Attack-Defense Game between Malicious Programs and Energy-Harvesting Wireless Sensor Networks Based on Epidemic Modeling

,


Introduction
With the rapid development of wireless sensor networks (WSNs) in the past few years, the unique characteristics of WSNs have enabled them to play a key role in many fields, such as military strike, agricultural production, intelligent transportation, medical and health systems, and industrial fields. Typical WSNs consist of a series of sensor nodes with different functions of gathering environment information and transmitting processed information, which is either fixed or randomly distributed. Generally, the coverage area of the networks is much larger than the maximum transmission distance of each sensor node. erefore, transmission between sensor nodes and terminal computers or control centers is normally conducted in multihop. However, the limited energy vastly confines the lifetime of the networks. Renewable natural resources, such as wind, solar, and tidal energy, can be transferred to electricity by certain energy harvesters, which can greatly mitigate the impact of energy shortage on the lifetime of energy-harvesting wireless sensor networks (EHWSNs) which is equipped with energy harvesters on each sensor node.
However, the structure of WSNs provides a hotbed for the propagation of malicious programs. Furthermore, low defense capabilities render sensor nodes more vulnerable to malicious programs. With the booming of WSNs in all walks of life, paralysis and information leakage owing to malicious programs will cause unpredictable economic losses. Along with the ceaseless invasion of malicious programs, many scholars have studied the behavior characteristics of malicious programs and develop corresponding countermeasures. Due to the similarity of propagation mechanisms between malicious programs and infectious disease, epidemic models which are suitable for WSNs have been further developed after decades of study based on the initial Susceptible-Infected-Recovered (SIR) model proposed by Kermack and McKendrick in 1927 [1]. Unlike computer viruses, the spread of malicious programs in WSNs is affected by node distribution density and communication radius [2]. Also, geospatial limitation [3], spatial correlation [4], coupling degree [5], and transmission delay [6] have effects on it. In addition to a series of removal methods, predicting the risk of infection of sensor nodes is also one of the current research hotspots [7]. Furthermore, a two-level bidirectional data prediction model proposed by Wang et al. can effectively reduce the data collection cost of the underwater acoustic sensor network and improve the utilization rate of bandwidth [8]. Li et al. applied machine learning methods to improve the efficiency of malware detection [9]. Han et al. proposed a DMPPR scheme to protect users' privacy of WSNs [10]. Zhao et al. proposed a method to detect an undetectable false data-injection attack in cyberphysical systems [11]. In the prevention of malicious programs, Li et al. [12] and Liu et al. [13], respectively, proposed a LightLRFMS algorithm and TPE-FTED algorithm to screen false data caused by malicious attacks and system failures. Dynamic defenses are also valid methods [14,15] compared with static approaches. Wu et al. proposed a novel model and defense mechanism to effectively protect big data in the networks owing to its vulnerability to virus attacks [16].
Although few scholars discuss the issue of energy in the sensor network attacked by malicious programs, effectively, the increase in the energy of WSNs is always a hot topic. For example, Mo et al. used multiple mobile chargers to supplement the energy of WSNs [17,18]. It is worth mentioning that the control of multiagent is one of the research hotspots in recent years [19,20]. In this paper, sensor nodes have been divided into five states based on the remaining energy, and the energy-harvesting technology is introduced to supplement the energy of sensor nodes to extend the lifespan of the EHWSNs. On the basis of [21], this paper changes the charging method to solar charging and constructs a new model, namely, Susceptible-Infected-Low (energy)-Recovered-Dead (SILRD) with solar energy harvesters. At the same time, considering networks input and multitypes of malicious programs attacks with nonlinear infection rates, a novel model named Λ-Susceptible-Infected-Low (energy)-Recovered-Dead (ΛSILRD) is proposed.
Similar to conflict of interest in a game, game theory can be applied to get optimal solutions, like optimal Dissemination of Security Patches [22], optimal power control [23], optimal detection rate [24], optimal data transmission strategy [25], optimal hardware deployment cost in EHWSNs [26], optimal delay and transmission times in the networks [27], suitable game strategy and price adjustment principle in cyber-physical-social systems (CPSS) [28], maximization of energy efficiency [29], and optimal multipath routing [30]. As an essential part of game theory, the differential game can describe the dynamic process with differential equations. Mylvaganam et al. find the optimal control in multiagent collision avoidance [31]. Miao and Li [32] derive the optimal strategies for the attackers and the intrusion prevention systems. Miao et al. [33] find an optimal solution based on tradeoff between network throughput and energy efficiency. In this paper, the differential game will be applied to solve the confrontation problem between malicious programs and EHWSNs, and the optimal attack-defense strategies for both parties have been proposed.
Our contributions are summarized in the following paragraphs.
e low-energy state is introduced into the basic epidemic model considering the limited energy of sensor nodes. To suppress the spread of malicious programs, the method of charging by solar energy harvesters is put forward which is helpful to alleviate the security problems and maintenance of the networks. us, a model named SILRD with solar energy harvesters which better fits EHWSNs has been proposed. e effectiveness of SILRD with solar energy harvesters is obtained by comparison with existing epidemic models. e efficiency of solar charging is demonstrated by comparing with different charging strategies.
ree nonlinear factors will be considered in this paper, including Logistic Growth, nonlinear infection rate, and charging power provided by solar energy harvesters. At the same time, this paper takes the impact of multitypes of malicious programs into consideration. Finally, a novel attack-defense game model named ΛSILRD is proposed in this paper. Meanwhile, the influence of controllable input, uncontrollable input, and various node degree on ΛSILRD model and EHWSNs has been discussed.
Based on the ΛSILRD model, the optimal dynamic control strategies for EHWSNs and malicious programs under various node degrees are proposed by applying Pontryagin Maximum Principle. e rest of the paper is organized as follows. In Section 2, the nonlinear factors involved in ΛSILRD model will be proposed first, and then ΛSILRD model will be introduced in detail. In Section 3, the Pontryagin Maximum Principle will be used to find the optimal dynamic control strategies and the optimality will be proved briefly after the introduction of the expressions of control variables and game cost. In Section 4, the effectiveness of SILRD with solar energy harvesters and solar charging, the influence of controllable and uncontrollable input, and node degree on ΛSILRD will be demonstrated through simulations. Section 5 is the conclusion and prospect of this paper.

