A Novel Virus-Patch Dynamic Model

RESEARCH ARTICLE A Novel Virus-Patch Dynamic Model Lu-Xing Yang1, Xiaofan Yang2* 1 College of Computer Science, Chongqing University, Chongqing, China, 2 School of Software Engineering, Chongqing University, Chongqing, China * Abstract a11111 OPEN ACCESS Citation: Yang L-X, Yang X (2015) A Novel VirusPatch Dynamic Model. PLoS ONE 10(9): e0137858. doi:10.1371/journal.pone.0137858 Editor: Yong Deng, Southwest University, CHINA Received: June 21, 2015 The distributed patch dissemination strategies are a promising alternative to the conventional centralized patch dissemination strategies. This paper aims to establish a theoretical framework for evaluating the effectiveness of distributed patch dissemination mechanism. Assuming that the Internet offers P2P service for every pair of nodes on the network, a dynamic model capturing both the virus propagation mechanism and the distributed patch dissemination mechanism is proposed. This model takes into account the infected removable storage media and hence captures the interaction of patches with viruses better than the original SIPS model. Surprisingly, the proposed model exhibits much simpler dynamic properties than the original SIPS model. Specifically, our model admits only two potential (viral) equilibria and undergoes a fold bifurcation. The global stabilities of the two equilibria are determined. Consequently, the dynamical properties of the proposed model are fully understood. Furthermore, it is found that reducing the probability per unit time of disconnecting a node from the Internet benefits the containment of electronic viruses. Accepted: August 23, 2015 Published: September 14, 2015 Copyright: © 2015 Yang, Yang. This is an open access article distributed under the terms of the Creative Commons Attribution License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original author and source are credited. Data Availability Statement: All relevant data are within the paper. Funding: This work was supported by China Scholarship Council, grant number 201406050107 (http://en.csc.edu.cn/, receiver: LY); Natural Science Foundation of China, grant numbers 61379158, 71301177, and 61572006 (http://www.nsfc.gov.cn/ publish/portal1/, receiver: XY); and Science and Technology Support Program of China, grant number 2014BAH25F01 (receiver: XY). The funders had no role in study design, data collection and analysis, decision to publish, or preparation of the manuscript. 1 Introduction Electronic viruses, ranging from host-dependent viruses and network worms to other malicious codes such as Trojans and spyware, have posed a serious threat to our daily work and life [1]. Even more serious, the highly popularized networks, ranging from the Internet and the world wide web to various social networks, offer the major channel for the fast spread of electronic viruses. Consequently, the issue of how to suppress the rampancy of electronic infections on networks has long received considerable attention from the network security community. The patches for viruses are recognized as the major means of detecting and clearing viruses resident at individual network nodes. For the patches to play a full role, new patches must be disseminated to all nodes on the network in a remarkably short period of time. There are two fundamentally different kinds of patch dissemination strategies: the centralized strategies, in which a central node disseminates new patches directly to all other nodes in the network, and the distributed strategies, in which every newly patched node forwards the patches to some or all of its neighbors according to a well-designed protocol [2–4]. Due to the limited bandwidth of the Internet, the time needed by performing a centralized patch dissemination strategy is Competing Interests: The authors have declared that no competing interests exist. PLOS ONE | DOI:10.1371/journal.pone.0137858 September 14, 2015 1 / 16 Virus-Patch Model often unacceptably long. The distributed patch dissemination strategies are regarded as a promising alternative to their centralized analogs, because the negative impact of the limited bandwidth on the patch dissemination can be reduced significantly. The design of good patch dissemination strategies is closely related to the evaluation of effectiveness of different patch dissemination strategies. One feasible approach to the evaluation of a patch dissemination strategy is to establish a compartment-based dynamic model capturing both the virus propagation mechanism and the patch dissemination strategy, and then to determine the trend of the number or proportion of infected nodes in the network by analyzing the dynamical properties of the model; a patch dissemination strategy is regarded as effective or ineffective depending on whether or not the proportion of infected nodes approaches an acceptably low value. Kephart and White’s seminal work in the early 1990s opened the door to the compartment modeling of computer infections [5]. From then on, a multitude of epidemic models for electronic viruses, ranging from ordinary models [6–12] and delayed models [13– 16] to impulsive models [17–20], have been proposed. All these models capture the centralized patch dissemination mechanism. As a result, they are not suited to the situations of distributed patch dissemination. Recently, Zhu et al. [21] proposed an epidemic model for electronic viruses, which is known as the original SIPS model in this paper. To a certain extent, this model captures the distributed patch dissemination mechanism, because every recently patched node is assumed to have a chance to forward the patches to a neighboring node. Consequently, this model offers a good start point for assessing the effectiveness of different distributed patch dissemination strategies. The model exhibits complex dynamical properties. Specifically, the model admits up to four potential equilibria, among which two are virus-free and the other two are virulent, and each of the four equilibria can be globally stable under proper conditions. As a result, the viruses on the network may die out or persist depending on the relationship among the model-related parameters. Apart from the Internet as a channel for virus spreading, various removable storage media, including flash disks and portable hard disks, offer the second channel for virus propagation. The original SIPS model, however, ignores the existence of infected removable storage media. To accurately evaluate the effectiveness of the distributed patch dissemination mechanism, a virus-patch mixed model that takes into account infected removable storage media should be introduced. This paper is intended to introduce a theoretical framework for evaluating the effectiveness of distributed patch dissemination mechanism. Assuming that the Internet offers P2P service for every pair of nodes on the network, a virus-patch dynamic model incorporating the impact of inf (...truncated)