7.2. System Model

Dynamics of state evolution

A susceptible accepts a communication request with a probability uNr(t)image, where the subscript rimage represents reception, and the superscript Nimage designates control functions of the network. At any given time timage, there are nS(t)nI(t)image infective-susceptible pairs. Susceptible nodes are hence transformed to infectives at rate βˆuNr(t)nS(t)nI(t)image, where βˆimage is the rate at which a particular pair of nodes “meet,” which is assumed to be the same for all pairs (i.e. homogeneous mixing assumption). Propagation of the worm, therefore, can be contained through appropriate regulation of uNr(t)image subject to 0<uminNruNr(t)unormNr at each timage. The lower bound uminNrimage arises due to the minimum QoS requirements for data traffic, since the acceptance probability has to be the same irrespective of whether the request arrives from another infective, susceptible, or recovered node. The latter is due to the fact that a recipient node cannot distinguish the type of a transmitter in advance and has no choice but to treat all requests the same — since otherwise all infective nodes can be trivially blacklisted. The upper bound unormNrimage (which can be normalized to 1image) provides the reception rate that nodes use for providing the desired QoS in the absence of security considerations, i.e. during the “normal” operation of the network.
We now consider the dissemination of security patches in the network. A predetermined set of nodes, referred to as dispatchers (e.g. BS for cellular and exit-points for delay-tolerant networks), are preloaded with the patches. We assume that the dispatchers cannot be infected, and that there are NR0image dispatchers where Nimage is as usual the total number of nodes in the network and parameter R0image is between 0image and 1image. Each node communicates with the dispatchers, and thereby fetches security patches, at the overall rate of β̃NR0uNi(t)image at time timage. The parameter β̃image depends on node density, mobility parameters, allowable transmission rates, etc. The control function uNi(t)image, with subscript iimage denoting immunization, can be used to regulate the bandwidth consumed in propagation of patches: the higher the value of uNi(t)image, the higher is the recovery rate but so is the rate of resource consumption in patch transmissions. Clearly, if the node that receives the patch is a susceptible node, it installs the patch and its state changes to recovered. If an infective receives the patch, the patch may fail to heal it, or, the worm may prevent its installation. We capture the above possibility, by introducing a coefficient 0π1image: π=0image occurs when the patch is completely unable to remove the worm from infectives and only immunizes the susceptibles, whereas π=1image represents the other extreme scenario where a patch can equally well immunize and heal susceptibles and infective nodes.1 Now, if the patch heals an infective, its state changes to recovered, else it continues to remain an infective.
The worm at an infective host “kills” it with rate proportional to uM(t)image at a given time timage, where superscript Mimage designates this is a control function of the malware; this is accomplished by executing specific codes with a probability of choice. The worm regulates the death process by appropriately choosing uM(t)image at each timage, subject to 0uM(t)umaxM at each timage. The upper bound arises due to processor constraints and the resulting limitations on the maximum rate of execution of such codes. Let β0:=Nβˆimage, β1:=Nβ̃image. Our discussions lead to the following system of differential equations representing the dynamics of the system:

Ṡ(t)=β0uNrI(t)S(t)β1uNi(t)R0S(t),I(0)=limNnI(0)N=I0>0,

image (7.1a)

İ(t)=β0uNrI(t)S(t)πβ1uNi(t)R0I(t),uM(t)I(t)S(0)=1I0,

image (7.1b)

Ḋ(t)=uM(t)I(t),D(0)=0,

image (7.1c)

and also satisfy the following constraints at all timage:

0S(t),I(t),D(t),S(t)+I(t)+D(t)1.

image (7.2)

Thus, (S(),I(),D())image constitute the system state functions, uN()=(uNr(),uNi())image constitutes the network control functions and uM()image constitutes the malware’s control function. Note that nodes use identical reception, patching, and killing rate functions irrespective of the states in their neighborhoods since they do not know these states. Nevertheless, since these rates are allowed to vary with time, they can be chosen in accordance with how the overall network states are expected to evolve.
Henceforth, wherever not ambiguous, we drop the dependence on timage and make it implicit. Fig. 7.1 illustrates the transitions between different states of nodes and the notations used.
Fig. 7.1
FIGURE 7.1 State transitions. uNi(t)image and uNr(t)image are the control parameters of the network while uM(t)image is the control parameter of the malware.

Defense and attack objectives

The total damage inflicted by the malware during the network operation interval [0,T]image is due to the presence of infectives, the death of nodes, the resources consumed for spreading the security patches, and the QoS deterioration due to the reduction of reception rate. Infectives can perform harmful activities over time. Dead nodes are inoperative and thus inflict a time-accumulative cost on the network. The bandwidth overhead at time timage due to the media scanning and transmission of the security packets by the dispatchers is R0uNi(t)image. Due to the reception rate control, the susceptibles lose a 1uNr(t)unormNrimage fraction of packets transmitted by all nodes which degrades the overall QoS. We therefore consider the aggregate network damage at time timage as a combination of I(t),D(t),uNi(t),uNr(t)image. We adopt a linear cost function in this chapter for analytical tractability. Note that the damage function can be scaled so that one of the coefficients may be chosen as unity: we choose the one associated with the instantaneous bandwidth overhead. Thus, the damage over the interval [0,T]image is2

J(uN(t),uM(t))=0T[κII(t)+κDD(t)+R0uNi(t)κruNr(t)]dt+KDD(T),

image (7.3)

where KDD(T)image relates to the final tally of the dead nodes. The coefficients are all non-negative and represent the relative importance of each corresponding term in the overall damage, e.g. if the worm gains the most by killing, and thereby completely disabling nodes, κD>>κIimage. Let κI>0,κr>0image.
The network seeks to choose its control vector uN()image so as to minimize the above while the malware seeks to choose its control uM()image so as to maximize the above, subject to satisfying state constraints (7.2) and ensuring that

uminNruNr(t)unormNr,0uNi(t)1,

image (7.4a)

0uM(t)umaxM.

image (7.4b)

In Section  7.3, we model their interactions resulting from opposing objectives as a dynamic game. The formulation relies on the following result that allows us to ignore the state constraints without any loss of generality. The proof is similar to that of Lemma 6.1 in the previous chapter and is hence omitted for brevity.

Lemma 7.1

Any pair of strategies (uN(),uM())imagethat satisfy the control constraints(7.4a),(7.4b), satisfy state constraints(7.2)and further ensure that I(t)>0,S(t)>0image for all t[0,T]image .
..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset
3.145.163.242