Mathematical models on computer viruses, Hacking and IT E-Book Dump Release

[ Pobierz całość w formacie PDF ]
ARTICLE IN PRESS
Applied Mathematics and Computation xxx (2006) xxx–xxx
www.elsevier.com/locate/amc
Mathematical models on computer viruses
Bimal Kumar Mishra
a,
*
, Dinesh Saini
b
a
Birla Institute of Technology and Science, Mathematics Group, Pilani 333031, India
b
Birla Institute of Technology and Science, Computer Science & Information System Group, Pilani 333031, India
Abstract
An attempt has been made to develop mathematical models on computer viruses infecting the system under different
conditions. Mathematical model 1 discusses the situation to find the probability that at any time t how many software
components are infected by virus, assuming the recovery rate and proportion of un-infected population receiving infection
per unit time does not change with time. Mathematical model 2 is to estimate the proportion of software component pop-
ulation infected at any time and at any indefinite time under different cases. The third model is to find out the rate of
change of proportion of total population with exactly j viruses (1 6 j <
1
) and proportion of total population with zero
virus, assuming that the total population is distributed into different groups based on the number of viruses present in a
particular module. The fourth model is to find out what is the probability that at any time t, z number of software com-
ponents are infected, assuming that initially (i.e. at t = 0), a number of components are infected and also there is a change
from infected to uninfected or vice versa.
2006 Elsevier Inc. All rights reserved.
Keywords: Computer virus; Vaccination; Malicious agents; Software; Mathematical model; Super-infection; Virus breeding
1. Introduction
These are days of networked computers. Lot of efforts has been devoted to the development of virtual vac-
cines each time a new virus appears. Given the widespread use of sharing in current computer systems, the
threat of a virus causing widespread integrity corruption is significant
[3]
. In a certain sense, the propagation
of virtual viruses in a system of interacting computers could be compared with a disease transmitted by vectors
when dealing with public health. Concerning diseases transmitted by vectors, one has to take into account that
the parasites spend part of its lifetime inhabiting the vector, so that the infection switches back and forth
between host and vector
[9]
.
Predicting virus outbreaks is extremely dicult due to human nature of the attacks but more importantly,
detecting outbreaks early with a low probability of false alarms seems quiet dicult
[10]
. By developing mod-
els it is possible to characterize essential properties of the attacks. In the present paper various mathematical
models have been developed taking into account the different cases of probabilistic virus attacks.
*
Corresponding author.
E-mail address:
(B.K. Mishra).
0096-3003/$ - see front matter 2006 Elsevier Inc. All rights reserved.
doi:10.1016/j.amc.2006.09.062
Please cite this article in press as: B.K. Mishra, D. Saini, Mathematical models on computer viruses, Appl. Math. Com-
put. (2006), doi:10.1016/j.amc.2006.09.062
 ARTICLE IN PRESS
2
B.K. Mishra, D. Saini / Applied Mathematics and Computation xxx (2006) xxx–xxx
Nomenclature
x
t
proportion of software component population infected at time t
r
recovery rate
h
proportion of unaffected population receiving infections per unit time
p
t
population of infected software component detected at time t using some diagnosis procedure of
testing
n
i
number of new software component observed
a
i
number of software component found to be infected at time t
i
where (1 6 i 6 I)
f
j
(t)
proportion of total population with exactly j viruses, (1 6 j <
1
)
N
total population
X
t
number of infected computers at time t
2. Modeling the dynamics of transmission
Presence of computer viruses and quality factors of software development environment in the cyberspace,
effect the functionality of the others components. Any software in cyberspace, which could be a running on
server, workstation or a network router, exhibits its presence in various layers owing to the various applica-
tions running on it and its hardware configurations. Hardware layers could be taken to be network or remov-
able media and such. Where as software layers would primarily be based on applications running on the host,
like emailing connectivity and so on
[8]
. Software and Hardware layers are interdependent. Hence a host has
to have at least one incarnation in the software layers and one in the hardware layers. Multiple incarnations in
various layers contribute towards increasing connections between host’s software and the number of peer’s
host software could communicate with. For example software A, could communicate with software B over
h2 using s2 and s3 (
Fig. 1
). However B would not be able to talk directly to C since they do not share the
same hardware layer. A hardware layer would be analogous to the medium of transfer of information where
as the software layer can be associated with the format of information.
