Mathematical Models for New Types of Cyberattack and Associated Defence StrategiesView this Special Issue
Research Article | Open Access
Li Miao, Shuai Li, "Stochastic Differential Game-Based Malware Propagation in Edge Computing-Based IoT", Security and Communication Networks, vol. 2021, Article ID 8896715, 11 pages, 2021. https://doi.org/10.1155/2021/8896715
Stochastic Differential Game-Based Malware Propagation in Edge Computing-Based IoT
Internet of Things (IoT) has played an important role in our daily life since its emergence. The applications of IoT cover from the traditional devices to intelligent equipment. With the great potential of IoT, there comes various kinds of security problems. In this paper, we study the malware propagation under the dynamic interaction between the attackers and defenders in edge computing-based IoT and propose an infinite-horizon stochastic differential game model to discuss the optimal strategies for the attackers and defenders. Considering the effect of stochastic fluctuations in the edge network on the malware propagation, we construct the Itô stochastic differential equations to describe the propagation of the malware in edge computing-based IoT. Subsequently, we analyze the feedback Nash equilibrium solutions for our proposed game model, which can be considered as the optimal strategies for the defenders and attackers. Finally, numerical simulations show the effectiveness of our proposed game model.
Recently, a rapidly increasing number of physical devices and sensors are connecting to the Internet at an unprecedented rate. It has led to the emergence of the Internet of Things (IoT). By deploying smart devices and sensors to collect and analyze the physical data, the IoT can monitor and control the physical environment . IoT has brought great convenience to our daily life in the past few years. For example, the IoT has been widely used in intelligent transportation, smart home appliances, smart healthcare, and other fields [2, 3].
Since the IoT devices typically have limited resources, it is common to forward the physical data to the cloud computing platform, which will need extra bandwidth or cause data security problem. With the advance of IoT, edge computing has been introduced to address the above issues [4–6]. Generally, edge computing provides powerful computing resources at the edge of the Internet and is close to the IoT devices [7, 8]. Edge computing has relieved the pressure of bandwidth and overcome the latency issue. However, edge computing environment is an open ecosystem and the IoT devices with limited resources are more vulnerable to be attacked . Then, the existing defense mechanisms based on cloud computing cannot be used to edge computing because of the geographically dispersed nature of IoT devices. Thus, how to effectively design defense mechanisms to defend against attackers has become a serious problem that desperately needs to be solved. In this paper, we pay attention to the security problem of malware propagation based on the stochastic differential game; in this framework, we try to model an optimal defense strategy for IoT devices.
In edge computing-based IoT, attackers want to infect more IoT devices with malware to gain illegal gains using the attack strategy, while the defenders want to minimize the damage caused by IoT devices infected with malware using the defense strategy. Meanwhile, the IoT devices join or exit the network randomly, which can affect the stability of the edge network. The dynamic interaction between the attackers and defenders leads to the propagation of the malware, and the influence of network instability can be considered as the stochastic elements. In this paper, we propose an infinite-horizon stochastic differential game model to research the malware propagation among IoT devices under the dynamic interaction between attackers and defenders in edge computing-based IoT, considering the stochastic fluctuations in the network. The main contributions of our proposed scheme are as follows:(1)Firstly, we use the infinite-horizon stochastic differential game to model the malware propagation under the dynamic interaction between the attackers and defenders in edge computing-based IoT.(2)Secondly, the Itô stochastic differential equation is used to characterize the effect of stochastic fluctuations of the edge network on the malware propagation.(3)Finally, we discuss the feedback Nash equilibrium solutions for our proposed game model, which can be considered as the optimal strategies for both the attackers and defenders.
This paper is organized as follows. Section 2 introduces related works. Section 3 discusses the security problem of the attackers and defenders in a stochastic differential game theory. The feedback Nash equilibrium solutions for our proposed game model are analyzed in Section 4. Numerical simulations are given in Section 5. Finally, we conclude this paper in Section 6.
2. Related Works
Malware propagation problem is one of the most fundamental problems, for which many kinds of research have been proposed in the literature [10–15]. Malware propagation means that the infected legitimate nodes are able to contaminate other noninfected legitimate nodes, in addition to the attack nodes . The edge users achieve shared interactions through smart applications in edge computing-based IoT, which increase the probability of malware download.
