedback Nash equilibrium solutions for game 1314:
Substituting and in equations (17) into (15), we obtain the following proposition upon solving equation (15).
Proposition 1. The set of partial differential equation (15) admits a solution:where
Proof. By equation (18), we haveCombining equations (17) and (20), we obtainSubstituting equations (20) and (21) into equation (15), we obtainThus, this proposition holds.
According to the proof of Proposition 1, the feedback Nash equilibrium solutions for game 67 is given by equation (21). In other words, the optimal strategies for the defenders and attackers are derived. The optimal state for game 67 describes the propagation of the malware in edge computingbased IoT when both the attackers and defenders adopt the optimal strategy. Substituting (21) into (7), we obtain the optimal state for game 67, i.e.,
5. Numerical Simulations
In this section, we discuss the implementation of the stochastic game algorithm which is given in Table 1 and analyze the proposed infinitehorizon stochastic differential game model by simulations.

The algorithm is divided into two parts. One is the “feedback Nash equilibrium of defenders” part, which is used to calculate the optimal defense strategies during the attacks. The other is the “feedback Nash equilibrium of attackers,” which is used to calculate the optimal attack strategies. The time and space complexity is O (), respectively, because the proposed algorithm should be solved in a finite time horizon [0, T] for all the attackers and defenders. Besides, all the functions need to be invoked at each time.
We assume that the number of IoT devices is and consider the time horizon to be minutes. The rest of the related simulation parameters are shown in Table 1.

Figure 3 shows the optimal trajectory with time . It can be seen that the number of the susceptible devices is rapidly decreased with the time variation, while the number of the infected devices increases at the beginning and then gradually decreases to zero. The dynamic evolution of the number of the exposed devices is similar to that of the infected devices. In addition, the number of the recovered devices is increased with the time variation. It means that defenders can respond their defense mechanism against attackers, which is consistent with the practical network environment, where the infected devices are always recovered and the exposed devices always exist.
Based on equation (21), we discuss the optimal strategies of the attackers and defenders in Figure 4. As shown in the results, the variation of the optimal defense strategy is increased with the time variation while the variation of optimal strategy of the attackers is decreased and then tends to be stable.
Figure 5 shows the change of the optimal strategy of the attackers with and while Figure 6 shows the change of the optimal strategy of the defenders with and , where represents the benefits of each infectious IoT device to the defenders while represents the losses of each infectious IoT devices to the defenders; describes that the payoff of the attack strategy is proportional to the number of IoT devices from susceptible to exposed caused by the attack strategy while describes that the payoff of the defense strategy is proportional to the number of IoT devices from infectious to recovered caused by the attack strategy. It can It can be seen that the level of the optimal strategy of attackers increases with the increase of and while the level of the optimal strategy of defenders increases with the increase of and . As shown in the results, the level of the optimal strategy of defenders grows faster.
The comparison of proposed model with the existing model [23] is shown in Figure 7; it can be seen that the number of infected devices in both models is rapidly increased with the time variation and then decreased. The number of infected devices in the proposed model is less than that of the comparative model, which means that the proposed security strategy is more effective and more suitable for IoT environment.
6. Conclusions
In this paper, we have proposed an infinitehorizon stochastic differential game model to study the malware propagation problem under the dynamic interaction between the attackers and defenders in the edge computingbased IoT environment that is composed by IoT devices and to maximize the profit for both the attackers and defenders. In terms of model construction, we assumed that the states of IoT devices were infected, susceptible, exposed, and recovered and considered the effect of the stochastic fluctuations of the network on the state of the IoT devices. By solving the feedback Nash equilibrium solutions for our proposed game model, we obtained the optimal strategies for both the attackers and defenders. Based on the simulations results, it can be seen that the proposed model can prevent the malware propagation in edge computingbased IoT. In future work, we will apply this model to other resourceconstrained environments.
Data Availability
The data used in this paper are given in Table 1.
Conflicts of Interest
The authors declare that they have no conflicts of interest.
Acknowledgments
This study was supported by the Science and Technology Innovation Team of Big Data Intelligent Technology and Application (030103060053) and the Computer Science and Technology (030900002009).
