Research

the


Introduction
Malware is the generic term used to designate any informatics program created deliberately to carry out an unauthorized activity that, in many cases, is harmful to the system in which it has been lodged [1]. ere is an increasing trend in both the number and types of malware. According to the report in [2], there is an exponential growth in the number of viruses, and in 2017, there are 15,107,232 different malware files that we had never seen before, mainly because of the improvement of technology and the increasing Internet population. Hence, there are lots of researchers trying to develop effective methods and tools to detect malware from a microperspective [3][4][5].
Although the scientific approach to combating malware is mainly focused on the design of efficient methods to detect and remove malware [6], it is also worth modeling the propagation behaviors of malware and developing effective control strategies, furthermore, to prevent its outbreak. Most of these models are dynamical systems of ordinary differential equations [7]. ey are compartmental, that is, the nodes are divided into different types, such as susceptible, exposed, infectious, recovered, and quarantined. us, a great number of models (SIS models [8,9], SIR models [10,11], SEIR models [12], and SIRQ models [13]) have been proposed.
In recent years, most malware propagation models are proposed by incorporating some new compartments into the existing models. In [14], by considering the protected nodes in cloud, Gan et al. proposed an SIP model for computer virus propagation. More specifically, the protected nodes in cloud can be not infected but might be converted into an S compartment in a certain probability. Similarly, considering the devices that can be infected by the malware but cannot be damaged, an SIRC model is built in [15], where C denotes the carrier device.
On the other hand, user's awareness also has gained a lot of attention from researchers. In [16], the authors pointed out that the missing of user awareness might cause some security issues. In [17], Furnell also claimed that phishing is a significant security threat, and the problem cannot be completely solved by technology alone; in this context, user awareness is highly required. It is no doubt that user awareness is essential for cybersecurity. Considering that user awareness also plays an important role in slowing down the propagation of malware, an improved model based on the SLIR model with user awareness has been put forward in [18]. In [18], the user whose computer is not infected or exposed is probable to install antivirus programs, and the probability here is called user awareness.
In [1], the author raised the issue that the infection rate of computers may vary from computer to computer. For example, if users are worried about security issues, the infection rate should be reduced. In contrast, if users have dangerous behaviors, the infection rate should be higher. Inspired by this, this study aims to address the issue of different infection rates of computers with/without user awareness. Different from the work in [18], a new compartment (D compartment) is incorporated into the classical SIS model. Here, D compartment denotes the group of nodes with security awareness, whereas S represents the node with dangerous behaviors. Obviously, the infection rate of D nodes is less than S nodes. Besides, in [19,20], the author proposed S and W compartments similar to S and D compartments in this article, where the conversion rate of the two is a constant. However, we noticed that the change in user awareness is related to the number of infections. e higher the number of infections, the higher the awareness of users. So, we consider that the rate of consciousness conversion is related to the number of infections.
e main contributions of this work are as follows: (1) A new model describing computer virus propagation is built from the perspective of user awareness (2) Two equilibrium of the model is obtained: the virusfree equilibrium point and the viral equilibrium, and furthermore, their local and global stabilities are proved, respectively. (3) rough qualitative analysis and simulation experiments, effective control measures are proposed to prevent the outbreak and spread of malware e remaining materials of this study are organized as follows: Section 2 formulates the proposed propagation model of malware. In Section 3, local stabilities of both the infection-free and viral equilibria are analyzed, respectively, while Section 4 deals with the global stabilities of the two equilibria. In Section 5, some numerical simulations are performed to illustrate the obtained theoretical results and efficient control measures. Finally, Section 6 summarizes this work and gives some shortcomings.

Mathematical Framework
e model proposed in this work is a compartmental model where the computers are divided into 3 classes: susceptible nodes (S) which can be infected by malware easily, nodes with user awareness (D) which can be infected by malware more difficult than S nodes, and infected nodes (I) which can infect other nodes. e transfer diagram is shown in Figure 1. e following notations and assumptions will be adopted in the sequel. Obviously, β 2 < β 1 . ϵ: the conversion rate from S nodes to D nodes caused by an I node η: the recovery rates of I nodes due to the effect of antivirus software

Model Assumptions
(i) All newly accessed nodes are S nodes (ii) At time t, the infection force from S to I is given by β 1 S(t)I(t), and the infection force from D to I is given by β 2 D(t)I(t). (iii) Due to the spread of malware, users gradually become conscious. At time t, the conversion force from S to D is given by εS(t)I(t). (iv) At time t, the users of the recovered nodes all have improved, and the recovered force of I nodes is ηI(t).

Model Formulation.
Considering the above assumptions, the dynamics of the model is governed by the following system of ordinary differential equations:   (1) can be reduced to the following limit system: It is easy to verify that all feasible solutions of equation (2) are bounded and finally fall inside the region Ψ defined as (3) Obviously, system (2) has infection-free equilibrium e basic reproduction number R 0 is defined as the average number of computers infected by an infected device during the period from infection. R 0 often serves as a threshold parameter that predicts whether an infection will spread. For system (2), we have If R 0 > 1, system (2) has a viral equilibrium E * � (S * , I * ): where

Local Stability
In this section, we will analyze the two local stabilities of the equilibria of the system.
Proof. By linearizing system (2) at E 0 , we get the characteristic equation: us, On the one hand, all roots of equation (8) have negative real parts, and hence, E 0 is locally asymptotically stable if R 0 < 1. On the other hand, equation (8) has at least one root with positive real, and hence, E 0 is unstable if R 0 > 1. □ Theorem 2. E * is locally asymptotically stable if R 0 > 1.

