Stability Analysis of a Dynamical Model for Malware Propagation with Generic Nonlinear Countermeasure and Infection Probabilities

,e dissemination of countermeasures is widely recognized as one of the most effective strategies of inhibiting malware propagation, and the study of general countermeasure and infection has an important and practical significance. On this point, a dynamical model incorporating generic nonlinear countermeasure and infection probabilities is proposed. ,eoretical analysis shows that the model has a unique equilibrium which is globally asymptotically stable. Accordingly, a real network based on the model assumptions is constructed, and some numerical simulations are conducted on it. Simulations not only illustrate theoretical results but also demonstrate the reasonability of general countermeasure and infection.

In the field of malware, countermeasures such as software patches or warnings can supply a valid approach to helping individuals and organizations avert malware infection problems (e.g., [13,14]). In 2004, the CMC (Countermeasure Competing) strategy is proposed by Chen and Carley [15]. eir results reveal that the CMC strategy is more effective than previous strategies by the empirical malware data.
Inspired by this work and in order to macroscopically describe the mixing transmission of malware and countermeasures, Zhu et al. [9] presented a compartment model. e dynamics of the model was performed. Later, Yang and Yang [10] simply extended this model by incorporating the impacts of infected removable storage media and external nodes (e.g., computers). However, these two models both neglect two important facts. On the one hand, they ignore the fact that the linear infection probability is a well fit for the real-world situations only when the infected nodes are few. On the other hand, they overlook the fact that countermeasures may propagate through networks at different rates.
us, the assumptions of linear infection and countermeasure probabilities are unreasonable.
To remedy these flaws and considering the impacts of general countermeasure and infection on the spread of malware, this paper studies a new dynamical model (see Figure 1), which incorporates generic countermeasure and infection probabilities. Here, S(t), I(t), and C(t) (S, I, and C, for short) denote the average numbers of susceptible, infected, and countermeasured internal nodes (i.e., nodes on the network) at time t, respectively. eir entering rates are μ 1 > 0, μ 2 > 0, and μ 3 > 0, respectively. Besides, the following basic hypotheses of the model are made: (H1) Each internal node leaves the network with probability δ > 0. (H2) At time t, each susceptible internal node gets infected by infected internal nodes with probability β(I(t)), where β is twice continuously differentiable, β ′ > 0, β ″ < 0, and β(0) � 0. e concavity hypothesis fits well with the saturation property of the infection probability.
Combining the above hypotheses, the new proposed model can be represented by the following system: with initial condition (S(0), I(0), C(0)) ∈ R 3 + . e globally asymptotic stability of the unique (viral) equilibrium of model (1) is proved and illustrated completely. Additionally, a new network is constructed based on the above assumptions, on which some numerical simulations are examined. e paper is organized in this fashion. Section 2 determines the (viral) equilibrium and investigates its local and global stabilities. Experimental analysis is presented in Section 3. Finally, some conclusions and outlooks are given in Section 4.

Model Analysis
Let N � S + I + C, and μ � μ 1 + μ 2 + μ 3 . Adding up the three equations of system (1), one can easily obtain that lim t⟶∞ N � μ/δ. It follows by the asymptotically autonomous system theory [16] that system (1) is equivalent to the following reduced limiting system: and Ω is positively invariant for system (2). In the following sections, we just need to investigate the dynamical behavior of system (2).

Theorem 1. System (2) has a unique (viral) equilibrium
where E * is the unique positive solution to the following system: with the initial condition (x(0), y(0)) ∈ Ω.
Proof. Let us assume that E * � (I * , C * ) is an equilibrium of system (2). Clearly, E * satisfies system (4). Firstly, let us prove that the second equation of system (4) has a unique positive root. Let As We shall proceed by distinguishing two possibilities depending on whether f ′ (0) is positive or negative.
us, f is strictly increasing and decreasing in [0, y] and [y, μ/δ], respectively, which implies that f has a single zero in [y, μ/δ].
Collecting the above discussions, it can be concluded that f does have a unique zero. en, y � C * , and f ′ (C * ) < 0.
Next, let us prove that the first equation of system (4) has a unique positive root. Let As We shall also proceed by distinguishing two possibilities depending on whether g ′ (0) is positive or negative.
us, g is strictly increasing and decreasing in [0, x] and [x, μ/δ − C * ], respectively, implying that g has a single zero Case 2: g ′ (0) ≤ 0. us, g is strictly decreasing and has a single zero. en, g always has a unique zero x � I * . Besides, g ′ (I * ) < 0.
In conclusion, the claimed result is proved. Proof. Let S * � μ/δ − I * − C * . e corresponding Jacobian matrix of system (2) at E * is given as follows: and its two eigenvalues are (12) us, the claimed result follows from the Lyapunov stability theorem [17].
Hence, it follows from the Bendixson-Dulac criterion [17] that system (2) admits no periodic orbit in the interior of Ω.
On the boundary of Ω, let (I, C) denote an arbitrary point. us, three possibilities can be considered.
By eorems 1 and 2, Lemma 1, and the generalized Poincare-Bendixson theorem [17], we can easily obtain the main result of this paper as follows. □ Theorem 3. E * is globally asymptotically stable with respect to Ω.
In Figures 2 and 3, six orbits of system (1) are examined with different system parameters and different initial conditions, respectively. e illustrated results are in accordance with the main theoretical result (i.e., eorem 3).

Model Simulation
In Section 2, some orbits for system (1) have been examined in Figures 2 and 3. In order to further show the main result and the impacts of nonlinear countermeasure and infection probabilities, some simulations will be made on a constructed network, which is based on the model assumptions. For brevity, a computer is called as a node.
As was treated in the work [18], let s i (k) denote the state of node i at time k, where k is a nonnegative integer. Let S e (k), I e (k), and C e (k) denote, at time k, the numbers of susceptible, infected, and countermeasured nodes, respectively. Now, let us introduce the network iterative rules.

Rule 1.
Each internal node at time k would be disconnected from the network with probability δ at time k + 1.
Rule 2. μ external nodes, including μ 1 susceptible nodes, μ 2 infected nodes, and μ 3 countermeasured nodes, would be connected to the network at the next time.

Rule 3.
e state of each susceptible internal node i at time k + 1 is determined by the following rule: infected with probability β I e (k) , countermeasured with probability c 1 C e (k) .
Rule 4. e state of each infected internal node i at time k + 1 is determined by the following rule: countermeasured with probability c 1 C e (k) .
Rule 5. e state of each countermeasured internal node i at time k + 1 is determined by the following rule: Example 1. Consider system (1) with μ 1 � 11.01, μ 2 � 7.02,  e common initial condition is (S(0), I(0), C(0)) � (325, 55, 10). Figure 6 demonstrates that the new model with nonlinear infection and countermeasured probabilities is more reasonable than the original model [9] because malware would be always there and would not go extinct.

Summary and Outlook
In order to investigate the impacts of general countermeasure and infection on the diffusion of malware, a new propagation model, which incorporates nonlinear generic infection and countermeasure probabilities, has been presented and analyzed. e global stability of the unique (viral) equilibrium has been proved. Additionally, some simulations have been examined on a constructed network, whose iterative rules are consistent with the model assumptions.
e simulation results show the main result and the effects of general countermeasure and infection.

Data Availability
Data sharing is not applicable to this article as no datasets were generated.

Conflicts of Interest
All authors declare no conflicts of interest.