ΛSILRD Model in EHWSNs
is section explains the nonlinear factors at first, including Logistic Growth, nonlinear infection rate, and solar charging power. en, on the premise of considering multiple types of malicious programs' attacks, the ΛSILRD model is proposed.

Nonlinear Factors in ΛSILRD
Model. In this paper, EHWSNs consist of identical sensor nodes equipped with solar energy harvesters, which are distributed statically. e solar energy harvesters energize sensor nodes according to the duration of sunlight. In the case of the diurnal period, the charging power generally goes through a process of increasing firstly and then decreasing. Specifically, the charging power increases slowly at first since the sunlight intensity is weak at dawn. With the arrival of noon, sunlight intensity increasingly reaches the maximum value of the day, while charging power at this time is also at a maximum. However, the charging power will show a downward trend when night falls. In this paper, 24 hours is assumed as a period and the case of fine days is only considered. In particular, (1) is used to describe the trend of solar charging power over a day [34]: where A is the intensity of solar charging power and m and n are the mean value and variance value of the power distribution, respectively.
To maintain the functioning of EHWSNs, it is indispensable to deploy new nodes when conditions permit. is paper considers Logistic Growth as input rate of new nodes. Logistic Growth is formulated by where r represents the node degree, k represents the capacity of EHWSNs, and S(t) represents the quantity of susceptible nodes at time t. Compared with the linear infection rate, the nonlinear infection rate can better describe the ability of malicious programs to propagate in a limited area. Models with linear infection rates, where the quantity of infected nodes grows linearly, are impractical. Actually, the quantity of infections is bound to increase exponentially at first. As time progresses, the quantity grows steadily until it eventually infects the entire networks. According to the above description of infection process, (3) is applied to express it: where P SI is the probability of infection, I(t) is the quantity of infected nodes at time t, and n represents the connectivity of nodes.

