Modeling and Control of Malware Propagation in Wireless IoT Networks

Wireless Internet of (ings (IoT) devices densely populate our daily life, but also attract many attackers to attack them. In this paper, we propose a new Heterogeneous Susceptible-Exposed-Infected-Recovered (HSEIR) epidemic model to characterize the effect of heterogeneity of infected wireless IoT devices on malware spreading. Based on the proposed model, we obtain the basic reproduction number, which represents the threshold value of diffusion and governs that the malware is diffusion or not. Also, we derive the malware propagation scale under different cases. (ese analyses provide theoretical guidance for the application of defense techniques. Numerical simulations validated the correctness and effectiveness of theoretical results. (en, by using Pontryagin’s Minimum Principle, optimal control strategy is proposed to seek time-varying cost-effective solutions against malware outbreaks. More numerical results also showed that some control strategies, such as quarantine and vaccination, should be taken at the beginning of the malware outbreak immediately and become less necessary after a certain period. However, the repairing and fixing strategy, for example applying antivirus patches, would be keep on going constantly.


Introduction
e smart Internet of ings (IoT), such as intelligent transportation, smart homes, smart grid, and the next industrial revolution (i.e., Industry 4.0), are embedded in billions of wireless devices. Often, wireless devices rely heavily on the wireless connectivity such as WiFi, Bluetooth, and Zigbee [1,2]. Wireless networks (WNs), as a kind of new information and communication network, connect the physical systems to cyber worlds. In addition, WNs have gained widespread application in IoT including healthcare, public safety, agriculture, and retail due to their low power consumption, flexible networking, unlimited potential, and relevant other features [3][4][5].
However, the development of IoT brings a seris of new challenges to cyber security. On the one hand, the low cost and short time-to-market nature of wireless IoT devices make them, such as sensors, actuators and smart appliances, expose to a high risk of malware infiltration. In addition, most IoT devices are left to operate on consumer premises without regular maintenance. On the other hand, the majority of wireless IoT devices are installed and controlled by consumers with limited security background. Even consumers may be willing to accept to install certain processes or applications on their devices in exchange for incentives without realizing the fact that this may cause attack [6]. In reality, there are hundreds of malware attacks against IoT that occur every year around the world, and each incident affects production and economy greatly.
Malware (Trojan, virus, and worms) is an intrusive software. It is designed for a variety of criminal and hostile activities such as spying, threatening for monetary benefit, or controlling a large population of devices [7]. e academic research focuses on the spread of malware from the following perspectives: detection technology and mathematical modeling [8][9][10][11][12]. Based on multidimensional hybrid features extraction and analysis, Li and Xu [8] proposed a novel method to detect Android malware. In [9], Du and Liu proposed a packet-based malicious payload detection and identification algorithm using the deep learning method. However, the above method to detect the malware cannot predict malware spread scale and explore the key factors affecting the spread of malware. In the wireless IoT network, malware hostile activities naturally extend to physical threats and can be launched by one wireless device and spread to another device [13]. Propagation vectors such as services or functions may be used to propagate malware due to different vulnerabilities that emerge across different technologies such as IoT or IPv6 and the lack of experience in technical implementation. As a result, the propagation process is difficult to detect and observe. Based on our understanding of the technology and experience with historic attacks, modeling approaches are used to predict propagation dynamics and to explore influential factors [14][15][16][17][18][19]. Recently, Chen and Cheng [20] proposed a novel traffic-aware patching scheme to select important intermediate nodes to patch and apply this to the IoT system with limited patching resources and response time constraint. On the basis of the difference of intelligent device's dissemination capacity and discriminant ability, Li and Cui [21] discussed a dynamic malware propagation model to study the malware propagation in industrial Internet of ings. Considering both the heterogeneity and mobility of sensor nodes, Shen and Zhou [22] proposed a heterogeneous and mobile vulnerable-compromised-quarantined-patched-scrapped (VCQPS) model. In [7], Elsawy et al. defined spatial firewalls to control malware spreading in Wireless Network. Gao and Zhuang [23] studied worm propagation with saturated incidence and strategies of both vaccination and quarantine. In [6], Farooq and Zhu proposed an analytical model to study the D2D propagation of malware in wireless IoT networks.
Motivated by the abovementioned research, we propose a Heterogeneous Susceptible-Exposed-Infected-Recovered (HSEIR) model, which characterizes the influence of infected wireless devices' heterogeneity in malware spreading. In our model, a node is a wireless IoT device. And the ability of wireless devices to spread the malware is different due to the factors of its topology links and processing capacity. As far as we know, little work has been done on the heterogeneity of wireless devices. In this work, we make contributions as follows: (1) We propose a HSEIR model. To the best of our knowledge, this is the first work for disclosing dynamics of malware propagation in the wireless IoT network. (2) We derive differential equations of the HSEIR model, which can reflect the number of wireless devices belonging to different states varying with time. (3) We discuss the malware propagation threshold by the proposed model. We also proof the stability of equilibrium, upon which we can judge the malware spread scale. (4) We study control strategy in two aspects. One is optimal control to minimize the number of infected devices (including exposed and infected nodes) and the corresponding cost of the strategies during the process of spreading. And, the other one is to control the malware illness upon the malware propagation threshold.
e remainder of this paper is organized as follows. In Section 2, we establish the HSEIR model in IoT wireless networks. In Section 3, we analyze the dynamics of the proposed model. In Section 4, control strategies by Pontraygin's Minimum Principle and malware propagation threshold are discussed. Section 5 gives the details of numerical simulation of the model. Conclusions and discussion are given in Section 6.

