Content uploaded by Chukwunonso Henry Nwokoye
Author content
All content in this area was uploaded by Chukwunonso Henry Nwokoye on Feb 16, 2021
Content may be subject to copyright.
A preview of the PDF is not available
Characterization of Heterogeneous Malware Contagions in Wireless Sensor Networks: A Case of Uniform Random Distribution
Abstract
Most mathematical models representing infection spread in computer and wireless sensor networks (WSN) address only a specific kind of malware. However, researchers in the field of biosciences have modeled non-homogenous populations of contagions in a host. Motivated by this, we therefore propose the Vulnerable, Contagious due to virus, Contagious due to worm, Contagious due to trojan horse, Recovered with Inoculation (e-VCjRI) epidemic model, to describe the propagation dynamics of multiple breeds of malware in a WSN. Beside distinctive infectiousness, the e-VCjRI model possesses expressions for communication range and distribution density, which are renowned WSN attributes that constituted the actual threshold parameter (Ro) alongside differential infectivity as result of worm, virus and trojan horse. Put another way, the study illustrated that the true Ro is the summation of each malware group’s reproduction ratio. The Runge–Kutta order 4 and 5 numerical method was used to provide solutions for the system of differential equations, and afterward, the effects of the aforementioned WSN features were presented.
... However, several instances of multi-group models exist in the literature for computer networks; the differential e-SIRS [8], the SI 1 I 2 I 3 RS [9], the S 1 S 2 S 3 IR [10] and the SI 1 I 2 RS [11] models. A few multi-group WSN models exist in the literature, with the exception of the vulnerable-contagious (virus)-contagious (worm)-contagious (trojan horse)-recovered-inoculation model [12]. Researchers are yet to fully explore this concept for communication networks. ...
... A different flavour of range and density was conceived for WSN using the susceptible-infected-recovered (SIR) [21] model, but it did not show its implications for exposed, quarantined, and vaccinated classes. While Ojha et al. [22] developed the susceptible-exposed-infected-recovered-susceptible (SEIRS) [12] using the URD flavor introduced by Feng et al. [11], Upadhyay & Kumari [23] performed bifurcation analysis for WSN using the susceptible-infectious-terminal-infected-recovered model. Both models did not include the vaccinated compartment. ...
The essentiality of wireless sensor networks (WSNs) in military and health applications cannot be overemphasized, and this has made these tiny sensors soft targets for malware attacks. However, with the ubiquity of single-group infection models, few researchers have studied the effects of many concurrent infection types on WSNs. Therefore, we proposed the differential Susceptible–Exposed (virus)–Exposed (worm)–Infectious (virus)–Infectious (worm)–Recovered–Susceptible with Vaccination (SE1E2I1I2RV) epidemic model in order to study the dynamics of malicious-code dissemination in WSNs. Using the multi-group model, which represents multiple infections due to worms and viruses, first, delay analyses were performed and, through the Routh-Hurwitz criteria, sufficient conditions for stability were established. Secondly, the SE1E2I1I2RV model was extended to incorporate external noise, thereby changing the deterministic nature of the original model and allowing stochastic analyses for random factors such as temperature, physical obstructions, etc. The role that delay plays in the model is shown when it surpasses the critical value, thus the system loses stability and allows the occurrence of a Hopf bifurcation. Finally, numerical simulations were performed using Matlab in order to account for theoretical analyses.
... This approach has been widely applied in public health where the infectious outcomes of a disease-causing agent are assessed so as to gain understanding of spread patterns and other containment approaches. Due to the connective similarities between viruses in biological networks [3,4] and malwares in telecommunication networks [5], researchers have applied compartment models to wireless sensor [6][7][8][9][10][11][12][13] and computer networks so as to achieve diverse ends. Additionally, network researchers have represented transfer of infections from servers to client nodes as well as other scenarios and phenomena that occur in a real world network. ...
... Taking a close look at the two results that constitute Fig. 1 and Fig. 2, it is clear that they are different, thence, showing the impact of the IPv4 address space. The intersection of infectious and recovered compartments of the first result ( Fig. 1) with IPv4 was at (13,43) while the second result ( Fig. 2) without IPv4 was at (19,136) for (x, y) axes. ...
The propagation of malicious codes such as worms have been characterized using compartmental epidemic models which are mostly mathematical equations. Aside the challenge of identifying the type of virus or worm represented by these compartmental models, we noticed that the representation of internet protocol (IP) address space is absent. Therefore, this study evaluates the impact of the IPV4 address space using the following epidemic models; SAIR, SEIR, SEI-V, SEIQR and Q-SEIR. By our modifications, the implication is that these models now characterize the scan-based worms that probe the address space in order to find and attack vulnerable computers. To the best of our knowledge, this is the first study that evaluates the impact of this IP addressing format on epidemic computer network models. Numerical simulations with the Runge-Kutta order 4 and 5 method are used to illustrate several existent variations with the models without IPV4 address space. Results are time histories and 3 dimensional phase plots of the models, and from them it was discovered that the standard incidence cancels the effect of adding the expression of IPV4 address scanning space for the worms. More so, characteristically temporal variations were also noted for the susceptible compartment of these models.