Model with Solar Energy Harvester.
ere exist two-time intervals without sunlight in one day. Specifically, one is from 0 am to 5 am and the other is from 8 pm to 12 pm [34]. In these two intervals, solar energy harvesters knock off and sensor nodes may be dysfunctional since electricity drains out. According to the energy levels and the infection status, sensor nodes have been divided into five states.
Susceptible (S) State. Sensor nodes in the susceptible state are with high-energy level and can complete assignment normally. Without defense measures, susceptible sensor nodes are vulnerable to malicious programs. Infected (I) State. Sensor nodes in the infected state are transformed from susceptible, recovered, or low-energy sensor nodes by running malicious programs. In the early stage of infection or after charging, infected sensor nodes are still at a high-energy level because the extent of damage has not yet been reached. Low-Energy (L) State. Sensor nodes in the low-energy state are with energy which are too insufficient to function properly, including information transmission. erefore, malicious programs attached to low-energy sensor nodes do not have the ability to continue infecting. Similarly, low-energy sensor nodes will not be patched. Recovered (R) State. Sensor nodes in the recovered state have installed the patches successfully. Also, recovered sensor nodes are all in high-energy level. e patches are only applicable to relevant malicious programs. In the face of attacks by inhomogeneous malicious programs, these sensor nodes will also be helpless and transform to infected state. Dead (D) State. Sensor nodes in the dead state are absolute dysfunction compared with low-energy sensor nodes. Dead sensor nodes no longer own the ability to collect, process, and transmit information.
At time t, the proportion of the number of sensor nodes in susceptible, infected, recovered, low-energy, and dead states is S(t), I(t), L(t), R(t), and D(t), respectively. And the following equation must be met: In the absence of sunlight, the networks rely on the residual energy to maintain functioning. New sensor nodes are cast randomly to keep the connectivity of EHWSNs. Susceptible nodes still consume electricity at night to continue data acquisition, processing, and transmission. Under the attack of malicious programs, susceptible sensor nodes are transformed into infected sensor nodes with probability P SI . Some susceptible sensor nodes are fortunately enough to be patched to possess immunity with probability P SR . e rest stick at their daily tasks normally with probability P SL .
Infected sensor nodes transmit data to neighbors at higher frequencies to spread malicious programs rapidly and disrupt the transmission mechanism. erefore, infected sensor nodes will consume the remaining electricity at a faster rate and transform to low-energy or dead state with probability P IL and P I D according to the attack power of malicious programs. While malicious programs are spreading arbitrarily, patches carried by unmanned aerial vehicles (UAVs) transmitted to the infected sensor nodes located at the corresponding district with probability P IR . e existence of multiple types of malicious programs is considered and the common feature of these malicious programs is that their attack mechanisms are embodied in the accelerated consumption of sensor nodes' energy. For this reason, even recovered sensor nodes will be infected again with probability P RI . Similarly, few recovered sensor nodes work normally until low-energy level with probability P RL .

Complexity 3
Sensor nodes at high-energy levels include sensor nodes in susceptible, infected, and recovered state. Energy consumption owing to damage or normal operation will eventually convert sensor nodes in high-energy state to lowenergy state. Sensor nodes at low-energy levels suspend some functions, including data transmission, for their own subsistence.
erefore, low-energy sensor nodes will not receive and transmit malicious programs. Even if the consumption is lower, the energy will eventually run out with probability P L D . With the use of solar energy harvesters, the probabilities of sensor nodes in low-energy state converting into susceptible, infected, and recovered states are P LS P(t), P LI P(t), and P LR P(t), respectively. Among them, P LS is related to the number of sensor nodes that transformed from susceptible state to low-energy state at the previous moment, P LI is related to the number of sensor nodes that transformed from infected state to low-energy state at the previous moment, and P LR is related to the number of nodes that switched from an infected state to a low-energy state at the previous moment. In particular, Figure 1 is used to visualize the evolution of sensor nodes. Figure 1 shows a part of sensor nodes in EHWSNs. Among them, the letter in the circle represents the node state. Specifically, Figure 1(a) shows the initial node state when the patch-carrying UAV has not yet passed the sensor nodes and the solar energy harvesters have started working. Figure 1(b) shows the evolution of sensor nodes after the UAV drives over a part of sensor nodes and the solar energy harvesters charge sensor nodes.
Considering the Logistic Growth (2) and the nonlinear incidence rate (3), the above dynamic processes are formulated in (5)- (9), and the flow diagram of propagation is shown in Figure 2:

Optimal Controls in Attack-Defense Game
In this section, control variables between malicious programs and EHWSNs are introduced at first. en, the process of attack-defense game has been analyzed and the overall cost has been formulated. Finally, the Hamiltonian function has been built and constructed and the optimal strategies of both sides are obtained on the basis of proving the existence and the uniqueness.

