1. Introduction
Worm is a program that can run by itself and can replicate and spread autonomously in the network. With the rapid development of information technology, M2M technologies have been widely used in mobile communication, medical care, military reconnaissance, and so on. An M2M wireless network is a network which is based on the intelligent interaction among smart devices, and it is a blending of several heterogeneous networks, such as WAN (Wide Area Network), LAN (Local Area Network) and PAN (Personal Area Network), its application has evolved widely. According to the 2015 Symantec Global Internet Security Threat Report [
1], the year 2014 was a year with far-reaching vulnerabilities, faster attacks, files held for ransom, and far more malicious code than in previous years. While people are enjoying the convenience, the damages caused by malicious worms and their variants in M2M wireless network are becoming increasingly serious, due to the variety of network forms, the openness of information, the mobility of communication applications, the security vulnerability of operating systems, the complexity of network nodes, and so on. The most significant difference between a traditional computer network infection and M2M wireless network is that the latter evolved much faster and can cause broader and more dangerous harm, as the latter contains more mobile devices and wireless devices.
Currently, a number of detection and defense technologies have been proposed to contain worm propagation, but they cannot fundamentally solve those problems. In addition to benign worms, there exist beneficial worms which can dynamically proactive defense against the malicious worm propagation and patch for the susceptible hosts. Thus benign worms can solve the malicious worm propagation problem to a large degree and they have been a potential solution to restrain and resist the spread of malicious worms. Even though users lack cybersecurity awareness or take poor security measures, benign worms also can maintain the network security. Therefore, worm-anti-worm strategy is a best-effort approach to contain the spread of malicious worms. That is why in this paper we first consider using benign worms to counter the malicious worms. Motivated by this, we propose a novel dynamical model to study the dynamics of interaction infection between malicious worms and benign worms. Through theory analysis and simulation, this article studies the dynamical behaviors of the two-worm interaction.
As we all know, removable devices provide another way other than the Internet for the spread of worms. However, nearly all previous models [
2,
3,
4,
5,
6,
7,
8,
9,
10,
11,
12,
13,
14,
15] ignore the fact that worms can infect not only the computers but also many kinds of external wireless or wired removable devices, e.g., external hard drives, USB drives, mobile phones, wireless handheld devices,
etc. With the development of WiFi and M2M wireless network technology, the M2M wireless network has a certain large coverage area in large cities, and even in some remote areas. While people are enjoying the convenience, worms can exploit the various wireless networks and threaten the cyber space. According to the Symantec security response, the first wireless worm appeared in 2004, which exploited vulnerabilities in the Symbian OS and propagated through Bluetooth wireless connections. Different from the spreading form of worms in traditional networks, worms can inadvertently send copies of themselves to some other nodes that can be infected. Studies show that, due to most wireless protocols allowing neighborhood discovery, proximity of wireless devices can promote worm propagation. Besides, the mobility of removable devices helps to transport worms to a lager geographic space and allows them to last for a longer time. Therefore, it is important to study the dynamics of interaction infection between computers and removable devices. Motivated by this, we propose a novel dynamical model based on the above facts.
In this article, we analyze the malicious worm propagation in an M2M wireless network by using the mathematical model. We consider the influences of removable devices on the interaction dynamics between malicious worms and benign worms in our model. By investigating the local stability of the worm-free equilibrium, we obtain the basic reproduction number. By choosing a suitable Lyapunov function, we prove the asymptotical stability of worm propagation. Crucially, we obtain the effective threshold of controlling the spread of malicious worms.
The rest of this paper is organized as follows.
Section 2 describes some related works of worm propagation models.
Section 3 presents the novel worm anti-treat model and gives the relevant proofs of stability. Simulation and control strategies are given in
Section 4. Finally,
Section 5 concludes this paper.
3. The Model
In a wireless M2M network, we divide nodes into two types: fixed nodes and removable nodes. Fixed nodes are fixed computers, while removable nodes are wireless mobile devices with networking capability, such as mobile phones and tablet computers, or removable devices with no networking capability, such as hard drives and USB drives. The worm propagation behavior on fixed nodes is similar to the spreading behavior of worms in a traditional network, but different from it when it comes to removable devices. All the wireless removable devices autonomously roam in the network: when wireless devices are connected to network and move to the sensing area of nodes, the worms can detect possible vulnerabilities in the equipment and prepare for the infections. When removable devices without networking capability are connected to computers, the worms that exist in them can infect susceptible computers; moreover, they also can be infected by worms that exist in those computers.