Computer viruses would need the transfer of the infected component to the various hosts’ software. In
Fig. 1
, if s3 were associated with the file layer, which can be infected by a particular virus, the virus infecting
B would be able to infect all three hosts software component. Then the infected file would need to be copied
over the network (h2) onto A and then transferred over a floppy disk (h1) to C. Viruses are traditionally med-
ium sensitive and hence a virus infecting B cannot infect C, since there is no connectivity between them
(assumed to be h2). Operating system exploits could either be file based where in they need user intervention
for transfer or self-aware component based. These would pose a serious threat as they have the combined
power of viruses or malfunction or under performance of the resource and software component
[7]
.
Fig. 1. Incarnations of hosts over various software and hardware layers.
Please cite this article in press as: B.K. Mishra, D. Saini, Mathematical models on computer viruses, Appl. Math. Com-
put. (2006), doi:10.1016/j.amc.2006.09.062
 ARTICLE IN PRESS
B.K. Mishra, D. Saini / Applied Mathematics and Computation xxx (2006) xxx–xxx
3
Fig. 2. Host software infection stages.
The spread of various malicious agents and their rate of infections could be effectively modeled based on
their behaviors on individual layers, linked with the relationships between the layers and finally spanning
across hosts software in a development environment to predict the state of a software development over time
[4]
.
When new software and software component are introduced into cyberspace or in software development
environment, there are two categories in which they could be placed (1, 7). Hosts by their very nature could
be immune to a particular pathogen (virus) or non-immune to it (
Fig. 2
). For example some pathogens are
operating system dependent. Hence a host introduced with the favorable operating system would not be
immune and vice versa.
[2]
It is assumed for this model that all new software components introduced are in
the negative state of infection for any infectious agent in the software development environment
[5]
.
An immune or a non-immune host from the negative stages (1, 6) could then receive an agent and move into
the incubating stage (2) where it is just containing the agent but the agent has not been triggered and hence the
host is non-infectious. The agents in non-immune hosts could then be triggered either by user activities or by
their own properties to infect the host in stage 3. Non-infectious stages (4, 5) could be attained either by
immune and non-immune hosts’ component where the agent could actually have been triggered but is unable
to cause active infections. For example software virus infecting a particular version of an operating system
could be contained within the host software by a few network trac deterrent tools, thereby rendering them
to be non-infectious
[6]
.
Vaccination is taken care of by the connector between stages 4 and 5 where a non-immune host is immu-
nized based on the infectious agents infecting it
[1]
.
Note: The above characterization ignores reduction in number of host’s software component due to deaths
(host taken down) due to either infectious agents or due to any other reason, but does include births in the
form of new software component as they join the negative infection stage.
3. Some basic terminologies
1. Computer virus is a program that can ‘‘infect’’ other programs by modifying them to include a possibly
evolved version of it. With this infection property, a virus can spread to the transitive closure of informa-
tion flow, corrupting the integrity of information as it spreads.
2. Vaccine is a software program designed to detect and stop the progress of computer viruses.
3. Malicious agent is a computer program that operates on behalf of a potential intruder to aid in attacking a
system or network. Historically, an arsenal of such agents consisted of viruses, worms, and Trojanized
Please cite this article in press as: B.K. Mishra, D. Saini, Mathematical models on computer viruses, Appl. Math. Com-
put. (2006), doi:10.1016/j.amc.2006.09.062
 ARTICLE IN PRESS
4
B.K. Mishra, D. Saini / Applied Mathematics and Computation xxx (2006) xxx–xxx
programs. By combining key features of these agents, attackers are now able to create software that poses a
serious threat even to organizations that fortify their network perimeter with firewalls.
4. Mathematical model 1
The main aim of this model is to find the probability that at any time t how many software components are
infected by virus, assuming the recovery rate and proportion of un-infected population receiving infection per
unit time does not change with time. We also assume that this model does not differentiate between infectious
and non-infectious in the group of affected components, nor between susceptible and immune in the unaffected
group.