Control Variables in the ΛSILRD Model.
e attacks of malicious programs are mainly reflected in the propagation performance and the damage capacity. e more contagious malicious programs are, the more sensor nodes they can infect. Infected sensor nodes can spread malicious programs by increasing communication frequency. e damage capacity is incarnated in the consumption of energy and the destruction of hardware. Some malicious programs can overload sensor nodes so that they can become dysfunctional quickly, and other malicious programs cannot directly destroy sensor nodes because damage capacities are not powerful enough [35]. e defense measures applied by EHWSNs are the deployment of patch-carrying UAVs and the installing and running of solar energy harvesters. Because of the periodicity of sunlight, patching is the only countermeasure at night. By identifying and analyzing multitype malicious programs, UAVs will download corresponding patches from the base station. Energy supplements do not cure infected sensor nodes but only alleviate their severe consumption.
It is not hard to find that the propagation performance of malicious programs is the process of transformation from susceptible or recovered state to infected state. e attacks on the above transformations are defined as A SI (t) and A RI (t). At the same time, the damage capacities are reflected in the process of transformation from infected state to lowenergy or dead state. us, the attacks are defined as A IL (t) and A I D (t). e defenses of EHWSNs are embodied in all sensor nodes that are transformed into recovered state. erefore, the defense measures are defined as D SR (t) and D IR (t).
According to the above statement, the corresponding probability can be replaced by the equations containing the control variables. Specifically, P IL can be replaced by (A IL (t)S IL /(A IL max + A IL min )), P I D can be replaced by , and P IR can be replaced by (D IR (t)S IR /(D IR max + D IR min )). In particular, for the convenience of calculation, (A SI (t)S SI /(A SI max + A SI min )) will be directly multiplied by the term corresponding to the nonlinear incidence rate. e subscripts max and min, respectively, represent the maximum and the minimum values of the attacks or defenses, and the letter S represents the probability of the successful attacks or defenses and its subscript represents relevant state transition relationship.

Cost Function in ΛSILRD Model.
e continuous confrontation between malicious programs and EHWSNs constitutes the attack-defense game.
e purposes of malicious programs as attacker are to infect and destroy as many nodes as possible, while EHWSNs as defender aim to keep as many nodes immune and alive as possible. Both sides achieve their goals through the control means mentioned in the previous part. e cost function is applied to indicate the consequence of attack-defense game.
Deployment costs include production costs and human costs. Cost factor C N times the drop rate formulated in (2) is used to represent the deployment costs at time t, where C N is greater than 0. By completing daily assignments, sensor nodes in susceptible state which send involved information to clients to meet their requirements will generate positive benefits.
Although the unstoppable spread of malicious programs causes more sensor nodes to be infected, infected sensor nodes do not initially incur additional costs until malicious programs begin to run. C I I(t) is used to describe the costs incurred after malicious programs run at time t, where C I is greater than 0.
As a defense means for EHWSNs, the transmission of patches to susceptible and infected sensor nodes will incur costs. C SR P SR S(t) is used to describe the cost of transmitting patches to susceptible sensor nodes at time t, and C IR P IR I(t) is used to describe the cost of transmitting patches to infected sensor nodes at time t, where C SR and C IR are greater than 0.
Recovered sensor nodes are similar to susceptible nodes. Because they have immunity to certain types of malicious programs, the revenue generated by recovered nodes at time t will be higher than that of the susceptible sensor nodes.
Low-energy sensor nodes cannot operate normally compared with the high-energy sensor nodes, so that they can incur the cost C L L(t) at time t, where C L is greater than 0. e generation of dead sensor nodes will lead to the interruption of the connection of sensor nodes, or even the paralysis of the networks, and C D D(t) is used to describe the cost at time t, where C D is greater than 0. It is worth noting that since solar energy harvesters capture natural resources, the cost of energy harvesting and transformation is not considered.
At the end of the game, each type of sensor nodes will incur a series of termination payoff. Among them, susceptible sensor nodes and recovered sensor nodes will still generate revenue in the future, so their terminal costs should be less than 0; that is, C S f and C R f are both less than 0. Conversely, sensor nodes at infected, low-energy, and dead states will still cause loss in the future; that is, C I f , C L f , and C D f are greater than 0.