References
 D. He, S. Chan, and M. Guizani, “Security in the internet of things supported by mobile edge computing,” IEEE Communications Magazine, vol. 56, no. 8, pp. 56–61, 2018. View at: Publisher Site  Google Scholar
 J. Lin, W. Yu, N. Zhang, X. Yang, H. Zhang, and W. Zhao, “A survey on internet of things: architecture, enabling technologies, security and privacy, and applications,” IEEE Internet Of Things Journal, vol. 4, no. 5, pp. 1125–1142, 2017. View at: Publisher Site  Google Scholar
 C. Majumdar, M. LópezBenítez, and S. N. Merchant, “Real smart home dataassisted statistical traffic modeling for the internet of things,” IEEE Internet of Things Journal, vol. 7, no. 6, pp. 4761–4776, 2020. View at: Publisher Site  Google Scholar
 N. Hassan, S. Gillani, E. Ahmed, I. Yaqoob, and M. Imran, “The role of edge computing in internet of things,” IEEE Communications Magazine, vol. 99, pp. 1–6, 2018. View at: Google Scholar
 Y. Zhang, Y. Wu, H. Moustafa, A. LeonGarcia, and U. Javaid, “Multiaccess mobile edge computing for heterogeneous iot,” IEEE Communications Magazine, vol. 56, no. 8, pp. 1213, 2018. View at: Publisher Site  Google Scholar
 J. Pan and J. McElhannon, “Future edge cloud and edge computing for internet of things applications,” IEEE Internet of Things Journal, vol. 5, no. 1, pp. 439–449, 2018. View at: Publisher Site  Google Scholar
 P. Guan, X. Deng, Y. Liu, and H. Zhang, “Analysis of multiple clients' behaviors in edge computing environment,” IEEE Transactions on Vehicular Technology, vol. 67, no. 9, pp. 9052–9055, 2018. View at: Publisher Site  Google Scholar
 J. Zhang, B. Chen, Y. Zhao, X. Cheng, and F. Hu, “Data security and privacypreserving in edge computing paradigm: Survey and open issues,” IEEE Access, vol. 6, pp. 18209–18237, 2018. View at: Google Scholar
 Ai Yuan, M. Peng, and K. Zhang, “Edge computing technologies for internet of things: a primer,” Digital Communications and Networks, vol. 4, no. 2, pp. 77–86, 2018. View at: Google Scholar
 W. Tobias, A. Cislak, M. Ochoa, and P. Alexander, “Leveraging compressionbased graph mining for behaviorbased malware detection,” IEEE Transactions on Dependable and Secure Computing, vol. 16, no. 1, 2017. View at: Google Scholar
 T. Kim, B. Kang, M. Rho, S. Sezer, and E. G. Im, “A multimodal deep learning method for android malware detection using various features,” IEEE Transactions on Information Forensics and Security, vol. 14, no. 3, pp. 773–788, 2019. View at: Publisher Site  Google Scholar
 A Dehghantanha, A Azmoodeh, and K.K. R Choo, “Robust malware detection for internet of (battlefield) things devices using deep eigenspace learning,” IEEE Transactions On Sustainable Computing, vol. 99, 2018. View at: Google Scholar
 I. Indre and C. Lemnaru, “Detection and prevention system against cyber attacks and botnet malware for information systems and internet of things,” in 2016 IEEE 12th International Conference on Intelligent Computer Communication and Processing (ICCP), pp. 175–182, ClujNapoca, Romania,, September 2016. View at: Google Scholar
 L. Liu and K. L RyanG. Ren and X. Xu, “Malware propagation and prevention model for timevarying community networks within software defined networks.,” Security and Communication Networks, vol. 2017, Article ID 2910310, 10 pages, 2017. View at: Publisher Site  Google Scholar
 M. H. R. Khouzani, S. Sarkar, and E. Altman, “Maximum damage malware attack in mobile wireless networks,” IEEE/ACM Transactions on Networking, vol. 20, no. 5, pp. 1347–1360, 2012. View at: Publisher Site  Google Scholar
 V. Karyotis and M. H. R Khouzani, Malware Diffusion Models for Modern Complex Networks: Theory and Applications, Morgan Kaufmann, Burlington, MA, USA, 2016.
 J. Moura and D. Hutchison, “Game theory for multiaccess edge computing: survey, use cases, and future trends,” IEEE Communications Surveys & Tutorials, vol. 21, no. 1, pp. 260–288, 2019. View at: Publisher Site  Google Scholar
 M. Abdalzaher, K. Seddik, M. Elsabrouty, O. Muta, H. Furukawa, and A. AbdelRahman, “Game theory meets wireless sensor networks security requirements and threats mitigation: a survey,” Sensors, vol. 16, no. 7, p. 1003, 2016. View at: Publisher Site  Google Scholar
 T. Spyridopoulos, K. Maraslis, A. Mylonas, T. Tryfonas, and O. George, “A game theoretical method for costbenefit analysis of malware dissemination prevention,” Information Security Journal: A Global Perspective, vol. 24, no. 4–6, pp. 164–176, 2015. View at: Publisher Site  Google Scholar
 D. L. Quang, Q. S Tony, J. Lee, S. Jin, and H. Zhu, “Deceptive attack and defense game in honeypotenabled networks for the internet of things,” IEEE Internet of Things Journal, vol. 3, no. 6, pp. 1025–1035, 2016. View at: Google Scholar
 W. Liao, S. Salinas, M. Li, P. Li, and K. A. Loparo, “Cascading failure attacks in the power system: a stochastic game perspective,” IEEE Internet of Things Journal, vol. 4, no. 6, pp. 2247–2259, 2017. View at: Publisher Site  Google Scholar
 H. Sedjelmaci, S. M. Senouci, and T. Taleb, “An accurate security game for lowresource iot devices,” IEEE Transactions on Vehicular Technology, vol. 66, no. 10, pp. 9381–9393, 2017. View at: Publisher Site  Google Scholar
 R. Kaur, N. Kaur, and S. K. Sood, “Security in iot network based on stochastic game net model,” International Journal of Network Management, vol. 27, no. 4, Article ID e1975, 2017. View at: Publisher Site  Google Scholar
 S. Shen, L. Huang, H. Zhou, S. Yu, E. Fan, and Q. Cao, “Multistage signaling gamebased optimal detection strategies for suppressing malware diffusion in fogcloudbased iot networks,” IEEE Internet of Things Journal, vol. 5, no. 2, pp. 1043–1054, 2018. View at: Publisher Site  Google Scholar
 D. W. K Yeung and L. A Petrosjan, Cooperative Stochastic Differential Games, Springer Science & Business Media, Berlin, Germany, 2006.
 R. M Anderson and R. M May, Infectious Diseases of Humans: Dynamics and Control, Oxford University Press, Oxford, UK, 1992.
 X. Mao, Stochastic Differential Equations and Applications, Elsevier, Amsterdam, Netherlands, 2007.
 T. Alpcan and T. Başar, Network Security: A Decision and GameTheoretic Approach, Cambridge University Press, Cambridge, UK, 2010.
Copyright
Copyright © 2021 Li Miao and Shuai Li. This is an open access article distributed under the Creative Commons Attribution License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.