Modelling and Control of Trojan Propagation via Online Game Accelerators

*e widespread use of online game accelerators also induces them to become amedium for hackers to spread Trojan horses. In this paper, we propose a novel compartment model which considered the heterogeneity of online computer game players aiming to characterize the Trojan propagation. Specifically, we distinguish rational game players from impulsive game players in our model. *e spreading threshold is obtained, and the global stability of equilibrium is also verified. Moreover, Trojan’s control problem is studied by using Pontryagin’s maximum principle. Numerical results confirm the stability of the system and the effectiveness of the optimal control strategy. Besides, more numerical results also show that some control strategies such as warning and caution should be taken at the very beginning of game player downloading the malicious accelerator.


Introduction
Online game accelerator, as a computer program, is used to speed up online computer games. However, as a result of its popularity and wide use, more and more cybercriminals mask Trojan in it to launch attacks today [1]. Once victims are tricked into executing Trojan on their system, their computers will be controlled remotely, and even confidential information such as banking information, passwords, or personal identity will be stolen [2,3]. On the contrary, most of the game players pay little attention to the system security when they play computer games. us, it is easy for attackers to spread Trojan via online game accelerators.
In the area of epidemic disease, establishing a dynamical model is recognized as an effective method to predict the scale of disease outbreaks and develop the constant control measures. Also, researchers use dynamics theory to build mathematical models to solve scientific problems [4][5][6]. Inspired by this, lots of classical models have been presented to study the spreading mechanism of malware (virus, worms, and Trojan) and the factors affecting its propagation process [7][8][9][10][11]. Considering the earlier studies neglected the network structure in malware propagation, some dynamical models which focused on the network topology were proposed [12][13][14][15][16]. However, most of the aforementioned models are obtained upon the assumption that a susceptible node will be infected once they contact with (e.g., received the malicious hyperlinks, messages, or emails) the infected nodes. In reality, the susceptible nodes will not be infected immediately until they click the malicious links and execute Trojan. Additionally, to our knowledge, there are almost no works on Trojan propagation via online game accelerators. erefore, in this paper, we propose an SEIR (Susceptible-Exposed-Infected-Recovered) model to address the problem of Trojan propagation via online game accelerators. Especially, we consider that the probability of every game player clicking hyperlinks with malware about game accelerator downloading is determined by the player's rationality factor and impulse factor together. If the rational factor is greater than the impulsive factor, we define the user as a rational player; otherwise, it is an impulsive player. e detailed process of Trojan infiltration will be discussed later.
Another aspect about dynamics research is to design the time-varying control strategy [17][18][19][20]. It is well known that the optimal control theory provides an appropriate framework for such problems [21,22]. Here, we establish an optimal control system over applying the optimal theory. Based on Pontryagin's maximum principle, the optimal control strategy is proposed to minimize the infected users as well as minimize the control strategy costs.
is paper is organized as follows. In Section 2, we propose the new model to characterize the Trojan spreading via online game accelerators. In Section 3, we derive the basic reproduction number and the equilibrium of the simplified system. e local asymptotic stability and the global stability of disease-free equilibria and endemic equilibria are studied. In Section 4, we discuss the optimal control measures aiming to seek cost-effective solutions of control for Trojan. Furthermore, in Section 5, we show the numerical simulation to illustrate the theoretical results. Finally, the conclusion and discussion are given in the last section.

Model
In this section, we construct a state diagram for Trojan propagation via online game accelerators.

2.1.
e New Model. In our model, the whole nodes (computers) in the network are divided into four states: susceptible, exposed, infectious, and recovered, and the state of a node changes among these four states over time. e transmission process is illustrated in Figure 1.
(A) Susceptible node S, which means that the node (computer) is not infected currently but vulnerable to become infectious (B) Exposed node E, which means that the node (computer) is exposed to Trojan and has been infected but cannot infect others (C) Infectious node I, which means that the node (computer) has been infected and can infect other nodes (D) Recovered node R, which means that the node (computer) is recovered by Trojan killing removal or any other methods and cannot be infected by Trojan anymore e attack process is described as follows.