Complexity
Based on the above statement, the cost function (10) is constructed as follows: 3.3. Optimal Strategies in the ΛSILRD Model. Suppose the duration of the game is T. Within T, according to (5)- (9), it is not difficult to find that the state variables are continuous and uninterrupted. Meanwhile, the state variables are continuous in the cost function (10). For the control variables, they are not only continuous in state functions (5)-(9) and cost function (10), but also linear. Specifically, according to the assumptions in Section 3.1, each control variable has a maximum value and a minimum value; that is, each control variable is bounded. Furthermore, we define ](t) as a set of control strategies of attacker (malicious programs), that is, us, according to the conditions put forward by [36], there must exist a saddle point in (10), which satisfies where J(μ * (t), ](t)) represents the cost incurred when only the optimal strategy is selected by EHWSNs, J(μ(t), ] * (t)) denotes that only malicious programs choose the optimal strategy and J(μ * (t), ] * (t)) indicates that both EHWSNs and malicious programs choose the optimal strategies. Specifically, the inequality on the left indicates that when strategy chosen by EHWSNs is unchanged, the cost will be maximized when the malicious programs choose the optimal strategy; the inequality on the right indicates the cost will be minimized when EHWSNs select the optimal strategy, while the strategy chosen by malicious programs remains unchanged. When both parties choose the optimal strategies, an equilibrium point, the saddle point, will be formed between the maximum cost generated by the malicious programs and the minimum cost generated by EHWSNs.
According to [37] and the characteristics of this model, we can further know that there must be V satisfying the following equation: where max ](t) min μ(t) J(μ(t), ](t)) represents the cost incurred by EHWSNs in selecting the optimal strategy after the malicious programs make an optimal decision, while min μ(t) max ](t) J(μ(t), ](t)) denotes the cost incurred when the order of two sides is switched. Theorem 1. In the attack-defense game based on the ΛSILRD model, the optimal dynamic strategies of EHWSNs and malicious programs are where discriminant parameters are shown in Table 1. t) is satisfied, there must be an optimal set of strategies (μ * (t), ] * (t)) according to [38].
First, the generalization of the cost function in the game will be described as follows: Define a new function ϕ as follows: 6 Complexity en, the above general cost function will be simplified as follows: where L(x(t), μ(t), ](t), t) corresponds to the integral term in (10) and ϕ(x(t 1 ), t 1 ) corresponds to the nonintegral term in (10).
According to the definition of Hamiltonian function in differential game, we have the following formula: where λ(t) is the set of costate variables; that is, t) is the differential equation of node state corresponding to (5)- (9).
Among them, when the costate functions satisfy the following equations, there exists an optimal strategy (μ * , ] * ): where t 1 represents the terminal moment when the game ends. erefore, the Hamiltonian function, the differential equations, and the end-value constraints of costate variables in this paper can be formulated from (24) to (30): is less than 0, A SI (t) takes the minimum value; if (S IL (λ L (t) − λ I (t))I * (t)/(A IL max + A IL min )) is greater than 0, A IL (t) takes the maximum value, and if (S IL (λ L (t) − λ I (t))I * (t)/(A IL max + A IL min )) is less than 0, A IL (t) takes the minimum value; if (S I D (λ D (t) − λ I (t))I * (t)/(A I D max + A I D min )) is greater than 0, A I D (t) takes the maximum value, and if (S I D (λ D (t)− λ I (t))I * (t)/(A I D max + A I D min )) is less than 0, A I D (t) takes the minimum value; if (S RI (λ I (t) − λ R (t))R * (t)/(A RI max + A RI min )) is greater than 0, A RI (t) takes the maximum value, and if (S RI (λ I (t) − λ R (t))R * (t)/(A RI max + A RI min )) is less than 0, A RI (t) takes the minimum value. On the contrary, when H( ) is greater than 0, D IR (t) chooses the minimum value, and if (S IR (λ R (t) − λ I (t) + C IR )I * (t)/(D IR max + D IR min )) is less than 0, D IR (t) chooses the maximum value.

Simulation
In this section, we will expand into three parts. e first part is to compare with the existing general epidemic models in turn. e second part is to analyze the impact of charging on the SILRD model. e third part is to discuss the impact of controllable and uncontrollable system input and node degree on the ΛSILRD model. In all three parts, the simulations are implemented in MATLAB R2017b. e abbreviations are applied in the section list in Table 2.

