Network virus-epidemic model with the point-to-group information propagation

https://doi.org/10.1016/j.amc.2008.09.025Get rights and content

Abstract

Epidemiology is one of the major issues in studying the spread of computer network viruses. In this paper, a new network virus-epidemic model, namely e-SEIR, is discussed. Unlike other existing computer virus propagation models, e-SEIR takes three important network environment factors into consideration, they are (1) multi-state antivirus, (2) latent period before the infected host becomes infectious and (3) point-to-group information propagation mode. Furthermore, several related dynamics properties are investigated, along with the analysis of how to control the network computer virus prevalence based on the equilibrium stability. The simulation results show that the proposed model can serve as a basis for understanding and simulating virus epidemics in network.

Introduction

As information technology (IT) applications are more and more pervasive in engineering, business and social activities, the threat of computer viruses becomes an increasingly important issue of concern. People have observed that there are significant similarities between the spread of computer viruses and biological epidemics [5], [9], [10]. Based on this observation, some biological epidemic models, such as the Susceptible–Infected–Susceptible (SI/SIS) model and Susceptible–Infected–Recovered (SIR) model, have been adapted and considered possible ways for capturing the epidemic behavior of computer viruses in light of the states (e.g., susceptible (S), infected (I), and recovered (R)) and their transitions [8], [10], [18], [28]. However, a limitation of these models is that they do not take comprehensive antivirus countermeasures into consideration. In the SIS model, each individual in the network is either infected or susceptible to infection, and the state transition is immediate. That is, SIS cannot reflect the effect of virus immunizations, which motivates the introduction of the so-called SIR model. In the SIR model, the infected individuals can be recovered and further obtain immunity. Recently, more research attention has been paid to the combination of virus propagation models and antivirus countermeasures to study the prevalence of virus, for example, virus immunization [10], [15], [21], [14], [18] and quarantine [3], [20], [4]. In the real world, people can take actions to combat virus prevalence at each state according to the SIS/SIR state partition. These different actions may result in different virus prevalence processes. However, another problem of these existing models is that they could hardly reflect the fact that some viruses go through a latent period before the host becomes infectious. Both the SIS model and the SIR model assume that there is zero delay between the different state transitions. Other existing models include SIRS [12], [18], SIDR [26], and SAIR [22] appear to have the same problem as that of the SIS/SIR model. In reality, on the other hand, there may be a time lag between the arrival of a virus on a node and further infections dispatched from that node. For example, in the case of email viruses, some users may not check their email as frequently as others, so a virus could lie dormant in a user’s inbox for a period of time before it wreaks havoc. In addition, an active virus may be delayed before propagating due to programme configuration or resource availability. Some viruses may purposely lay dormant for a period of time prior to infecting other nodes for stealth reasons [25]. To cope with this problem, one way is to introduce the “exposed” state into the model which takes the latent period into consideration. This leads to the use of so-called Susceptible–Exposed–Infective–Recovered (SEIR) model with four states (i.e., S – Susceptible, E – Exposed, I – Infective, and R – Recovered) [1], [19]. However, due to its mathematical complexity, the SEIR model has not been widely used for modeling the spread of computer virus.

Moreover, to study the computer virus prevalence in a network environment, an information sharing pattern where one host would like to push messages to the group members simultaneously, namely “point-to-group” (P2G), is deemed to widely exist in the real world, especially in information sharing network, such as the popular email system and instant message software. The typical character of P2G propagation is that the group members can receive the propagated message from the information source almost at the same time. In general, members within a group communicate with each other frequently, and unless the transmitted message is privacy information, each node likes to share information with the nodes in the same group. So we can expect that the virus propagation is smoother within a group than across different groups. This “P2G propagation” pattern of viruses has not been well studied in previous research efforts.