... Due to the increasing growth of communication networks and their applications, virus transmission has become one of the topics of interest in computing research [4]. Besides worms and trojans [5], the virus is one way through which malicious attacks can arise in a computer network. In a networked system, whenever the computers are contaminated with viruses, the regular resident applications may lose the ability to function properly, corrupt saved files, or cause the loss of essential data on those machines. ...
The massive disruptions caused by malware, such as a virus in computer networks and other aspects of information and communication technology, have generated attention, making it a hot research topic. While antivirus and firewalls can be effective, there is also a need to understand the spread patterns of viral infection using epidemic models to curb its incidences. Many previous research attempts have produced analytical models for computer viruses under various infectiousness situations. As a result, we suggested the SLBS model, which considers infection latency and transient immunity in patched nodes. Under certain conditions, the local stability of all equilibrium points is investigated. By setting the delay parameter, we established the occurrence of a Hopf bifurcation (HB) as it crossed a crucial point by several analyses. We also used the centre manifold theorem and normal form theory to examine the attributes of the HB. While the former was used to study the time delay and direction of Hopf bifurcation, the latter was used to investigate external noise and its intensities. Finally, numerical simulations two dimensional and three-dimensional graphs were used to depict the perturbations of the model, thus bolstering the essentiality of the study.
... Table 5 describes concurrent malware contagions alongside transmission range and density. While Nwokoye et al. [62] considered differential infectivity (DI), Ref. [63] considered both DI and differential exposure (DE). Specifically, DI implies more than one infected compartment whereas DE implies more than one exposed compartment in a given model. ...
Besides anti-malware usage for the eradication of malicious attacks, researchers have
developed epidemic models in order to gain more insights into the spread patterns of malware. For wireless sensor networks (WSN), these epidemic models, which are equation-based, have been seen to characterize both salient features of the network as well as the dynamics of malware distribution. In this study, an in-depth review aimed at generating the strengths and weaknesses of Susceptible-Infected (SI)-based compartmental models of malware spread in WSN was performed. Emphasis is placed on models resulting from the biological SI model developed by Kermack and Mckendrick, and its subsequent adaptation for malware spread in communication networks. Specifically, lessons and open areas were presented in accordance with the following factors: communication graph/topology, multigroup modeling, horizontal/vertical transmission (VT), communication range and density, patching, protocols, sensor mobility, energy consumption, optimal control/cost, stability, delay analysis, and numerical simulation. Amongst several findings, it was discovered that epidemic WSN models are yet to sufficiently represent medium access control, VT, alongside limited battery power, memory, authentication (using key schemes), survivability and availability etc. Additionally, only a few epidemic models have been developed to represent botnet propagation, concurrent multiple malware infection types, and sensor mobility in WSN.
... Conceived with malicious intent so as to alter and damage files, attacks from these malicious codes can cause losses and unwanted disruptions. Put another way, Nwokoye, et al. [2], computer misapplication and nonconformity with regulations in workplaces also aid the malware intrusion into networks. Our interest here is on worms, which can either be scan-based or topological worms. ...
The norm in the design of epidemic agent-based models (ABM) for communication networks is to represent only the parameters of propagation and control for a particular malware infection. However, nothing is said about the transmission of data packets, i.e., the routing protocols in such models. Most likely, this trend originated from the design of ABMs for disease propagation in biological/social networks, where the concept of packet transmission is absent. The inherent assumption is that ordinary ABMs are enough to highlight infection strategies of viruses/worms. Therefore, the study aims to complement a hypothetical epidemic agent computational model for wireless sensor network by including actual routing protocols such as flooding and gossiping using NetLogo version 5.3.1—a popular programmable multi-agent language. Coding was done using the agent-oriented programming approach, and the simulation experiments for the two protocols were performed. Implementing these data transmission strategies strengthens the possibilities of reifying the actual communication networks, thereby advocating their use in subsequent ABMs.
Wireless Sensor Networks (WSNs) are a set of sensor devices deployed in a given area that form a network without a pre-established architecture. Recently, malware has increased as a potential vulnerability for the Internet of Things, and consequently for these networks. The spread of malware on wireless sensor networks has been studied from different perspectives, excluding individual characteristics in most of the models proposed. The primary goal of this work is to introduce an Agent-Based Model for analysing malware propagation on these networks, and its agents, coefficients and transition rules are detailed. Finally, some simulations of the proposed model are included.