The HSEIR Model
In this section, we describe the novel HSEIR model, which considers the heterogeneity of infected wireless devices in malware spreading.

e States and State Transitions in HSEIR
Model. In our model, we assume that the proportion of wireless devices infected by the nodes with weak spreading capabilities is a and the proportion of wireless devices infected by the nodes with strong spreading capabilities is 1 − a. e total device population N is divided into four different compartments (susceptible (S), exposed (E), infected (I), and recovered (R)). Every device may be in one of such compartments at time tick t.
(i) S: the wireless devices in this compartment have not been infected by malware, but they are vulnerable to malware M (ii) E: the wireless devices in this compartment are exposed to the attacks but do not exhibit due to the latent time requirement (iii) I: the wireless devices in this compartment are infected and may infect other devices (iv) R: the wireless devices in this compartment are vaccinated and are immune to M We make the following assumptions: (1) Once the wireless devices are vaccinated, they will be permanently immune and cannot be infected by M any more (2) e nature death rate is extremely small. In reality, the service life of the wireless device is far more than the time from malware appearance to the end of the attack At time t � 0, all nodes are in the susceptible compartment. Once the malware M intrudes into the system, a node may move from one state to another, as shown in Figure 1, which illustrates the state transition diagram of a node. Table 1 shows the parameters involved in this paper. e nodes changing their states upon the following rules: 2 Security and Communication Networks (i) Due to the partial efficiency of the vaccine, there is only η fraction of the vaccinated susceptible nodes that move to R state per unit time (ii) e remaining susceptible devices move to the exposed state, and the new exposed devices at time t are given by the expression where β 1 and β 2 stand for the transmission coefficient of devices with weak spreading capability and strong capability and a and 1 − a represent the fraction of susceptible devices targeted by devices with weak spreading capability and strong capability, respectively (iii) e exposed devices transit into I with c when the malware begins actively, where c is the mean latent period (iv) Using some sufficient defense mechanisms, a portion of the exposed, infectious devices can recover at rates δ and φ, respectively:

Model Analysis
In this section, we firstly calculate the malware-free, malware-existence equilibria and the basic reproduction number of the HSEIR model. en, we proof the local and global stability of each equilibria.

Equilibria and Basic Reproduction Number.
Summing the right hand of (1), we have and after a simple computation, we have One can verify that the positive cone R 4 Denote that the region Ω is the positively invariant of system (1).
Next, we calculate the basic reproduction number R 0 by the method of van den Driessche and Watmough [24]. R 0 is a threshold value of the epidemiological model, which indicates the number of wireless IoT devices infected by an infectious device during its average period of illness at the beginning of the disease, when all are susceptible. It is easy to obtain that system (1) always has a malware-free equilibrium , and the associated next generation matrices are given by R 0 : en, the basic reproduction number R 0 of the system is as: It can be seen that system (1) has a malware-existence ,

Stability of Equilibrium
Lemma 1. e malware-free equilibrium P 0 of system (1) is locally asymptotically stable if R 0 < 1, and unstable if R 0 > 1.

