Mathematical Models for Computer Virus: Computer Virus Epidemiology

Introduction

The threats to network security can be classified as hacking, inside attack, computer virus, the leak of secret message and modification of key data in the network. All these attacks and invasions aim at wrecking information that is stored in a server in different ways.

The term “computer virus”, coined by Adleman in the early 1980's, is suggestive of Btrong analogies between computer viruses and their biological namesakes. Both attach themselves to a small functional unit (cell or program) of the host individual (organism or computer) and co-opt the resources of that unit for the purpose of creating more copies of the virus. By using up materials (memory) and energy (CPU), viruses can cause a wide spectrum of malfunctions in their hosts. Even worse, viruses can be toxic. Computer viruses are self-replicating software entities that attach themselves parasitically to existing programs (Whitten et al., 2004; Bentley, et al., 2004).

When a user executes an infected program (an executable file or boot sector), the viral portion of the code typically executes first. The virus looks for one or more victim programs to which it has to write access (typically the same set of programs to which the user has access), and attaches a copy of itself (perhaps a deliberately modified copy) to each victim. Under some circumstances, it may then execute a payload, such as printing a weird message, playing music, destroying data, etc. Eventually, a typical virus returns control to the original program, which executes normally. Unless the virus executes an obvious payload, the user is unlikely to notice that anything is amiss, and will be completely unaware of having helped a virus to replicate (Mollison, 1995; Skoudis, 2004). Viruses often enhance their ability to spread by establishing themselves as resident processes in memory, persisting long after the infected host finishes its execution (terminating only when the machine is shut down). As resident processes, they can monitor system activity continually, and identify and infect executables and boot sectors as they become available. Over a period of time, this scenario is repeated, and the infection may spread to several programs on the user's system. Eventually, an infected program may be copied and transported to another system electronically or via diskette. If this program is executed on the new system, the cycle of infection will begin anew. In this manner, computer viruses spread from program to program, and (more slowly) from machine to machine (Burger, 1991; Newman, 2002; Beutel, 2012; Kephart and White, 1993)

Lately, computer worms have become a major problem for large computer networks, causing considerable amounts of resources and time to be spent recovering from large-scale attacks. It is believed that understanding the factors influencing worm propagation in technological networks (such as the Internet, the World Wide Web, phone networks, IP networks, etc.) will suggest useful ways to control them (Mollison, 1995; Skoudis, 2004). So far, a few studies have employed simple epidemiological models to understand the general characteristics of virus spreading (Stallings, 2011). However, they become one of the most important factors for the security of any system.

Epidemiological models have traditionally been used to understand and predict the outcome of virus outbreaks in human or animal populations. However, the same models were recently applied to the analysis of computer virus epidemics. For example, using a simple model it has been shown that networks that have a topology similar to the Internet are highly vulnerable to viral attacks (Burger, 1991; Newman, 2002; Beutel, 2012; Kephart and White, 1993).