Our model is based on the following assumptions: (1) Our model falls under the category of a homogeneous worm propagation model, that means, our model ignores the network topology and it is based on the concept of a network fully-connected graph; (2) We assume that the number of total fixed nodes is
, total removable nodes is
and other states of nodes do not change in unit time
; (3) We assume that removable devices are used equally in the whole network; (4) Since the number of removable devices users is huge, and the users exist in all over the network, we assume that removable nodes are uniform distribution in the whole network; (5) All newly fixed nodes and removable nodes accessed the network are susceptible; (6) Once fixed nodes are immunized, they will gain permanent immunity and can no longer be infected by malicious worms; (7) We assume all nodes will remain in their state when they get out of the network; (8) Wireless removable devices’ worms have no space constrains and can be connected to a network to carry out a wider range of transmission.
In our model, all nodes are in six compartments: susceptible fixed nodes (
)-nodes are healthy but are not immune to AutoRun worms; fixed nodes infected by malicious worm (
); fixed nodes infected by benign worm (
); immunized nodes (
)-nodes have been immunized by anti-virus program, firewall or benign worms; susceptible removable nodes (
)-removable nodes without malicious worms; infected removable nodes (
)-removable nodes have infected by malicious worm and can infect other susceptible nodes. At any time
, the total fixed nodes are
, and the total removable nodes are
. The six states and state transition in our model are shown in
Figure 1.
The notations in
Figure 1 are listed as follows.
and
respectively are the number of new fixed and removable nodes join the network.
and
represent the immunized rate of susceptible fixed nodes and susceptible removable nodes by using anti-virus program and firewall, respectively.
and
are the effective infection rates of malicious worms and benign worms, respectively.
and
respectively represent the obsolescence rate of fixed nodes and removable nodes.
is the self-destruct rate of benign worms after completing repair work.
is the online rate of removable nodes.
Figure 1.
State transition diagram of our model.
Let
, based on
Figure 1 we can obtain the equations of the model as follows:
From system Equation (1), we can set the model’s feasible region as
U is positively invariant for system Equation (1), we will analyze the stabilities of Equation (1) in the set U.
Acknowledgments
This work was supported by National Natural Science Foundation of China (NO.61202450, NO.U1405255, NO.61402110, NO.61472083), and the development project of Fujian provincial strategic emerging industries technologies: Key technologies in development of next generation Integrated High Performance Gateway, Fujian Development, and Reform Commission High-Technical (2013) 266, Fuzhou Science and Technology Bureau (No.2013-G-84), the Scientific Research Foundation for the Returned Overseas Chinese Scholars, Ministry of Education of China, and Fujian Normal University Innovative Research Team (NO.IRTL1207).
Author Contributions
The research scheme was mainly designed by Jinhua Ma, Zhide Chen, Wei Wu, Rongjun Zheng, and Jianghua Liu performed the research and analyzed the data. The paper was mainly written by Jinhua Ma. All authors have read and approved the final manuscript.
Conflicts of Interest
The authors declare no conflict of interest.
References
- 2015 Symantec Global Internet Security Threat Report. Available online: http://www.symantec.com/security-response (accessed on 24 August 2015).
- Anderson, R.M.; May, R.M. Infectious Diseases of Humans: Dynamics and Control; Oxford University Press: Oxford, UK, 1991; pp. 174–175. [Google Scholar]
- Wood, P.H.N. The Mathematical Theory of Infectious Diseases and Its Applications. Immunology 1978, 34, 955–956. [Google Scholar]
- Štěpán, J.; Hlubinka, D. Kermack-McKendrick epidemic model revisited. Kybernetika 2007, 43, 395–414. [Google Scholar]
- Capasso, V.; Serio, G. A generalization of the Kermack-McKendrick deterministic epidemic model. Math. Biosci. 1978, 42, 43–61. [Google Scholar] [CrossRef]
- Zou, C.C.; Gong, W.; Towsley, D. Code red worm propagation modeling and analysis. In Proceedings of the 9th ACM Conference on Computer and Communications Security, Washington, DC, USA, 18–22 November 2002; pp. 138–147.