In this paper, we investigate a delayed SEIQRS-V epidemic model for propagation of malicious codes in a wireless sensor network. The communication radius and distributed density of nodes is considered in the proposed model. With this model, first we find a feasible region which is invariant and where the solutions of our model are positive. To show that the system is locally asymptotically stable, a Lyapunov function is constructed. After that, sufficient conditions for local stability and existence of Hopf bifurcation are derived by analyzing the distribution of the roots of the corresponding characteristic equation. Finally, numerical simulations are presented to verify the obtained theoretical results and to analyze the effects of some parameters on the dynamical behavior of the proposed model in the paper.
Modelers often apply analytical (differential equation-based) epidemic models that mostly characterize the behavior of the network compartments with passage of time. Beyond temporal characterization, agent modeling promises the achievement of relevant spatial (stochastic and heterogeneous) representations. Arising from the combination of the prevalent analytical and agent methods (gleaned from extant literature) is a new method called the Analytic-Agent Cyber Dynamical Systems Analysis and Design Method (A2CDSADM); a modification of the Agent Oriented Analysis and Design (AOAD). Using hypothetical wireless sensor network (WSN) cases, A2CDSADM alleviates the lack of field data/lack of real geographical locations of the occurrence of particular cases by creating an analytical benchmark model for initial validation of the resulting agent model and ensures its easy modifiability and reproducibility. More so, it helps achieve the complementary/generative contribution of agent modeling, diminishes the less-tractable nature of representing/analyzing WSN spatial features and provides a formalized method for performing comparative epidemic studies. Also, A2CDSADM covers the additional features for:
Generating the (analytical) equilibriums of WSN.
Performing continuous validation (at several points) in order to ensure model accuracy/suitability for real-world decision making.
Creating a high level conceptual model containing the envisaged WSN features to be represented.
Sensor networks are appealing targets for malicious attacks that invade the network with the aim of depleting the confidentiality, availability and integrity (CIA) features/parameters of neighboring sensor nodes. This is due to its open communication, minimal resources and its deployment in un-trusted, unguarded and unfriendly terrains. To restrict illegitimate users or malicious attackers (such as worms) network analysts have suggested network access control (NAC). Specifically, we apply NAC to wireless sensor network epidemic models in order to investigate distribution density, transmission range and sensor area/field. Our analyses involved analytical expressions of two sensor fields gleaned from literature. Additionally, we explored the possibilities of infectivity of sensor nodes at the exposed class using the two expressions for sensor field topologies. We also derived the reproduction ratios and solutions at several equilibrium points for the models. It is our hope that that our work herein would impact sensor deployment decisions for organizations that utilize wireless sensor networks for meaningful daily activities
An improved SIRS model considering communication radius and distributed density of nodes is proposed. The proposed model captures both the spatial and temporal dynamics of worms spread process. Using differential dynamical theories, we investigate dynamics of worm propagation to time in wireless sensor networks (WSNs). Reproductive number which determines global dynamics of worm propagation in WSNs is obtained. Equilibriums and their stabilities are also found. If reproductive number is less than one, the infected fraction of the sensor nodes disappears and if the reproduction number is greater than one, the infected fraction asymptotically stabilizes at the endemic equilibrium. Based on the reproduction number, we discuss the threshold of worm propagation about communication radius and distributed density of nodes in WSNs. Finally, numerical simulations verify the correctness of theoretical analysis.
A differential electronic Susceptible-Infectious-Removed-Susceptible (e-SIRS) epidemic model of virus and worms in a computer network has been formulated. Latent period , immune period and time for self replication have been considered. Stability of the result is stated in terms of the threshold parameter. We have derived an explicit formula for the reproductive number and have shown that the virus-worm-infection-free equilibrium, whose component of infective is zero, is globally asymptotically stable if threshold number is less than one, and unstable if it is greater than one. Numerical method is employed to solve the system of equations developed and interpretation of the model yields interesting revelations.
The expected number of secondary cases produced by a typical infected individual during its entire period of infectiousness in a completely susceptible population is mathematically defined as the dominant eigenvalue of a positive linear operator. It is shown that in certain special cases one can easily compute or estimate this eigenvalue. Several examples involving various structuring variables like age, sexual disposition and activity are presented.
A precise definition of the basic reproduction number, R o , is presented for a general compartmental disease transmission model based on a system of ordinary differential equations. It is shown that, if R o < 1, then the disease free equilibrium is locally asymptotically stable; whereas if R o > 1, then it is unstable. Thus, R o is a threshold parameter for the model. An analysis of the local centre manifold yields a simple criterion for the existence and stability of super-and sub-threshold endemic equilibria for R o near one. This criterion, together with the definition of R o , is illustrated by treatment, multigroup, staged progression, multistrain and vector-host models and can be applied to more complex models. The results are significant for disease control.
In this paper, an extended version of standard susceptible-infected (SI) model is proposed to consider the influence of a medium access control mechanism on virus spreading in wireless sensor networks. Theoretical analysis shows that the medium access control mechanism obviously reduces the density of infected nodes in the networks, which has been ignored in previous studies. It is also found that by increasing the network node density or node communication radius greatly increases the number of infected nodes. The theoretical results are confirmed by numerical simulations.