Comparison with General Epidemic
Model. In this part, three general epidemic models will be compared, namely, Susceptible-Infected-Recovered (SIR) model [39], Susceptible-Exposed-Infected-Recovered (SEIR) model [40], and EiSIRS model [41]. Among the three models, SIR model is the basic, SEIR model extends the E state on the basis of the SIR model, and EiSIRS adds the corresponding sleeping state on the basis of the SIR model. Experimental parameters are set as follows: P SI � 0.1, P SR � 0.4, P S D � 0.0008, P I D � 0.005, P IR � 0.21, P R D � 0.008, P EI � 0.005, P ER � 0.21, P E D � 0.005, P Ss � 0.006, P sS � 0.006, P Ii � 0.006, P iI � 0.009, P Rr � 0.006, P rR � 0.006, P SL � 0.0008, P IL � 0.001, P RL � 0.0008, P L D � 0.3, P LR � 0.6. ree general epidemic models have the same parameter settings except for their own defensive measures. Similarly, the SILRD with UAVs and the SILRD with solar energy harvesters have the same parameter settings except for the introduction of the L state and the corresponding defensive measures. In particular, the difference between the two SILRD models lies in the different charging methods. e first method is to use energy harvesters to capture solar energy and convert light energy into electrical energy to supplement the energy of sensor nodes. e second method is to deploy UAVs to charge sensor nodes [21].
It is worth noting that the purpose of this part is to highlight the characteristics of the two SILRD model by comparing with other general epidemic models, so the system input, multiple types of malicious programs, and the nonlinear infection rate will be ignored. Figure 3 shows the evolution of sensor node under five epidemic models.
It can be seen from Figure 3(a) that the changes in the quantity of susceptible sensor nodes in the five models are very close. Except for SEIR, the other models had a high infection rate in the first few days, as depicted in Figure 3(b). Because the SEIR model exists an exposed state between the susceptibility and infection state, some infected sensor nodes were cleared during the exposure period. For recovered sensor nodes, the decline was more pronounced in SsIiRrD, followed by SEIR and SIR, as depicted in Figure 3(c). Among them, the quantity of recovered sensor nodes in SIRLD model decreased the most slowly and stay around 96% after 20 days. As shown in Figure 3(d), the order of increasing quantity of dead sensor nodes from fast to slow is SIR, SEIR, SsIiRrD, SILRD with UAVs, and SILRD with solar energy harvesters.
It can be seen from the comparison with other general epidemic models that the SILRD model can more effectively increase the quantity of recovered sensor nodes and reduce the quantity of dead sensor nodes. e phenomenon is more obvious in SILRD with solar energy harvesters. At the same time, the two SILRD model directly charges low-energy sensor nodes, which will effectively reduce the energy depletion of sensor nodes due to infections or daily work.

Effect of Charging on SILRD Model.
Charging factors as one of the features of SILRD model will be discussed here. In this part, variations in the quantity of five node states, control variables and the quantity of high-and low-energy nodes, and the overall costs will be applied as indicators to explain the impact of charging. ree scenarios will be discussed here, namely, SILRD model with solar energy harvesters, SILRD model with UAVs [21], and SILRD model without charging capability. In order to facilitate the analysis of the impact of charging, this part will ignore the impact of system input but will consider multiple types of malicious programs' attacks and nonlinear infection rates.

Evolution of Sensor Node under Various Charging
Strategies.
e solar charging power is formulated in (1). It is worth noting that SILRD with UAVs considers the situation of patching and charging at the same time, so lowenergy sensor nodes will be transformed to recovered state directly. Figure 4 shows the evolution of sensor nodes under three charging strategies.
As can be seen from Figure 4(a), SILRD with solar energy harvesters can effectively increase the quantity of susceptible sensor nodes. However, under the attack of multiple types of malicious programs, the SILRD model with charging strategy cannot effectively restrain the growth of malicious programs, among which the case with solar charging is the most serious, as shown in Figure 4(b). Nevertheless, charging can effectively reduce the quantity of low-energy sensor nodes, as shown in Figure 4(c). Similarly, the quantity of recovered sensor nodes also increased due to the charging strategies, as depicted in Figure 4(d). e situation of energy depletion is very close as shown in Figure 4(e). Among them, the more accurate sorting from high to low should be SILRD with UAVs, followed by SILRD without charging and SILRD with solar energy harvesters.
Under the attack of multitype of malicious programs, the strategies with charging cannot inhibit the increase of the quantity of infected sensor nodes effectively, but it can greatly reduce the quantity of low-energy sensor nodes so as to increase the quantity of recovered sensor nodes. e strategy with solar charging is more widely distributed, so it can increase the quantity of recovered sensor nodes in highly efficient to keep the networks running well.