- Mishra, B.K.; Saini, D.K. SEIRS epidemic model with delay for transmission of malicious objects in computer network. Appl. Math. Comput. 2007, 188, 1476–1482. [Google Scholar] [CrossRef]
- Toutonji, O.A.; Yoo, S.M.; Park, M. Stability analysis of VEISV propagation modeling for network worm attack. Appl. Math. Model. 2012, 36, 2751–2761. [Google Scholar] [CrossRef]
- Mishra, B.K.; Jha, N. SEIQRS model for the transmission of malicious objects in computer network. Appl. Math. Model. 2010, 34, 710–715. [Google Scholar] [CrossRef]
- Yao, Y.; Xiang, W.; Qu, A.; Yu, G. Hopf bifurcation in an SEIDQV worm propagation model with quarantine strategy. Discret. Dyn. Nat. Soc. 2012. [Google Scholar] [CrossRef]
- Qing, S.; Wen, W. A survey and trends on Internet worms. Comput. Secur. 2005, 24, 334–346. [Google Scholar] [CrossRef]
- Zhou, H.; Wen, Y.; Zhao, H. Modeling and analysis of active benign worms and hybrid benign worms containing the spread of worms. In Proceedings of the Sixth International Conference on Networking, ICN'07, Martinique, France, 22–28 April 2007; p. 65.
- Fang, Y.H.; Zheng, X.F.; Xie, T.T. A revised benign worm-anti-worm propagation model. Appl. Mech. Mater. 2012, 121, 4340–4344. [Google Scholar] [CrossRef]
- Wang, F.; Zhang, Y.; Wang, C.; Ma, J. Stability analysis of an e-SEIAR model with point-to-group worm propagation. Commun. Nonlinear Sci. Numer. Simul. 2015, 20, 897–904. [Google Scholar] [CrossRef]
- Wang, F.; Yang, Y.; Zhang, Y.; Ma, J. Stability analysis of the interaction between malicious and benign worms. Future Comput. Inf. Technol. 2014, 86, 217. [Google Scholar]
- Song, L.P.; Jin, Z.; Sun, G.Q.; Zhang, J.; Han, X. Influence of removable devices on computer worms: Dynamic analysis and control strategies. Comput. Math. Appl. 2011, 61, 1823–1829. [Google Scholar] [CrossRef]
- Gan, C.; Yang, X. Theoretical and experimental analysis of the impacts of removable storage media and antivirus software on viral spread. Commun. Nonlinear Sci. Numer. Simul. 2015, 22, 167–174. [Google Scholar] [CrossRef]
- Zhu, Q.; Yang, X.; Ren, J. Modeling and analysis of the spread of computer virus. Commun. Nonlinear Sci. Numer. Simul. 2012, 17, 5117–5124. [Google Scholar] [CrossRef]
- Heffernan, J.M.; Smith, R.J.; Wahl, L.M. Perspectives on the basic reproductive ratio. J. R. Soc. Interface 2005, 2, 281–293. [Google Scholar] [CrossRef] [PubMed]
- Van den Driessche, P.; Watmough, J. Reproduction numbers and sub-threshold endemic equilibria for compartmental models of disease transmission. Math. Biosci. 2002, 180, 29–48. [Google Scholar] [CrossRef]
- Robinson, R.C. An Introduction to Dynamical Systems: Continuous and Discrete; American Mathematical Society: Providence, RI, USA, 2012. [Google Scholar]
- Clark, R.N. The Routh-Hurwitz stability criterion, revisited. IEEE Control Syst. Mag. 1992, 12, 119–120. [Google Scholar] [CrossRef]
- Bellman, R. Stability Theory of Differential Equations; Courier Corporation: North Chelmsford, MA, USA, 2013. [Google Scholar]
© 2015 by the authors; licensee MDPI, Basel, Switzerland. This article is an open access article distributed under the terms and conditions of the Creative Commons Attribution license (http://creativecommons.org/licenses/by/4.0/).