Generally, there are two complementary classes of methods to defend against malware threat: detection-based method and prevention-based method. Tobias et al.  proposed a novel malware detection approach that used the compression-based graph mining, in which the characteristic behaviors were extracted by the quantitative data flow graphs to derive the detection accuracy. TaeGuen et al.  discussed the malware characteristics through the feature vector generation methods and proposed a multimodal deep neural network malware detection model for android applications. The advantage of this method is more suitable for the dynamic environments. Dehghantanha et al.  studied the malware detection problem in IoT using the deep learning based method, which provided a new direction for further research. Since various IoT device vulnerabilities, Indre et al.  created a system that could detect and prevent malicious connections based on machine learning to enhance network security. Lan et al.  researched the propagation of epidemic in complex networks and proposed a dynamic prevention model with a time-varying community network. They considered the subnets of the network as communities and investigated the process of the malware. Khouzani et al.  searched the propagation of malware in a battery-constrained mobile device, considering the fact that malware can control the rate of killing the infectives and the scanning rate of the infectives. The maximum damage caused by the malware was quantified with the optimal control theory, through which the network damage can be minimized by adjusting the relevant parameters.
In addition to successful defense mechanisms to defend against malware threat, another effective defense scheme should consider both the limited resources and the dynamic characteristic of network. In recent years, game theory has been used to solve the decision making between the IoT devices and attackers [17, 18]. Game theory provides a mathematical method for the problems that different players compete with each other or with contradictory goals. Similarly, an effective security scheme in edge computing-based IoT depends not only on the successful defense strategies but also on the attackers’ behaviors.
Spyridopoulos et al.  proposed a game-based security model to solve the malware dissemination prevention problem and analyzed the optimal defense strategy for the defender to minimize the damage of malware and the security cost with the optimal strategy. Quang et al.  modeled the problem of defending against attackers in IoT networks as a Bayesian game of incomplete information and showed that there was a threshold for the frequency of active attackers. Liao et al.  designed a zero-sum stochastic game to analyze the effect of malware in IoT and obtained the optimal defense strategy by the feedback Nash equilibrium solutions for the game model. Sedjelmaci et al.  presented a game-based detection technology for IoT device, which can not only activate the anomaly detection technology but also balance the energy consumption. Kaur et al.  proposed a stochastic game net security model, which combined the advantages of game theory and stochastic Petri nets. Shen et al.  proposed a multistage privacy-preserved game model for malware detection in fog-cloud-based IoT networks. In , the optimal detection strategy was attained under the consideration of privacy leakage of IoT devices, and the proposed detection scheme overcame the problem of limited resources of IoT devices.
Nevertheless, none of the above research considered the stochastic characteristic of edge network.. In this paper, we introduce an infinite-horizon stochastic differential game to analyze the malware propagation problem in edge computing-based IoT, in which the stochastic characteristic of edge networks is considered.
3. System Model
In this section, we will use the infinite-horizon stochastic differential game to model the malware propagation under the dynamic interaction between the attackers and defenders. An infinite-horizon stochastic differential game involves an -dimensional vector-valued stochastic differential equationwhich describes the evolution of the state and objective functionswhere denotes the expectation operation taken at time , is an matrix, is an -dimensional Brownian motion, and the initial state is given in .
We consider an edge computing-based IoT environment with IoT devices. Figure 1 shows the architecture of edge computing-based IoT.
We first use the SEIRS model  to describe the spread of the malware in edge computing-based IoT. Like the SEIRS model, we divide the IoT devices into susceptible, exposed, infective, and recovered classes. The devices in the infectious state show that the device has been infected by the malware and the susceptible device is prone to be infected, but not infected. The exposed IoT device shows that it has been infected but not yet infectious, and the device in the recovery state represents that it has been immune to malicious attacks. We use , , , and to denote the number of them at time , respectively (that is, ).