Variation on Dynamic Control Level.
e variation of dynamic control will further reveal the cause of the evolution of node state, as depicted in Figure 5. Specifically, Figure 5(a) shows the changes in control variables in SILRD with solar energy harvesters, Figure 5(b) shows the changes in control Complexity variables in SILRD with UAVs, and Figure 5(c) shows the changes in control variables in SILRD without charging. In all three cases, the malicious programs stopped spreading at the beginning and peaked when t � 2. After propagation stops, the malicious programs still exist in the infected sensor nodes. After patching with maximum effort, due to the accumulation of costs, the networks stop patching after weighing. If the networks were patched again, the cost of patching would be higher than the cost of damage caused by malicious programs, so the networks stopped using the UAVs.
After UAVs stop patching, there are still exist malicious programs with strong and weak ability to destroy in the networks. Among them, the strategy with UAVs can quickly eliminate the malicious programs with weak damage ability (t � 2), followed by the solar charging strategy (t � 4) and finally the noncharging strategy (t � 15). However, malicious programs with strong destructive ability still present in the networks without completely clearing away.

Variation on the Quantity of High-and Low-Energy
Nodes. In order to directly express the quantity of high-and low-energy sensor nodes in the networks, the form of histogram has been applied to show the variation on the quantity of high-and low-energy sensor nodes over time under different charging strategies, as depicted in Figure 6. As can be seen from Figure 6(a), sensor nodes with high energy show a downward trend under the three strategies. Among them, the strategy without charging fell by the most quickly. e degree of elevation of the strategy with UAVs is determined by the quantity of UAVs. is paper assumes a small quantity of UAVs deployed because too many deployments would be costly. e strategy with solar energy harvesters assumes that each sensor node is equipped with the energy harvester, which is close to reality. Based on the analysis of Figures 6(a) and 6(b), it can be seen that, due to the comprehensive deployment of sensor nodes equipped with solar energy harvesters, the quantity of high-energy 14 Complexity sensor nodes declines slowly. Moreover, the low-energy sensor nodes not only did not rise but also fell. Figure 7 shows the cost trends of the three strategies. e cost of solar charging is the lowest, followed by the strategy of deploying UAVs and finally the strategy of noncharging. For solar charging, since each sensor node is equipped with a solar energy harvester, there is no additional cost during capturing solar energy compared to the deployment of UAVs. In the conclusion of the previous section, charging can effectively improve the immunity of EHWSNs and reduce the quantity of dead sensor nodes, so as to achieve the purpose of reducing costs.  (c) controllable input with node degree � 30; (d) controllable input with node degree � 50; (e) uncontrollable input with node degree � 5; (f ) uncontrollable input with node degree � 15; (g) uncontrollable input with node degree � 30; (h) uncontrollable input with node degree � 50.

Model.
is section mainly discusses the influence of controllable and uncontrollable input and node degree on ΛSILRD model. e formulation of networks input adopts (17). Node degrees are set to 5, 15, 30, and 50, respectively.
Similar to the previous section, this section also discusses the variation trend of four aspects, which are sensor nodes in various states, control variables, quantity of high-and lowenergy sensor nodes, and overall costs. e experimental parameters are the same as those in Section 4.2.

