A Novel Virus-Patch Dynamic Model

The distributed patch dissemination strategies are a promising alternative to the conventional centralized patch dissemination strategies. This paper aims to establish a theoretical framework for evaluating the effectiveness of distributed patch dissemination mechanism. Assuming that the Internet offers P2P service for every pair of nodes on the network, a dynamic model capturing both the virus propagation mechanism and the distributed patch dissemination mechanism is proposed. This model takes into account the infected removable storage media and hence captures the interaction of patches with viruses better than the original SIPS model. Surprisingly, the proposed model exhibits much simpler dynamic properties than the original SIPS model. Specifically, our model admits only two potential (viral) equilibria and undergoes a fold bifurcation. The global stabilities of the two equilibria are determined. Consequently, the dynamical properties of the proposed model are fully understood. Furthermore, it is found that reducing the probability per unit time of disconnecting a node from the Internet benefits the containment of electronic viruses.


Introduction
Electronic viruses, ranging from host-dependent viruses and network worms to other malicious codes such as Trojans and spyware, have posed a serious threat to our daily work and life [1]. Even more serious, the highly popularized networks, ranging from the Internet and the world wide web to various social networks, offer the major channel for the fast spread of electronic viruses. Consequently, the issue of how to suppress the rampancy of electronic infections on networks has long received considerable attention from the network security community.
The patches for viruses are recognized as the major means of detecting and clearing viruses resident at individual network nodes. For the patches to play a full role, new patches must be disseminated to all nodes on the network in a remarkably short period of time. There are two fundamentally different kinds of patch dissemination strategies: the centralized strategies, in which a central node disseminates new patches directly to all other nodes in the network, and the distributed strategies, in which every newly patched node forwards the patches to some or all of its neighbors according to a well-designed protocol [2][3][4]. Due to the limited bandwidth of the Internet, the time needed by performing a centralized patch dissemination strategy is often unacceptably long. The distributed patch dissemination strategies are regarded as a promising alternative to their centralized analogs, because the negative impact of the limited bandwidth on the patch dissemination can be reduced significantly.
The design of good patch dissemination strategies is closely related to the evaluation of effectiveness of different patch dissemination strategies. One feasible approach to the evaluation of a patch dissemination strategy is to establish a compartment-based dynamic model capturing both the virus propagation mechanism and the patch dissemination strategy, and then to determine the trend of the number or proportion of infected nodes in the network by analyzing the dynamical properties of the model; a patch dissemination strategy is regarded as effective or ineffective depending on whether or not the proportion of infected nodes approaches an acceptably low value. Kephart and White's seminal work in the early 1990s opened the door to the compartment modeling of computer infections [5]. From then on, a multitude of epidemic models for electronic viruses, ranging from ordinary models [6][7][8][9][10][11][12] and delayed models [13][14][15][16] to impulsive models [17][18][19][20], have been proposed. All these models capture the centralized patch dissemination mechanism. As a result, they are not suited to the situations of distributed patch dissemination.
Recently, Zhu et al. [21] proposed an epidemic model for electronic viruses, which is known as the original SIPS model in this paper. To a certain extent, this model captures the distributed patch dissemination mechanism, because every recently patched node is assumed to have a chance to forward the patches to a neighboring node. Consequently, this model offers a good start point for assessing the effectiveness of different distributed patch dissemination strategies. The model exhibits complex dynamical properties. Specifically, the model admits up to four potential equilibria, among which two are virus-free and the other two are virulent, and each of the four equilibria can be globally stable under proper conditions. As a result, the viruses on the network may die out or persist depending on the relationship among the model-related parameters.
Apart from the Internet as a channel for virus spreading, various removable storage media, including flash disks and portable hard disks, offer the second channel for virus propagation. The original SIPS model, however, ignores the existence of infected removable storage media. To accurately evaluate the effectiveness of the distributed patch dissemination mechanism, a virus-patch mixed model that takes into account infected removable storage media should be introduced.
This paper is intended to introduce a theoretical framework for evaluating the effectiveness of distributed patch dissemination mechanism. Assuming that the Internet offers P2P service for every pair of nodes on the network, a virus-patch dynamic model incorporating the impact of infected removable storage media is suggested. Certainly, this model captures the interaction of patches with viruses better than the original SIPS model. Surprisingly, our model exhibits much simpler dynamic properties than the original SIPS model. Specifically, our model admits only two potential (viral) equilibria and undergoes a fold bifurcation. The global stabilities of the two equilibria are determined. Consequently, the dynamical properties of the proposed model are fully understand. Furthermore, it is found that reducing the probability per unit time of disconnecting a node from the Internet helps suppress electronic viruses.
The remainder of this paper is organized in this fashion: Section 2 describes the new model. Section 3 computes the two potential equilibria for the model. Sections 4 and 5 are devoted to examining the local and global stabilities of the equilibria, respectively. Several numerical examples are given in Section 6. Finally, Section 7 summarizes this work and points out some future topics of research.