Let denote the rate of transmitting malware between a susceptible and an infectious IoT device, denote the rate of exposed IoT devices becoming infectious, denote the rate of infectious IoT devices becoming recovered, denote recovered IoT devices becoming susceptible, denote the number of IoT devices from susceptible to exposed caused by the attacker strategy at time , and denote the number of IoT devices from infectious to recovered caused by the defender strategy at time . As shown in Figure 2, due to the dynamic interaction between the attackers and defenders, the spread of the malware in edge computing-based IoT can be described as the following differential equations:
In edge computing-based IoT, the parameters , , , and also may fluctuate because of the effect of stochastic fluctuations of the edge network on the malware propagation. To characterize the fluctuation of the parameters , , , and , we work on a complete probability space with a filtration satisfying the usual conditions . By the central limit theorem, the fluctuation of the parameters , , , and follows a normal distribution. Then, we may replace the parameters , , , and by , , , and , respectively, where is standard Brownian motion defined on the complete probability space with and is a positive constant describing the intensity of the fluctuation for . Thus, the differential equations (3) can be rewritten as the following It ô stochastic differential equations:
As mentioned in Section 1, in edge computing-based IoT, attackers want to make malware infect more IoT devices to gain illegal gains using the attack strategy, while defenders want to reduce the damage caused by IoT devices infected with malware using the defense strategy. More accurately, the aim of the attackers includes maximizing the number of infectious IoT devices and the number of IoT devices from susceptible to exposed and reducing the payoff of the attack strategy; the aim of the defenders includes minimizing the number of infectious IoT devices and the number of IoT devices from susceptible to exposed and reducing the payoff of the defense strategy. Inspired by Alpcan and Başar , the payoff of the attack strategy and the defense strategy can be described as and , respectively, where and are positive constants. Thus, the objective functions of the attackers and defenders can be formulated aswhere and are positive constants, and are constants, and is the discount factor. Note that represents the benefits of each infectious IoT devices to the defenders while represents the losses of each infectious IoT devices to the defenders; describes that the payoff of the attack strategy is proportional to the number of IoT devices from susceptible to exposed caused by the attack strategy while describes that the payoff of the defense strategy is proportional to the number of IoT devices from infectious to recovered caused by the attack strategy.
In summary, the malware propagation under the dynamic interaction between the attackers and defenders can be formulated as the infinite-horizon stochastic differential game:subject to the stochastic dynamicswherefor , , , and .
4. Nash Equilibrium Solution
In this section, we will discuss the feedback Nash equilibrium solutions for game 6-7 to obtain the optimal strategies for the defender and attackers. Each participant is assumed to be rational and the decision making of each participant depends on their own objective functions in this game. The feedback Nash equilibrium solutions for game 1-2 can be characterized by the following theorem .
Theorem 1. An -tuple of strategies provides a feedback Nash equilibrium solution to game 1-2 if there exist continuously twice differentiable functions , , satisfying the following set of partial differential equations:where denotes the covariance matrix with its element in row and column denoted by .
Invoking Theorem 1, we obtain two feedback strategies and constituting the feedback Nash equilibrium solutions for game 13-14, if there exist continuously twice differentiable functions , , satisfying the following set of partial differential equations:where is given byfor , , , and .
Applying the maximization operator in equation (15), we obtain the feedback Nash equilibrium solutions for game 13-14:
Proposition 1. The set of partial differential equation (15) admits a solution:where
According to the proof of Proposition 1, the feedback Nash equilibrium solutions for game 6-7 is given by equation (21). In other words, the optimal strategies for the defenders and attackers are derived. The optimal state for game 6-7 describes the propagation of the malware in edge computing-based IoT when both the attackers and defenders adopt the optimal strategy. Substituting (21) into (7), we obtain the optimal state for game 6-7, i.e.,
5. Numerical Simulations
In this section, we discuss the implementation of the stochastic game algorithm which is given in Table 1 and analyze the proposed infinite-horizon stochastic differential game model by simulations.
The algorithm is divided into two parts. One is the “feedback Nash equilibrium of defenders” part, which is used to calculate the optimal defense strategies during the attacks. The other is the “feedback Nash equilibrium of attackers,” which is used to calculate the optimal attack strategies. The time and space complexity is O (), respectively, because the proposed algorithm should be solved in a finite time horizon [0, T] for all the attackers and defenders. Besides, all the functions need to be invoked at each time.
We assume that the number of IoT devices is and consider the time horizon to be minutes. The rest of the related simulation parameters are shown in Table 1.
Figure 3 shows the optimal trajectory with time . It can be seen that the number of the susceptible devices is rapidly decreased with the time variation, while the number of the infected devices increases at the beginning and then gradually decreases to zero. The dynamic evolution of the number of the exposed devices is similar to that of the infected devices. In addition, the number of the recovered devices is increased with the time variation. It means that defenders can respond their defense mechanism against attackers, which is consistent with the practical network environment, where the infected devices are always recovered and the exposed devices always exist.