Proof.
e Jacobian matrix of system (1) at P 0 is and its characteristic equation is It is clear that (10) has two negative roots λ 1 � − d and λ 2 � − (d + η), and other roots of (10) are determined by the following equation: If R 0 < 1, all roots of (11) have negative real parts, so all roots of (10) have negative real parts. erefore, the malware-free equilibrium P 0 is locally asymptotically stable by the Hurwitz criterion. If R 0 > 1, the root of (11) has both positive and negative real parts, so the malware-free equilibrium P 0 is unstable.

Proof. Consider the Lyapunov function as
en, us, L ′ ≤ 0 when R 0 ≤ 1. e equality is holding if and only if R 0 � 1, E � 0, and S � S 0 or E � 0 and S � S 0 , or R 0 � 1 and S � S 0 . If R 0 � 1, E � 0, and S � S 0 , then the only compact invariant subset in the set L ′ ≤ 0 is the singleton P 0 ; if E � 0 and S � S 0 , the only compact invariant subset in the set L ′ ≤ 0 is also the singleton P 0 ; if R 0 � 1 and S � S 0 , the only compact invariant subset in the set L ′ ≤ 0 is also the singleton P 0 ; therefore, the largest invariant subset in the set (dL/dt) � 0 { } also is the singleton P 0 . If R 0 > 1, we have (dL/dt) > 0. Finally, taking into account L(E, I) � cE+ (c + δ + d)I and LaSalle invariance principle [25], the result follows. is means that the malware will disappear with time varying if the basic reproduction number is less than one. □ Theorem 2.

Proof. For system
en, the derivative of V along solutions of system (1) is By direct calculations, we have that then For the function f(x) � 1 − x − ln x, we know that if x > 0, f(x) ≤ 0, and x � 1 leads to f(x) � 0. erefore, we can obtain V ′ ≤ 0, and the equality is holding if and only if S � S * , E � E * , I � I * , and R � R * . It means that the largest invariant subset, where V ′ � 0, is P * . By LaSalle's Invariance Principle [25], P * is globally asymptotically stable when R 0 > 1. is means that the malware will be outbreak if the basic reproduction number is more than one.

Control Strategy
In this section, we investigate the control strategy from two aspects. Firstly, an optimal control model has been proposed by Pontraygin's Minimum Principle. Secondly, we give some control strategies to prevent the malware outbreak from the explicit expression of the malware spreading threshold value.

Optimal Control Strategy Formulation.
We aim to minimize the number of infected devices (including exposed and infected nodes) and the corresponding cost of the strategies during the process of spreading. Four control functions u 1 (t), u 2 (t), u 3 (t), and u 4 (t), where 0 ≤ u i (t) ≤ 1. In particular, u i (t) � 0 means no control strategy and u i (t) � 1 means the maximal use of control strategy. e meanings of u i (t) are shown as follows: (1) u 1 (t) is used to represent the quarantine strategy that aims to reduce the contact between wireless devices with weak spreading capabilities and susceptible devices at time t (2) u 2 (t) is used to represent the quarantine strategy that aims to reduce the contact between wireless devices with strong spreading capabilities and susceptible devices at time t

Security and Communication Networks
(3) u 3 (t) is used to represent the vaccination strategy that can improve the immunocompetence of susceptible devices at time t (4) u 4 (t) is used to represent the repairing and fixing strategy that can increase the recovery rate of infected wireless devices at time t e transmission dynamics of the optimal control model is formulated as e main purpose is to minimize the number of infected devices at a minimum cost. And, as a consequence, we consider the objective functional: where the parameters K ≥ 0, W ≥ 0, P ≥ 0, and Q ≥ 0 are the weight constants for the control strategies. (K/2)u 2 1 (t), (W/2)u 2 2 (t), (P/2)u 2 3 (t), and (Q/2)u 2 4 (t) describe the cost associated with quarantine strategy, quarantine strategy, vaccination, and repairing and fixing strategies, respectively. Our aim is to seek the optimal control functions u * where U is the control function set defined as Next, we discuss the existence of an optimal control functions by Fleming and Rishel [26].
(1) e set of controls and the corresponding state variables are nonempty (2) e admissible control set is convex and closed (3) e right hand side of the optimal control system is bounded by a linear function in the state and control variables (4) e integrand of the objective function, E + I + (K/2)u 2 1 + (W/2)u 2 2 + (P/2)u 2 3 + (Q/2)u 2 4 , is convex (5) ere exist constants c 1 > 0, c 2 > 0, and l > 1 such that the integrand of the objective cost functional is convex and satisfied J(E, I, u i , t) ≥ c 1 ( 4 i�1 |u i | 2 ) l/2 + c 2 Theorem 3. An optimal control pair (u * 1 , u * 2 , u * 3 , and u * 4 ) subject to system (18) exists if the following conditions hold: Proof. By the results of [27], it is easy to check that the set of controls and corresponding state variables exist. By the definition, the control set is bounded and convex. Since optimal control system (18) is bilinear in u i , the right hand side of it satisfies condition 3 by using the boundedness of the solutions. Additionally, the integrand of objective function (19) is convex on the control set U. E + I+ (K/2)u 2 1 + (W/2)u 2 2 + (P/2)u 2 3 + (Q/2)u 2 4 ≥ c 1 (|u 1 | 2 + |u 2 | 2 + |u 3 | 2 + |u 4 | 2 ) l/2 + c 2 because the state variables are bounded, considering l � 2 and c 1 and c 2 are smaller enough.