In this paper, we will discuss a virus propagation model, namely e-SEIR, which is an extension of the SEIR model by adding the impact of multi-state immunization and P2G propagation. In this way, e-SEIR provides an opportunity for us to study the behaviors of virus propagation with the presence of antivirus countermeasures, which are deemed important and desirable for understanding of the virus spread patterns, as well as for management and control of the spread. The remainder of this paper is organized as follows. Section 2 describes the P2G propagation mode. Section 3 formulates the extended SEIR model. Section 4 analyzes the stability of the e-SEIR system and Section 5 represents some numerical results. In Section 6, a nonlinear formulation of transition rate is discussed. Finally, Section 7 concludes the paper.

Section snippets

The point-to-group information propagation mode in network

The P2G mode, as shown in Fig. 1, is a mode of information propagation, e.g., sending email to all the group members. In general, the P2G propagation mode widely exists within real-world organizations, and the P2G propagation notion can facilitate the analysis of virus propagation from a managerial perspective. This is noteworthy, since nowadays there exist many small groups in organizations such as enterprises and communities, which may be formed around projects, within functional departments,

The e-SEIR virus propagation model

Our work is based on the traditional SEIR [1] model. The SEIR model is similar to the SIR model, but it accounts for the fact that some viruses go through a latent period before the host becomes infectious. It has four states: S (susceptible), E (exposed), I (infective), and R (recovered). In the case of network virus infection, the difference between S and E is that E-state nodes have non-activated virus codes, and the difference between E and I is that the virus in I-state nodes is activated,

The stability analysis for equilibrium

Now we analyze model (7) by finding its equilibria and studying the stability. Steady states of e-SEIR model satisfy the following equations:dS(t)dt=0,dE(t)dt=0,dI(t)dt=0.Let dE(t)/dt=0, we haveE=0orE>0andS=mENr.For the case of E=0, we have the virus-free equilibriumEQvf=(S1,E1,I1)=μρSR+μN,0,0.

For the case of E>0, we can get the virus-epidemic equilibriumEQve=(S2,E2,I2)=mErN,μ-mE(ρSR+μ)rmEαN,αγ+μE2.

Numerical analysis

Here we first introduce the numerical experiment environments and then provide with some results based on virus propagation control. As shown in Table 1, e-SEIR has two types of parameters: the system parameters and the state transition parameters.

Generally, the values of the system parameters were fixed in the experiments unless we explicitly specified the changes. Among these parameters, tE and tI are the two important ones which are strongly related to the information network, the network

Discussion on nonlinear formulation of ν(t)

The linear formation of ν(t) in Eq. (5) is based on the average measure about the virus prevalence with P2G mode, and are regarded reasonable for many real network environments [3], [4], [19], [20], [22], [28], [26]. The theoretical and experimental results in Sections 4 The stability analysis for equilibrium, 5 Numerical analysis reveal that the formation is intuitively appealing and meaningful. In certain more complex situations, such as (i) the invalid assumption of homogenous mixing

Conclusion

The objective of this paper is to model the virus prevalence under two important network environment factors (namely P2G information propagation and multi-state antivirus), and then to find out certain means of virus propagation control to eliminate the endemic.

We have explored the e-SEIR propagation system for investigating long-term virus propagations, based on which a control parameter R0 to represent the multi-state antivirus efforts has been presented. The simulation results of e-SEIR have

Acknowledgments

The work was partly supported by the National Natural Science Foundation of China (70890080/70621061) and Tsinghua University Research Center for Contemporary Management.

References (28)

  • J.O. Kephart et al.

    Computers and epidemiology

    IEEE Spectrum

    (1993)
  • J.O. Kephart, S.R. White, Directed-graph epidemiological models of computer viruses, in: IEEE Symposium on Security and...
  • J.O. Kephart et al.

    Measuring and modeling computer virus prevalence

  • Andrei Korobeinikov

    Global properties of infectious disease models with nonlinear incidence

    Bulletin of Mathematical Biology

    (2007)
  • Cited by (0)

    View full text