Model formulation
This section aims to introduce the new virus-patch dynamic model. For brevity, smart electronic devices are referred to as nodes. It is assumed that the Internet offers P2P service for every pair of nodes on the network. Due to the limited carrying capacity of the Internet, it is assumed that the number of nodes on the network, denoted N, is unvaried over time.
Every node is assumed to be in one of three possible states: susceptible, infected, and patched. Susceptible nodes are not installed with the newest patch and hence have no immunity to new viruses, whereas patched nodes are installed with the newest patch and hence possess temporary immunity to new viruses. Let S(t), I(t), and P(t) denote the average numbers of susceptible, infected, and immune nodes on the network at time t, respectively. Clearly, S(t) + I(t) + P(t) N. For the modeling purpose, the following hypotheses are imposed. On this basis, our new model can be formulated as the following differential dynamical system: with initial condition (S(0), It is easily verified that O is positively invariant for the system.

Virus-Patch Model
As SðtÞ þ IðtÞ þ PðtÞ m d , system (1) reduces to the following two-dimensional dynamical system: It is easily verified that O Ã is positively invariant for the system. One of our major tasks is to determine the trend of I(t) by studying model (2).

Equilibria
An equilibrium for a differential dynamical system is a state of the system that is unvaried over time. The first step to understanding a differential dynamical system is to figure out what equilibria it admits. Now, let us pick out all equilibria of system (1).
a. There is a unique equilibrium, Proof. Any equilibrium for system (1) must be a solution to the bilinear algebraic system Direct calculations show that system (1) has at most one equilibrium,Ẽ 1 , if P = 0, and system (1) has at most two equilibria,Ẽ 1 andẼ 2 , if P 6 ¼ 0.
First, suppose P = 0. Canceling S from the first two equations of system (3), and rearranging the terms, we get that I Ã 1 is a positive root of the quadratic equation , it follows that, in any case,Ẽ 1 is an equilibrium.
Clearly,Ẽ 2 is an equilibrium only if m d > aþd g 1 . Now, suppose P 6 ¼ 0. Canceling S and P from system (3) and rearranging the terms, we get that I Ã 2 is a positive root of the quadratic equation As gð0Þ ¼ À b 2 ðaþdÞ g 1 < 0, it follows thatẼ 2 is an equilibrium if m d > aþd g 1 and As m d > aþd g 1 implies gð aþd g 1 Þ > 0, it follows thatẼ 2 is indeed an equilibrium if m d > aþd g 1 . The proof is complete.
An equilibrium for system (1) or (2) is virus-free if its I-component is zero, otherwise the equilibrium is viral. It is easily verified that (a)Ẽ 1 is viral, and (b)Ẽ 2 is viral if m d > aþd g 1 . As a result, system (1) possesses no virus-free equilibrium. Let

Local stability analysis
Given an equilibrium E Ã for a differential dynamical system. E Ã is stable if any orbit for the system that starts from a point near E Ã always stays in the proximity of E Ã , otherwise E Ã is a repeller. E Ã is attracting if any orbit for the system that starts from a point near E Ã approaches E Ã . E Ã is asymptotically stable if it is stable and attracting.
Given an equilibrium for a differential dynamic system, the next thing to do is to figure out its local stability. In this section, the local stabilities of the two equilibria, E Ã 1 and E Ã 2 , for system (2) are examined. Proof. The Jacobian of system (1) evaluated atẼ 1 is The associated characteristic equation is Note from the second equation of algebraic system (3) that b 1 S Ã 1 < g 2 þ d, the three roots of this equation are x 1 ¼ Àd < 0; Thus, the claimed result follows from the Lyapunov theorem [22].
Theorem 4.2. Consider system (1).Ẽ 2 is locally asymptotically stable if m d > aþd g 1 . Proof. The Jacobian of system (1) evaluated at E 2 is The corresponding characteristic equation is Note that β 1 S 2 < γ 2 +δ, the three roots of this equation are The claimed result follows from the Lyapunov theorem [22]. Remark 1.