4.1. Mathematical analysis
Let,
x
t
proportion of software component population infected at time t
r
recovery rate
h
proportion of unaffected population receiving infections per unit time
)x
t
þ
Dt
x
t
¼½
h
ð
1
x
t
Þ
r
ð
x
t
Þ
Dt
:
ð
1
Þ
This in the limit Dt
!
0 gives
dx
t
dt
¼
h
ð
r
þ
h
Þ
x
t
;
ð
2
Þ
At time t
¼
0
;
x
ð
0
Þ¼
x
0
;
ð
3
Þ
ð
4
Þ
r P 0
;
h P 0
:
Note:
1. It is assumed that r and h do not change with time.
2. The model does not differentiate between infectious and non-infectious in the group of affected computers,
nor between susceptible and immune in the unaffected group.
From Eq.
(3)
,
e
ð
r
þ
h
Þ
t
;
h
r
þ
h
h
r
þ
h
x
0
x
t
¼
t P 0
:
ð
5
Þ
As
h
r
þ
h
:
t
!1
;
x
1
¼
ð
6
Þ
Eq.
(6)
corresponds to the proportion of infected population (epidemic situation).
Special cases:
1. r =0,h >0
!
x
1
= 1 [Whole software component population infected].
2. r >0,h =0
!
x
1
= 0 [Infection disappears].
3. r =0,h =0
!
x
1
= x
0
[No change].
For new systems: x
0
= 0, then from Eq.
(5)
h
r
þ
h
½
1
e
ð
r
þ
h
Þ
t
:
x
t
¼
ð
7
Þ
Here x
t
represents the proportion of new software component t population infected at time t.
Please cite this article in press as: B.K. Mishra, D. Saini, Mathematical models on computer viruses, Appl. Math. Com-
put. (2006), doi:10.1016/j.amc.2006.09.062
ARTICLE IN PRESS
B.K. Mishra, D. Saini / Applied Mathematics and Computation xxx (2006) xxx–xxx
5
Let,
p
t
: population of infected software component detected at time t using some diagnosis procedure of testing.
Then p
t
= x
t
.
If infected computer software are detected with probability k(0 < k 6 1), then
kh
h
þ
r
½
1
e
ð
r
þ
h
Þ
t
:
p
t
¼
kx
t
¼
ð
8
Þ
Let,
n
i
number of new software component observed
a
i
number of software component found to be infected at time t
i
where (1 6 i 6 I)
Then the estimates can be obtained by minimizing
X
2
I
p
ð
t
i
Þ
a
i
n
i
;
ð
9
Þ
i
¼
1
where p(t
i
) is given in Eq.
(8)
.
5. Mathematical model 2
The main aim of this model is to estimate the proportion of software component population infected at any
time and at any indefinite time t (i.e. t
!1
) under different cases. The cases are as follow:
Case 1: Recovery rate less than or equal to proportion of unaffected population receiving infection per unit
time.
Case 2: Recovery rate greater than or equal to proportion of unaffected population receiving infection per
unit of time.
It is also assumed that the host carries multiple viruses and is in infected state as long as there is at least one
virus present.
5.1. Mathematical analysis
Assumption: Host carries multiple viruses and is in infected state as long as there is at least one virus present
dx
t
dt
¼
h
rx
t
;
h 6 r
;
ð
10a
Þ
dx
t
dt
¼
h
ð
1
x
t
Þ
;
h P r
:
ð
10b
Þ
Note:
1. If h < r, then in time Dt all software component whether infected or not exhibit new infection at the rate
hDt, hence change in x
t
over Dt is given by
ð
h
rx
t
Þ
Dt
:
ð
11
Þ
2. If h > r, then once infected the system would never recover, hence change in x
t
over Dt is given by
h
ð
1
x
t
Þ
:
ð
12
Þ
From (Eqs
(10a) and (10b)
)
x
t
¼
h
r
ð
1
e
rt
Þ
;
h 6 r
;
ð
13a
Þ
x
t
¼ð
1
e
ht
Þ
;
h P r
:
ð
13b
Þ
Please cite this article in press as: B.K. Mishra, D. Saini, Mathematical models on computer viruses, Appl. Math. Com-
put. (2006), doi:10.1016/j.amc.2006.09.062
  [ Pobierz całość w formacie PDF ]

  • zanotowane.pl
  • doc.pisz.pl
  • pdf.pisz.pl
  • annablack.xlx.pl