□
In order to find the optimal control solution, we should describe the Lagrangian and Hamiltonian function of control system (18). Let x � (S, E, I, R), and the Lagrangian of the control system is Next, we show the following theorem.
Security and Communication Networks 7 Consider control system (18) with λ i (T) � 0. By using the optimal necessary condition, we have On the interior of the control set space, we can obtain optimal control pair solution (25).

Control Strategy Based on the Basic Reproductive Number.
ere is an important epidemiological threshold R 0 in the epidemic model. As we discussed in Section 3, the threshold value plays a critical role to control the malware outbreak. Moreover, we obtain the local and global stability of the worm-free equilibrium when R 0 ≤ 1. Consequently, it is crucial to reduce the value of R 0 below 1, as a result of that to design the efficient security countermeasures to prevent malware outbreak.

Experimental Validation for the HSEIR Model
In this section, we simulate the HSEIR model via MATLAB R2018a. We illustrate the theoretical results for system (1) by numerical simulations. Besides, by Forward-Backward Sweep Method, we obtain the optimal control strategies and show their effectiveness via comparing the trajectories of infected devices with optimal control and without optimal control.
us, by eorem 1, the malware-free equilibrium is globally asymptotically stable, which means that when the time t goes to infinity, the exposed and infected nodes will approach to 0, while the susceptible and recovered nodes will be 468.75 and 282.15. Figure 3 shows that the stable behavior of malware-free equilibrium when R 0 � 0.9801 < 1. From Figure 3, we can see that there only exist susceptible nodes and recovered nodes, in accordance with the conclusion in eorem 1.
Secondly, we set the infected rate β 1 � 0.0001 and β 2 � 0.001, and the other parameters are the same as above. By equations (7) and (8), we obtain that R 0 � 9.801 > 1, and the malware-existence equilibrium E * � (30.61, 47.83, 84.18, 434.31). Besides, by eorem 2, the malware-existence equilibrium is globally asymptotically stable, which means that when the time t goes to infinity, the number of S(t), E(t), I(t), and R(t) is 47.83, 84.18, 30.61, and 434.31, respectively. Figure 4 shows that the stable behavior of malware-existence equilibrium when R 0 � 9.801 > 1. From Figure 4, we can see that infected nodes (including exposed and infectious), as well as susceptible and recovered nodes, persist at the endemic level.

Sensitivity Analysis of Infected Rate of Heterogeneity
Devices. In this section, we do some sensitivity analysis of parameters a, β 1 , and β 2 to observe the malware spreading scale. Firstly, we set a � 0.2, 0.4, 0.6, and 0.8, while keeping other parameters the same as those in 5.1. In Figure 5, we can see that when the proportion of wireless devices infected by weak spreading capabilities nodes decreases, that is, the proportion of wireless devices infected by strong spreading capabilities nodes increases, and the speed of malware spreading goes fast, which also causes an increase in the malware spreading scale.
Secondly, we assume 0.0001 as the interval for the infection rate of devices with weak spreading capabilities to compare the malware spreading scale, as shown in Figures 6 and 7. We can see that when a � 0.2, parameter β 1 has little effect on the scale and speed of malware transmission, but when a � 0.8, the larger the parameter β 1 , the faster the malware spreading and the larger of the number of infected nodes simultaneously. In Figures 8  and 9, let 0.01 be the interval for the infection rate of devices with strong spreading capabilities. e malware spreading speed as well as the spreading scale are increasing with β 2 increasing when a � 0.2 and a � 0.8. Figure 5 shows that when the proportion of wireless devices that infected by strong spreading capability nodes increases, the number of infected wireless devices also increases. When the proportion of wireless devices infected by strong spreading capabilities nodes remains unchanged, the infected rate β 2 is the main factor in malware spreading. us, we must control the proportion of wireless devices with strong spreading capabilities and spread the patch to them as soon as possible.

