International Journal of System Signal Control and Engineering Application
ISSN: OnlineISSN: Print 1997-5422
Abstract
An epidemic model for active infectious nodes in computer sub-networks has been proposed where nodes continuously interact with each other. Nodes become infectious due to the attack of malicious objects (virus, worms, trojan horse etc.) either through internet or through secondary devices. Threshold condition and the doubling time for an epidemic to start have been obtained and it has been found that larger the basic reproductive rate, shorter is the doubling time. Numerical method has been employed to solve the system of equations and the behavior of the proportion for active and non-active nodes of infectious class has been critically analyzed. The simulation results may be helpful in simulating malicious objects epidemics in network.
INTRODUCTION
The world has become a more interconnected place. Electronic communication, e-commerce, tele-therapy, e- governance, network services and the internet have become vital components of business strategies, government operations and private communications. Many organizations have become dependent on this cyber world for their daily activities. This interconnectivity has also brought forth those who wish to exploit it. Computer security has thus become a necessity in the cyber age.
While information dependence is increasing, the threat from malicious objects (virus, worms, trojan horse, etc.) is also on the rise. The number of computer viruses has been increasing exponentially from their first appearance in 1986 to over 74,000 different strains identified today. Viruses were once spread by sharing disks now, global connectivity allows malicious code to spread farther and faster. Similarly, computer misuse through network intrusion is on the rise.
There are several computational techniques that look to biology for inspiration. Some common examples include networks, evolutionary algorithms and immunological computation (Harmer et al., 2002). Many researchers have taken help of the biological system to understand the behavior of spread of malicious objects in a computer network and how to immune the computer system (Mishra and Saini, 2007a, b; Mishra and Jha, 2007; Cohen, 1987; Serazzi and Zanero, 2003; Kephart, 1995; Kephart and White, 1993; Kephart et al., 1993; Piqueira and Cesar, 2008; Navarro et al., 2005; Richard and Mark, 2005; Forest et al., 1994; Chen and Jamil, 2006; Wang and Wang, 2003). The action of malicious objects throughout a network can be studied by using epidemiological models for disease propagation (Mishra and Saini, 2007a, b; Mishra and Jha, 2007; Piqueira and Cesar, 2008; Navarro et al., 2005; Wang and Wang, 2003).
Based on the Kermack and McKendrick SIR model (Kermack and Mckendrick, 1927, 1932, 1933), dynamical models for malicious objects propagation were proposed, providing estimations for temporal evolutions of infected nodes depending on network parameters considering topological aspects of the network (Mishra and Saini, 2007a, b; Mishra and Jha, 2007; Kephart et al., 1993; Zou et al., 2005; Keeling and Eames, 2005; Williamson and Laeveillae, 2003).
This kind of approach was applied to e-mail propagation schemes (Newman et al., 2002) and modification of SIR models generated guides for infection prevention by using the concept of epidemiological threshold (Mishra and Saini, 2007a, b; Mishra and Jha, 2007; Draief et al., 2008). Richard and Mark (2005) propose an improved SEI (susceptible-exposed-infected) model to simulate virus propagation. However, they do not show the length of latency and take into account the impact of anti-virus software. The model SEIR proposed by the researchers. Yan and Liu (2006) assumes that recovery hosts have a permanent immunization period with a certain probability which is not consistent with real situation. In order to overcome limitation, Mishra and Saini (2007a, b) present a SEIRS model with latent and temporary immune periods which can reveal common worm propagation. Recently, more research attention has been paid to the combination of virus propagation models and antivirus counter measures to study the prevalence of virus, for example, virus immunization ( Mishra and Jha, 2007; Kephart, 1995; Madar et al., 2004; Pastor-Satorras and Vespignani, 2002; May and Lloyd, 2001; Datta and Wang, 2005) and quarantine (Chen and Jamil, 2006; Zou et al., 2003; Moore et al.,. 2003; Mishra and Jha, 2010).
In this study, an epidemic model for active infectious nodes in computer sub-networks are discussed. This will provide an opportunity for us to study the behavior of malicious objects with self replicating properties and the time during which we must be cautious enough for the safety of the nodes in computer sub networks which are deemed important and desirable for understanding the malicious objects spread patterns as well as for management and control of the spread.
MATERIALS AND METHODS
Mathematical model formulation: To avoid the total crash of the computer network, researcher divide the complete computer network in various sub-networks. Each of the sub-networks has several nodes attached to it and has a continuous interaction with each other.
Assumptions:
| • | The number of nodes attached to a specific network at any time t and is assumed to be a variable |
| • | Infected node is introduced into an infection-free population of susceptible nodes intentionally or non-intentionally |
| • | Susceptible nodes die naturally at a rate μ |
| • | Active infectious nodes die at a rate d due to the attack of malicious objects |
| • | When a node is infected, it may self-replicate with a probability and may not self-replicate with a probability (1-q) |
| • | Rate of transferal from a susceptible to infectious class is λc |
| • | A proportion of infectious class is assumed to become non-active. These non-active nodes have been detected to have malicious objects present within them but they do not infect other nodes when interacted |
Natural death of nodes equivalently mean to say the crashing of the nodes due to hardware and (or) software, whereas the death due to disease of nodes equivalently mean to say the crashing of the nodes due to the attack of malicious objects.
 | |
| Fig. 1: | Transmission of malicious objects in computer sub-networks |
Based on the assumptions and computer network diagram (Fig. 1), we have the following systems of Equations (Murray, 2004):
 | (1) |
 | (2) |
 | (3) |
 | (4) |
 | (5) |
As N (t) is variable, adding Eq. 1-5, we get:
 | (6) |
If the number of secondary infection which arises from primary infection is >1 that is basic reproductive ratio R0>1, then epidemic starts.