Based on equation (21), we discuss the optimal strategies of the attackers and defenders in Figure 4. As shown in the results, the variation of the optimal defense strategy is increased with the time variation while the variation of optimal strategy of the attackers is decreased and then tends to be stable.
Figure 5 shows the change of the optimal strategy of the attackers with and while Figure 6 shows the change of the optimal strategy of the defenders with and , where represents the benefits of each infectious IoT device to the defenders while represents the losses of each infectious IoT devices to the defenders; describes that the payoff of the attack strategy is proportional to the number of IoT devices from susceptible to exposed caused by the attack strategy while describes that the payoff of the defense strategy is proportional to the number of IoT devices from infectious to recovered caused by the attack strategy. It can It can be seen that the level of the optimal strategy of attackers increases with the increase of and while the level of the optimal strategy of defenders increases with the increase of and . As shown in the results, the level of the optimal strategy of defenders grows faster.
The comparison of proposed model with the existing model  is shown in Figure 7; it can be seen that the number of infected devices in both models is rapidly increased with the time variation and then decreased. The number of infected devices in the proposed model is less than that of the comparative model, which means that the proposed security strategy is more effective and more suitable for IoT environment.
In this paper, we have proposed an infinite-horizon stochastic differential game model to study the malware propagation problem under the dynamic interaction between the attackers and defenders in the edge computing-based IoT environment that is composed by IoT devices and to maximize the profit for both the attackers and defenders. In terms of model construction, we assumed that the states of IoT devices were infected, susceptible, exposed, and recovered and considered the effect of the stochastic fluctuations of the network on the state of the IoT devices. By solving the feedback Nash equilibrium solutions for our proposed game model, we obtained the optimal strategies for both the attackers and defenders. Based on the simulations results, it can be seen that the proposed model can prevent the malware propagation in edge computing-based IoT. In future work, we will apply this model to other resource-constrained environments.
The data used in this paper are given in Table 1.
Conflicts of Interest
The authors declare that they have no conflicts of interest.
This study was supported by the Science and Technology Innovation Team of Big Data Intelligent Technology and Application (030103060053) and the Computer Science and Technology (030900002009).
- D. He, S. Chan, and M. Guizani, “Security in the internet of things supported by mobile edge computing,” IEEE Communications Magazine, vol. 56, no. 8, pp. 56–61, 2018.
- J. Lin, W. Yu, N. Zhang, X. Yang, H. Zhang, and W. Zhao, “A survey on internet of things: architecture, enabling technologies, security and privacy, and applications,” IEEE Internet Of Things Journal, vol. 4, no. 5, pp. 1125–1142, 2017.
- C. Majumdar, M. López-Benítez, and S. N. Merchant, “Real smart home data-assisted statistical traffic modeling for the internet of things,” IEEE Internet of Things Journal, vol. 7, no. 6, pp. 4761–4776, 2020.
- N. Hassan, S. Gillani, E. Ahmed, I. Yaqoob, and M. Imran, “The role of edge computing in internet of things,” IEEE Communications Magazine, vol. 99, pp. 1–6, 2018.
- Y. Zhang, Y. Wu, H. Moustafa, A. Leon-Garcia, and U. Javaid, “Multi-access mobile edge computing for heterogeneous iot,” IEEE Communications Magazine, vol. 56, no. 8, pp. 12-13, 2018.
- J. Pan and J. McElhannon, “Future edge cloud and edge computing for internet of things applications,” IEEE Internet of Things Journal, vol. 5, no. 1, pp. 439–449, 2018.
- P. Guan, X. Deng, Y. Liu, and H. Zhang, “Analysis of multiple clients' behaviors in edge computing environment,” IEEE Transactions on Vehicular Technology, vol. 67, no. 9, pp. 9052–9055, 2018.
- J. Zhang, B. Chen, Y. Zhao, X. Cheng, and F. Hu, “Data security and privacy-preserving in edge computing paradigm: Survey and open issues,” IEEE Access, vol. 6, pp. 18209–18237, 2018.
- Ai Yuan, M. Peng, and K. Zhang, “Edge computing technologies for internet of things: a primer,” Digital Communications and Networks, vol. 4, no. 2, pp. 77–86, 2018.