Model Description.
Firstly, Trojan developers create relationships with real game players. Secondly, developers send malicious hyperlinks such as web links, short messages, compressed packages, or emails to game players and trick them into clicking on these things. e computer game player is infected once he runs the malicious code on his computer. en, developers can control the computers remotely and even attack other computers on the same network soon after. As shown in Figure 1, the S-state node will be exposed with the rate of β when they receive the malicious accelerator links from infected nodes. en, some of exposed nodes enter the I-state compartment with the rate of ξa because impulsive players use the malicious online game accelerator, and others enter the R-state with the rate of η(1 − a) because rational players perform antivirus scanning or take other measures. e infected node will be recovered by Trojan killing removal. e definitions of frequently used variables are given in Table 1.
In addition, we make the following assumptions in the model: (1) All the new jointed nodes are vulnerable to Trojan when they appear for the first time.
(2) Once the nodes are vaccinated, they will be immune permanent and cannot be infected by Trojan anymore. (3) e natural death rate of every node in different states is the same.
We present the dynamic process in the following deterministic ordinary differential equations:

The Dynamics of the SEIR Model
is section is dedicated to gain insight into the dynamic properties of the SEIR model, including the propagation threshold, the equilibrium, and their global stability. Adding the four equations of system (1) together, we have From equation (2), it is and Figure 1: e compartment transmission sketch of the SEIR model. 2 Mathematical Problems in Engineering

e Basic Reproduction Number and Equilibrium
It is clear that system (5) always has a disease-free equilibrium P 0 ((b/d), 0, 0, 0).
Following the methods in [23,24], we can rewrite system (5) as follows: where en, Finally, the basic reproduction number of the system is calculated as follows: which represents the number of secondary infections caused by a unique infected individual during its infection time. In our model, R 0 shows the Trojan spreading threshold value. If this threshold value is less than one, it represents that Trojan will die out. When it is greater than one, it represents that Trojan will outbreak. If R 0 > 1, we can also obtain a unique endemic equilibrium P * (S * , E * , I * , R * ) of system (5), where

e Stability of Equilibrium.
It should be noted that the first three equations of system (5) are independent of the fourth one. Without loss of generality, the system can be omitted as follows: Transmission rate of impulsive players from exposed to infected nodes η Transmission rate of rational players from exposed to recovered nodes φ Recovery rate of infected nodes Lemma 1. If R 0 < 1, the disease-free equilibrium P 0 of the system is locally asymptotically stable.
Proof. e Jacobian matrix of linearized system (9) at P 0 is so we have where A � (βcb/d), B � d + c + δ, and C � d + φ. Equation (13) always has a negative characteristic root: λ � − d. Other roots are determined by the following equation: Based on the relationship between roots and coefficients of the quadratic equation, equation (14) has negative real parts when R 0 < 1. According to the Routh-Hurwitz criterion [25], the disease-free equilibrium P 0 of the system is locally asymptotically stable. □ Lemma 2. If R 0 > 1, the equilibrium P * of the system is locally asymptotically stable. Proof.
us, the equilibrium P * is locally asymptotically stable when R 0 > 1. □ Theorem 1. If R 0 ≤ 1, the disease-free equilibrium P 0 of the system is globally asymptotically stable and unstable if R 0 > 1.
If R 0 > 1, equation (13) has two negative roots and one positive root. Hence, P 0 is unstable. □ Theorem 2. If R 0 > 1, the endemic equilibrium P * of the system is globally asymptotically stable.
Proof. Define a Lyapunov function: en, the derivation of V(t) is Mathematical Problems in Engineering en, it is easy to prove that f(x) � 1 − x + ln x ≤ 0 when x > 0; the equality holds only when x � 1. us, we obtain One can see that (dV/dt) � 0 in the largest invariant subset is the singleton P * { }. By LaSalle's invariance principle [26], P * is globally asymptotically stable when R 0 > 1. □