Initially that is at t = 0 if infected node (intentionally or non-intentionally) is introduced into an infection-free population of susceptible nodes of the computer sub-networks, X≈N then using Eq. 5, we have:
 | (7) |
as the time lag 1/v from infection to active infectious stage is very much shorter than the average life expectancy 1/μ of a susceptible node that is v>>μ. We thus arrive to the approximate threshold condition for the start of an epidemic from Eq. 7 shown by:
 | (8) |
The steady state when the epidemic starts for the system 1-5 is given by:
 | (9) |
RESULTS ANS DISCUSSION
During the early stage of an epidemic (t = 0), all the nodes attached to the
sub-networks are susceptible that is 
and the equation for the growth of the active infectious nodes is approximated
by Eq. 7 whose solution is given by:
 |
Where Y (0) is the initial number of infectious nodes introduced into the susceptible population of the computer sub-networks.
Lemma: The intrinsic growth rate r = v (R0-1) is positive only if an epidemic exists that is R0>1. Equation 10 will be helpful to obtain the doubling time for the epidemic that is the time td when Y (td) = 2Y (0) as:
 | (10) |
It is clear from Eq. 10 that larger the basic reproductive rate R0, shorter is the doubling time. If we substitute Eq. 10 into Eq. 3 for the active infectious node we get:
 | |
| Fig. 2: | Numerical simulation of the system Eq. 1-5 having parameter values b = 131, p = 0.3, v = 0.3 , c = 5, μ = 1/30, d = 0.8, R0= 5 and β = 0.3, q = 0.05 with initial conditions X (0) + Y (0) = N (0) = 1000, A (0) = 0 = Z (0) |
 |
Early on in the epidemic there are no active infectious node that is A (0) = 0 and so the solution is given by:
 | (11) |
Numerical method has been employed to solve the system of Eq. 1-5 and the result is shown in Fig. 2. From Fig. 2, the model predicts that infectious active class A reaches at a maximum in 8-10 h. Further, there is the same observation for the nodes of infectious class Y which also reaches a maximum during 8-10 h. This is the time when we must be cautious for the safety of the nodes in the computer sub-networks. It is advised to run anti-malicious software during this time interval to minimize the spread of malicious objects when nodes of susceptible class X interact with the nodes of A class or Y class.
CONCLUSION
Inspired by the biological epidemic compartment models, a general epidemic model for the transmission of malicious objects in computer sub networks is developed. It has been shown that as the number of secondary infection which arises from primary infection is >1 that is basic reproductive ratio R0>1 then epidemic starts. Numerical method has been employed to solve the system of equations and the behavior of the proportion for active and non-active nodes of infectious class has been analyzed. Time for the maximum infection is simulated using real parametric values and its use might help in estimating the dynamic behavior of malicious objects in active infectious nodes of real systems. The future research will center on linearization about the steady state and it may be shown that (X, Y, Z, A) tends to (X*, Y*, Z*, A*) in a damped oscillatory manner with a period of oscillation given in terms of the model parameters. The model may be validated with simulations obtained by NS2 (Network simulator).
NOMENCLATURE
| N (t) | = | Total number of nodes attached to a computer sub-networks |
| X (t) | = | Number of susceptible nodes in the computer sub-networks |
| Y (t) | = | Number of infectious nodes in the computer sub-networks |
| A (t) | = | Number of active infectious nodes (proportion of infectious class) in the computer sub-networks and interacting continuously with each other |
| Z (t) | = | Number of non-active nodes (proportion of infectious class) in the computer sub-networks |
| B | = | Immigration rate of susceptible nodes into a computer sub-networks having population size of N (t) |
| μ | = | Natural death rate of susceptible nodes |
| d | = | Death rate of active infected nodes |
| λ | = | Probability of acquiring infection from a randomly chosen node while interacting in the computer sub-networks |
| c | = | Number of interacting nodes in the computer sub-networks |
| β | = | Transmission probability |
| p | = | Proportion of infectious class which are active infectious |
| 1 - p | = | Proportion of infectious class which is assumed to become non-active |
| v | = | Rate of conversion from infectious class to active infectious class and is assumed to be constant |
| q | = | Probability of self replication of the kth malicious agent |
| td | = | Doubling time of an epidemic |
How to cite this article:
Prasant Kumar Nayak and Bimal Kumar Mishra. Epidemic Model for Active Infectious Nodes in Computer Sub-Networks.
DOI: https://doi.org/10.36478/ijssceapp.2009.56.60
URL: https://www.makhillpublications.co/view-article/1997-5422/ijssceapp.2009.56.60