Evolution of Sensor Nodes in ΛSILRD
Model. As a control group, uncontrollable input into the system will be considered. In both cases, evolutions of sensor nodes change uniformly except when node degree equals 5, as depicted in Figure 8. e quantity of susceptible sensor nodes fell rapidly in the first hour before reaching equilibrium, as depicted in sensor nodes is related to node degree, as shown in Figure 8(a). With the increase of node degree, the stable value of the quantity of susceptible sensor nodes becomes lower. On the contrary, in the case of input without control variables, the quantity of susceptible nodes experienced a process of rapid decrease and then a slow rise and finally reached an equilibrium, as shown in Figure 8 In the case of input with control variables, the quantity of recovered sensor nodes remained stable except when the node degree equals 5, as shown in Figure 8(d). In the case of input without control variables, the quantity of recovered sensor nodes increased rapidly after a period of stabilization, as shown in Figure 8(i). In a word, as the node degree increases, the infection will become more severe, and the quantity of low-energy and death sensor nodes will increase.

Variation of Control Variables.
In both cases, the quantity of infected sensor nodes reaches its peak when t � 1, so the networks stop patching, as shown in Figure 9. When t � 10, as more vulnerable sensor nodes exist in the networks, there is a risk of reinfection by malicious programs, so the networks start to patch the vulnerable sensor nodes again, as depicted in Figures 9(a), 9(b), 9(d), 9(f ), and 9(h). When t � 11, the existing quantity of vulnerable sensor nodes is enough to maintain the normal operation of the networks, and the deployment of new sensor nodes will only bring more extra burden, so the networks will stop casting new sensor nodes, as shown in Figure 9(a). With the increase of node degree, the control strategy will not change greatly, as shown in Figures 9(c)-9(h).

Variation on the Quantity of High-and Low-Energy
Sensor Nodes. Figure 10 shows the changing trend of the quantity of high-and low-energy sensor nodes in the networks. e variation trend of low-energy sensor nodes is the same in both cases, but the influence of node degree on both cases is different when T is greater than 16, as shown in Figures 10(b) and 10(d). As can be seen from Figure 10(a), when network input contains control variables, the quantity of high-energy sensor nodes basically remains at a very high level, about 90%. In the case of uncontrollable input, the quantity of high-energy sensor nodes will increase continuously, as shown in Figure 10(c). It is worth noting that, with the increase of node degree, the quantity of high-energy sensor nodes will increase. As the infection rate continues to rise, sensor nodes in susceptible state will quickly convert to infected state, so that the quantity of susceptible sensor nodes will rapidly decline. erefore, it is necessary to quickly cast new sensor nodes to maintain the operation of the networks. Figure 11 shows the cumulative cost in both cases. With the increase of node degree, the costs do not show the same growth trend but tend to be saturated. In Figure 11(a), the numerical difference between the cost of node degree equal to 5 and the cost of node degree equal to 15 is about 7000, but the difference between 15 and 30 is about 1000, and the difference between 30 and 50 is about 200. Figure 11(b) shows the same phenomenon. e costs are lower in the case of controllable input than uncontrollable input under the same node degree owing to the networks with controllable input which can reduce the quantity of new sensor nodes and cut the cost of patching new sensor nodes, as shown in Figures 11(a) and 11(b).

Conclusion
By introducing Logistic Growth, nonlinear incidence, and charging by solar energy, this paper builds an ΛSILRD model suitable for EHWSNs. At the same time, the introduction of multiple types of malicious programs refines the model. By comparing with the existing epidemic models, we found that the SILRD has obvious advantages in increasing the quantity of recovered sensor nodes and reducing the quantity of death sensor nodes, especially SILRD with solar charging. Meanwhile, compared with the three charging strategies, we found that the SILRD with solar charging has the lowest cost. Finally, the influence of controllable input, uncontrollable input, and node degree on ΛSILRD model is revealed through the simulations. When the node degree is higher, the quantity of infected sensor nodes and dead sensor nodes will increase rapidly under the attack of multitype malicious programs with nonlinear infection rate but will tend to be saturated. At the same time, input that contains control variables can timely stop the delivery of new nodes and affect the subsequent network patching behavior, thereby reducing costs.
Although this paper proposes a malicious programs' propagation model that is close to reality, there are still many deficiencies. In the establishment of the solar charging model, this paper uses a simplified model and does not consider some random factors, like weather factors, human factors, and so on. At the same time, the topology of the EHWSNs and various delay phenomena are not further analyzed in this paper. However, in spite of this, the model and analytical methods proposed in this paper are believed to provide scholars in related fields some inspiration in the future.

Data Availability
e data used to support the findings of this study are included within the article, such as the coverage area of the WSNs, the maximum transmission radius of nodes, and transition probabilities among five nodal states.