Optimal Control and Strategies
In this section, an optimal control system is established via the optimal control theory. We aim to minimize the number of infected computers and the corresponding economic losses during the course of an epidemic. Control strategies, such as warning and caution, can realize the control of Trojan at different costs. Assuming that the transmission rate of rational players from exposed to recovered nodes is constant, it fails to well reflect the dynamic control of the countermeasures on the spread of Trojan. In the real world, countermeasures can be flexibly spread on the internet as needed. erefore, the transmission rate can be regarded as a function of time so that we can adjust the transmission rate dynamically to minimize the spread of Trojan and the corresponding costs. In this section, we regard the rate of users from the E compartment to the R compartment as the control variable; it means that η is varying with time t. Model system (5) becomes with the given objective function Let Θ denote the control set of δ(t), and where t f is the time when the control measures are over and coefficients ω 1 and ω 2 are positive weights.
We seek the optimal solution δ * (t) which satisfies objective function (24). Next, we will analyze the existence of δ * (t) and solve it.

e Existence of the Optimal Control Solution
ere exists an optimal solution δ * (t) satisfying the control system.

Solution to the Optimal Control Problem.
In this section, we will deal with the optimal control problem applying Pontryagin's maximum principle [27]. Define the Hamiltonian H as where λ i (t) are the adjoint variables to be described later.
Theorem 4. Let S * 1 (t), E * 1 (t), I * 1 (t), and R * 1 (t) be the optimal state solutions of dynamic model (25) related to the optimal control δ * (t). And there exist adjoint variables λ 1 (t), λ 2 (t), λ 3 (t), and λ 4 (t) that satisfy with the transversality condition In addition, the optimal control δ * (t) is given by Proof. According to Pontryagin's maximum principle with the Hamiltonian function [28], the adjoint equations can be determined by the following equations: with the transversality condition Furthermore, by the necessary condition, we have Considering the optimality condition, we have It means that δ * � min 1, max(0, (λ 2 (t) − λ 4 (t)/2ω 2 ) E * 1 (t))}. So, the optimal control problem can be determined by the following system: □ Mathematical Problems in Engineering

Numerical Simulations
In this section, due to the difficulty of obtaining the real datasets, we develop simulation methods to verify theoretical results. is work consists of two parts: the first part is the simulations about dynamics of the SEIR model, and the second part is the simulations of the optimal control strategy.
In Figure 3, we set β 2 � 0.004; the other parameters are the same as those mentioned above. We derive that R 0 � 2.5 > 1, and the endemic equilibrium P * (800, 150, 37.5, 1012.5). e black line, green line, purple line, and blue line plot the time evolution of the four variables S(t), E(t), I(t), and R(t), respectively. We can verify that the orbits converge to stationary levels when R 0 > 1.

Numerical Simulations of the Optimal Control Model.
is section is to introduce the simulations of the optimal control strategy of system (16), and it is solved by the Runge-Kutta fourth-order method. Let ω 1 � 1, ω 2 � 0.2, β � 0.001, and T � 100, and other parameters are the same as above. e dynamical process of δ * (t) is illustrated in Figure 4. is figure shows that control strategies such as antivirus software alerts and reminders from online game companies should be taken at the beginning of Trojan outbreak. To present the effectiveness of the proposed optimal control strategy, we have plotted the evolution of infected nodes and the objective function with different constant control strategies and optimal controls, respectively. Figures 5 and 6 illustrate that the optimal control makes the control costs and outbreak of Trojan minimized.

Conclusion and Remarks
In this paper, we introduce the heterogeneity of computer game players to describe the Trojan propagation via online game accelerators. We conclude the epidemic threshold and prove that Trojan will outbreak if it exceeds. In addition, the control problem is suggested in two manners. One is constant control by the study of long-term dynamical behavior, and the other one is time-varying control based on optimal control theory. By Pontryagin's maximum principle [29], the solution of the optimal control strategy is explicitly given. Numerical simulations are performed to illustrate the theoretical results. We suggest that, at the beginning of the Trojan epidemic, control strategies such as warning and caution should be taken immediately. However, it must be mentioned that Trojan propagation is complex. In the future work, we will focus on the effects of the network structure in Trojan propagation via the online game accelerator. On the other aspect, it is crucial that users are more likely to believe the warning coming from the internet service provider, antivirus software, or their friends.
is issue is also worth studying.
Data Availability e data that support the findings of this study are available from the corresponding authors upon reasonable request.