Global Stability
eorem 2 has revealed that the equilibrium E * and E 0 in the system (2) are locally asymptotically stable, respectively.
en, we intend to analyze the global stability of the SID epidemic model in this section. A famous method is for determining a system whether having periodic orbits is the Bendixson-Dulac [22] criterion. e following lemma will be useful in the sequel before proving the global stability of equilibrium points.

Lemma 1.
e system has no periodic orbits in Ψ for system (2).
Proof. Define Constructing Dulac function [22], In the interior of Ψ, one can get erefore, it follows from the Bendixson-Dulac criterion [22] that the interior of Ψ for system (2) does not contain periodic orbit.
We should take into account the boundary of Ψ after considering the interior area. Assume that an arbitrary point (S, I) is on the edge of the Ψ. After that, the following three possibilities will be discussed, respectively: (1) Case 1: when 0 < S ≤ α/μ and I � 0, then (2) Case 2: when 0 < I ≤ α/μ and S � 0, then (3) Case 3: when S + I � α/μ, S ≠ 0, and I ≠ 0, then us, it complies with the above three cases that there is no periodic orbit getting past (S, I) for system (2). In brief, there is no periodic orbit within Ω for system (2). Now, the proof has been completed. en, we can set out to prove the equilibria E * and E 0 of system (2) are global asymptotically stable in corresponding conditions, respectively.
Proof. With the basis of eorems 1 and 2 and Lemma 1, according to the Poincare-Bendixson theorem [22], one can get that the equilibrium E * is globally asymptotically stable for system (2) with respect to Ψ if R 0 > 1, and E 0 is globally asymptotically stable with respect to Ψ if R 0 < 1. Now, we accomplish the proof. □ Remark 1. eorems 1-3 have presented a phenomenon that the malware cannot be completely suppressed if R 0 > 1. But according to eorem 1, some factors can also suppress the spread of malware. In another aspect, with these related parameters, the proportion of infected can be reduced. is also provides an effective direction to curb the spread of malware in computers.
In Figure 2, E 0 is globally stable if R 0 < 1. What is more, we can get a conclusion that the initial value has nothing to do with the global stability if R 0 < 1. α � 1, μ � 0.1, ϵ � 0.02, β 1 � 0.1, β 2 � 0.05, and η � 0.45;   4 Complexity then, R 0 � 1.82 > 1, and the initial values of the system are kept the same as given in Table 1.
Since user awareness plays an important role in malware propagation, Figure 4 shows time plots of the number of infected users with varied awareness conversion rates. We can find that the higher the awareness conversion rate, the smaller the number of infected users. So, raising user awareness can effectively control the number of infected users.
Example 4. Due to the importance of R 0 , we will discuss how parameters affect the evolution of malware propagation over time. e parameters are given in Table 2.
We can find that R 0 and β 1 have a positive linear relationship as shown in Figure 5. erefore, we can keep the contact rate β 1 at a low level to prevent the spread of malware in computers effectively. R 0 and α have a positive linear relationship in Figure 6. Figure 7 shows that R 0 decreases as μ increases. us, it is reasonable to reduce the online rate of the computer and increase the disconnect rate of computer    6 Complexity when the malware spreads and breaks out. Figure 8 shows that R 0 will drop sharply if the recovery rate increased. So, installing the latest antimalware software on computers is another effective countermeasure to control the propagation of malware.
Example 5. Finally, we compare the SIS model with our proposed model through several sets of simulation experiments. e SIS model with the infection rate β and the recovery rate η 1 have been proposed in [23]. Here, β � β 1 and η 1 � η. e initial conditions are S(0) � 6, D(0) � 0, and I(0) � 4. e parameters are given in Table 3.
In Figure 9, we can clearly see that the final number of infected nodes in the SID model is always smaller than the corresponding number in the SIS model. So, it makes sense to improve the security awareness of users.

Conclusion
Inspired that user awareness plays an important role in the spread of malware, a new model based on the SIS model is proposed. rough mathematical analysis and simulation experiments, the rationality of the model is verified, and it is proposed that if we improve user awareness before malware propagation, then preventing the spread of malware will be achieved. Moreover, biological and malware models have many similar behaviors. Hence, it makes sense to compare biological and malware models. e novel coronavirus infectious disease is commonly known as COVID-19 and has become the greatest challenge in this world [24]. To study the spread of the coronavirus, there are plenty of mathematical models about COVID-19 [25][26][27]. e model proposed in this article can also be used to describe the propagation of COVID-19. In this context, S node represents people who have not taken any measures against COVID-19, D node represents people who have taken measures against COVID-19, such as wearing a mask or staying at home, and I node represents people who have been infected and can infect others.

Data Availability
e data used to support the findings of this study are included within the article.  Complexity