Computer Virus Models and Analysis in M-Health IT Systems: Computer Virus Models

Introduction

Today, the most sophisticated types of threats to networks are presented by programs that exploit vulnerabilities in computing systems. Such threats is a malicious software that is a software intentionally included or inserted in a system for a harmful purpose.

The threats to network security can be classified as hacking, inside attack, computer virus, the leak of the secret message and modification of key data in the network. All these attacks and invasions aim at wrecking information that is stored in a server by different ways.

The term “computer virus”, coined by Adleman in the early 1990's (Adleman, 1990), is suggestive of Btrong analogies between computer viruses and their biological namesakes. Both attach themselves to a small functional unit (cell or program) of the host individual (organism or computer), and co-opt the resources of that unit for the purpose of creating more copies of the virus. By using up materials (memory) and energy (CPU), viruses can cause a wide spectrum of malfunctions in their hosts. Even worse, viruses can be toxic. Computer viruses are self-replicating software entities that attach themselves parasitically to existing programs.

When a user executes an infected program (an executable file or boot sector), the viral portion of the code typically executes first. The virus looks for one or more victim programs to which it has write access (typically the same set of programs to which the user has access) and attaches a copy of itself (perhaps a deliberately modified copy) to each victim. Under some circumstances, it may then execute a payload, such as printing a weird message, playing music, destroying data, etc. Eventually, a typical virus returns control to the original program, which executes normally. Unless the virus executes an obvious payload, the user is unlikely to notice that anything is amiss, and will be completely unaware of having helped a virus to replicate. Viruses often enhance their ability to spread by establishing themselves as resident processes in memory, persisting long after the infected host finishes its execution (terminating only when the machine is shut down). As resident processes, they can monitor system activity continually, and identify and infect executables and boot sectors as they become available. Over a period, this scenario is repeated, and the infection may spread to several programs on the user's system. Eventually, an infected program may be copied and transported to another system electronically or via diskette. If this program is executed on the new system, the cycle of infection will begin anew. In this manner, computer viruses spread from program to program, and (more slowly) from machine to machine.

Lately, computer worms have become a major problem for large computer networks, causing considerable amounts of resources and time to be spent recovering from large-scale attacks. It is believed that understanding the factors influencing worm propagation in technological networks (such as the Internet, the World Wide Web, phone networks, IP networks, etc.) will suggest useful ways to control them. So far, a few studies have employed simple epidemiological models to understand general characteristics of virus1 spreading. They become one of the most important factors for the security of any system.

Epidemiological models have traditionally been used to understand and predict the outcome of virus outbreaks in human or animal populations. However, the same models were recently applied to the analysis of computer virus epidemics. For example, using a simple model it has been shown that networks that have a topology similar to the Internet are highly vulnerable to viral attacks.

In general, epidemic models assume that individuals go through a series of states at a particular constant set of rates. Therefore, the elaboration of a model requires the definition of a set of possible states and a set of transition rates. The simplest model referred to as the SIS model (for Susceptible-Infected- Susceptible). Other more complex models include the Susceptible-Infected-Removed (SIR) model and the Susceptible-Exposed-Infected-Removed (SEIR) model.

The topology also plays a role in determining the outcome of an outbreak. Technological networks appear to be best approximated using scale free graphs or homogeneous graphs network in some cases. Markov models may be introduced to analyze the network topology of the spreading into the systems.