Global stability analysis
Given an equilibrium E Ã for a differential dynamical system and a subset D of the domain for the system containing E Ã . E Ã is asymptotically stable with respect to D if (a) E Ã is stable, and (b) any orbit starting from within D approaches E Ã . Given the local stability of an equilibrium for a differential dynamical system, the next thing to do is to figure out its global stability. This section is devoted to examining the global stabilities of the two equilibria, E 1 and E 2 , for system (2). For that purpose, let us briefly survey the theory of asymptotically autonomous systems.
Definition 5.1. Consider a pair of n-dimensional differential dynamical systems, and _ x ¼ gðxÞ; ð7Þ defined in some positively invariant set X & R n . System (6) is called asymptotically autonomous, with system (7) as its limit system, if lim t ! 1 f(t,x) = g(x) holds locally uniformly in X. Definition 5.2. The ω-limit set of a forward bounded solution x(t) to system (6) satisfying x(t 0 ) = x 0 , denoted ω(t 0 ,x 0 ), is defined as y 2 ω(t 0 ,x 0 ) , y = lim j ! 1 x(t j ) for some sequence t j ! 1.
Below is the well-known Thieme's Theorem concerning asymptotically autonomous systems [24].
Theorem 5.1 (Thieme). Let n = 2 and ω be the ω-limit set of a forward bounded solution x (t) of the asymptotically autonomous system (6). Assume that there exists a neighborhood of ω which contains at most finitely many equilibria of system (7). Then the following trichotomy holds: i. ω consists of a single equilibrium for system (7).
ii. ω is the union of periodic orbits for system (6) and possibly of centers for system (7) that are surrounded by periodic orbits for system (6) lying in ω. iii. ω contains equilibria for system (7) that are cyclically chained to each other in ω by orbits of system (7).
We are ready to make clear the global stabilities of E 1 and E 2 . First, we have the following result.
a. There is no periodic solution within c. E Ã 1 is attracting with respect to {(I, P) 2 O Ã :P = 0} and E Ã 2 is attracting with respect to {(I, P) Proof.
a. Let In the interior of O Ã , we have By the Bendixson-Dulac criterion [22], system (2) has no periodic orbit in the interior of O Ã . Now, consider an arbitrary point, ð I ; PÞ, on the boundary of O Ã . There are three possibilities, which are treated respectively.
In view of the orbit smoothness and that there is no periodic orbit falling in the set {(I, P) 2 O Ã : P = 0}, system (2) admits no periodic orbit in the whole O Ã . b. The claimed result follows from the generalized Poincare-Bendixson theorem [22], the first assertion of this lemma, and Corollary 2.
• P(0) = 0. This implies that P(t) 0. Plugging it into the first equation of system (2) and solving the resulting equation, we get that IðtÞ ! I Ã 1 .
. This implies that PðtÞ m d À aþd g 1 . Plugging it into the first equation of system (2) and solving the resulting equation, we get that IðtÞ ! I Ã 2 .
The proof is complete.
We are ready to establish the main results in this paper.

Numerical examples and discussions
First, let us illustrate the function of Theorem 5.2.
Next, let us use Theorem 5.2 to better suppress electronic viruses. For that purpose, we need the following result.
Theorem 6.1. Consider system (1). Then,  Virus-Patch Model and gðI Ã 2 Þ ¼ 0, we conclude that I Ã 2 < I Ã 1 . The proof is complete. Fig 7 illustrates how I Ã 1 and I Ã 2 vary with the increasing β 1 provided m d > aþd g 1 , from which it can be seen that I Ã 2 < I Ã 1 , in agreement with Theorem 6.1. The parameter m d stands for the saturated number of nodes in the Internet and hence is very large. As a result, the condition of m d > aþd g 1 is met in real-world situations. It follows from Theorem 6.1 that a lower I Ã 2 value is desired to contain the viral prevalence. A question arises naturally: how can we achieve a lower I Ã 2 value? To answer this question, we need the following result.
with respect to δ on both sides of Eq (5) with respect δ, replace I with I Ã 2 , and rearranging the terms, we get > 0: This theorem shows that reducing the probability per unit time of disconnecting a node from the Internet could benefit the containment of electronic viruses. This interesting phenomenon is attributed to the fact that, compared with the nodes outside the network, the nodes in the network have a chance to acquire the patches for the newest viruses and hence become more robust to malware.

Conclusions
Assuming that the underlying Internet offers P2P service for every pair of nodes on the network, a dynamic model capturing both the virus propagation mechanism and the distributed patch dissemination mechanism has been proposed. As the infected removable storage media is taken into account, this model captures the real-world situations better than the original SIPS model. The dynamical properties of the proposed model has been fully understood, and it has been found that reducing the probability per unit time of disconnecting a node from the Internet could benefit the containment of electronic viruses.
Towards the evaluation of different distributed patch dissemination strategies, numerous work has yet to be done. First, the proposed model needs modification to adapt to scale-free networks [25,26] or even general networks [27,28]. Second, the patch dissemination network may be different from the virus propagation network [2], and future virus-patch dynamical models should characterize this difference. Next, it is worthwhile to study cost-effective patch dissemination strategies by exploiting the optimal control theory [29]. Last, the proposed model can be extended to other situations such as information or rumor propagation [30][31][32].