- W. Tobias, A. Cislak, M. Ochoa, and P. Alexander, “Leveraging compression-based graph mining for behavior-based malware detection,” IEEE Transactions on Dependable and Secure Computing, vol. 16, no. 1, 2017.
- T. Kim, B. Kang, M. Rho, S. Sezer, and E. G. Im, “A multimodal deep learning method for android malware detection using various features,” IEEE Transactions on Information Forensics and Security, vol. 14, no. 3, pp. 773–788, 2019.
- A Dehghantanha, A Azmoodeh, and K.-K. R Choo, “Robust malware detection for internet of (battlefield) things devices using deep eigenspace learning,” IEEE Transactions On Sustainable Computing, vol. 99, 2018.
- I. Indre and C. Lemnaru, “Detection and prevention system against cyber attacks and botnet malware for information systems and internet of things,” in 2016 IEEE 12th International Conference on Intelligent Computer Communication and Processing (ICCP), pp. 175–182, Cluj-Napoca, Romania,, September 2016.
- L. Liu and K. L RyanG. Ren and X. Xu, “Malware propagation and prevention model for time-varying community networks within software defined networks.,” Security and Communication Networks, vol. 2017, Article ID 2910310, 10 pages, 2017.
- M. H. R. Khouzani, S. Sarkar, and E. Altman, “Maximum damage malware attack in mobile wireless networks,” IEEE/ACM Transactions on Networking, vol. 20, no. 5, pp. 1347–1360, 2012.
- V. Karyotis and M. H. R Khouzani, Malware Diffusion Models for Modern Complex Networks: Theory and Applications, Morgan Kaufmann, Burlington, MA, USA, 2016.
- J. Moura and D. Hutchison, “Game theory for multi-access edge computing: survey, use cases, and future trends,” IEEE Communications Surveys & Tutorials, vol. 21, no. 1, pp. 260–288, 2019.
- M. Abdalzaher, K. Seddik, M. Elsabrouty, O. Muta, H. Furukawa, and A. Abdel-Rahman, “Game theory meets wireless sensor networks security requirements and threats mitigation: a survey,” Sensors, vol. 16, no. 7, p. 1003, 2016.
- T. Spyridopoulos, K. Maraslis, A. Mylonas, T. Tryfonas, and O. George, “A game theoretical method for cost-benefit analysis of malware dissemination prevention,” Information Security Journal: A Global Perspective, vol. 24, no. 4–6, pp. 164–176, 2015.
- D. L. Quang, Q. S Tony, J. Lee, S. Jin, and H. Zhu, “Deceptive attack and defense game in honeypot-enabled networks for the internet of things,” IEEE Internet of Things Journal, vol. 3, no. 6, pp. 1025–1035, 2016.
- W. Liao, S. Salinas, M. Li, P. Li, and K. A. Loparo, “Cascading failure attacks in the power system: a stochastic game perspective,” IEEE Internet of Things Journal, vol. 4, no. 6, pp. 2247–2259, 2017.
- H. Sedjelmaci, S. M. Senouci, and T. Taleb, “An accurate security game for low-resource iot devices,” IEEE Transactions on Vehicular Technology, vol. 66, no. 10, pp. 9381–9393, 2017.
- R. Kaur, N. Kaur, and S. K. Sood, “Security in iot network based on stochastic game net model,” International Journal of Network Management, vol. 27, no. 4, Article ID e1975, 2017.
- S. Shen, L. Huang, H. Zhou, S. Yu, E. Fan, and Q. Cao, “Multistage signaling game-based optimal detection strategies for suppressing malware diffusion in fog-cloud-based iot networks,” IEEE Internet of Things Journal, vol. 5, no. 2, pp. 1043–1054, 2018.
- D. W. K Yeung and L. A Petrosjan, Cooperative Stochastic Differential Games, Springer Science & Business Media, Berlin, Germany, 2006.
- R. M Anderson and R. M May, Infectious Diseases of Humans: Dynamics and Control, Oxford University Press, Oxford, UK, 1992.
- X. Mao, Stochastic Differential Equations and Applications, Elsevier, Amsterdam, Netherlands, 2007.
- T. Alpcan and T. Başar, Network Security: A Decision and Game-Theoretic Approach, Cambridge University Press, Cambridge, UK, 2010.
Copyright © 2021 Li Miao and Shuai Li. This is an open access article distributed under the Creative Commons Attribution License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.