Simulation of Optimal Control Strategies.
In [29], Lenhart and Workman combined the Runge-Kutta fourth-order schemes and Forward-Backward Sweep Method to get the optimal solution. Based on their method, we conduct some numerical simulations to illustrate the effectiveness of the optimal control theoretic approach by using a MATLAB code. Considering the limitation of technology and cost, we set u 1 max � 0.8, u 2 max � 0.8, u 3 max � 0.7, u 4 max � 0.9, K � 0.3, W � 0.6, P � 0.4, and Q � 0.5, and the initial numbers and the other parameters are taken as the same as those in V.A. As shown in Figure 10, we give the optimal control strategies. We observe that u 1 (t) and u 2 (t), namely, quarantine strategies to infected wireless devices with weak spreading capabilities and strong spreading capabilities, could be reduced 3 seconds later from the beginning of the malware outbreak, which saves much of quarantine costs. is conclusion is consistent with the use of wireless IoT devices that disconnected from the wireless network for a long time are not allowed. Equally, after 8 seconds, u 3 (t), vaccination strategy, could be canceled gradually. Different from the abovementioned control strategies, u 4 (t), repairing and fixing strategy, for example, applying antivirus patches, would be keep going. In Figures 11 and 12, we illustrate the trend of the number of exposed devices and infected devices over time with control and without control, respectively. It is clear that the exposed devices, as well as the infected devices, with control are much smaller than those without control, and we suggest that early control strategies play a significant role on reducing the number of infected devices remarkably, which are also cost-effective optimal strategies.

Conclusions and Discussion
In this paper, we have proposed a new HSEIR model to investigate the malware propagation in wireless IoT networks, while considering the heterogeneity of infected wireless IoT devices. According to the ability of wireless devices on malware spreading, devices are divided into two different level groups in a fuzzy way. Based on the proposed model, we obtained the basic reproduction number R 0 , which represents the malware spreading threshold. Moreover, we analyzed the final size of malware propagation under special cases. Numerical simulations vividly illustrate the main results of stability analysis for system (1). Our simulations also show that when the proportion of wireless devices infected by strong spreading capabilities nodes increases, the malware spreading scale will also increase. In addition, the proportion of susceptible wireless devices infected by weak spreading capabilities or strong spreading capabilities devices also affects the malware propagation size. Security and Communication Networks ese results will provide some useful insights on preventing the global spread of malware.
Furthermore, aiming to minimize the costs of control strategy as well as minimize the infected mobile devices, we obtained the optimal control solution by the Forward-Backward Sweep Method. At the beginning of the malware outbreak, the strategies of quarantine and vaccination can effectively control the malware propagation. As for repairing and fixing strategy, it is the essential method to control malware spreading and reduce the death rate due to the malware attack. More numerical results show the effectiveness of the optimal control strategy. Also, the analysis of R 0 allows us to give the efficient malware-epidemic control strategies to prevent the malware propagation through IoT wireless networks, including decreasing the transmission rate of infectious devices with weak and strong spreading capabilities by increasing the security background of the consumer and to ensure configuration integrity and wipe out potential malicious software by taking into account an efficient defense mechanism.
Although we have investigated the issue of the heterogeneity of wireless IoT devices in malware spreading, there are still some problems in this paper to be further solved.   (i) How to determine the transmission capability of the infected wireless devices more accurately is still a question. In this paper, we only divided them into two different level groups in a fuzzy way. (ii) It is significant to study the case where there is a limited supply of control strategies at each instant of time.

Data Availability
e data used to support the findings of this study are available from the corresponding author upon reasonable request.

Conflicts of Interest
e authors declare that they have no conflicts of interest.

Authors' Contributions
All authors contributed equally to this work.