## Abstract

As the number of devices connected to the Internet is growing, the epidemics of malware spreading imposes a serious cyber security problem. It is common that there exist multiple types of malware infecting a network of devices. Periodically scheduled patching is a common way to protect the devices and thwart the malware spreading over a large population of devices. In this paper, we study the heterogeneous SIR model where two types of malware spread over the network and formulate an impulse optimal control problem to describe the optimal strategy of periodic patching that happens at discrete points of time. We obtain the structure of optimal impulse controls and consider the hybrid case in which we combine the discrete impulses and the continuous components of the control. Numerical simulations are used to corroborate the theoretical results.

Original language | English (US) |
---|---|

Pages (from-to) | 15038-15043 |

Number of pages | 6 |

Journal | IFAC-PapersOnLine |

Volume | 50 |

Issue number | 1 |

DOIs | |

State | Published - Jul 2017 |

## Keywords

- Impulse control
- SIR
- control system analysis
- epidemic process
- optimal control

## ASJC Scopus subject areas

- Control and Systems Engineering

## Fingerprint Dive into the research topics of 'Optimal Impulsive Control of Epidemic Spreading of Heterogeneous Malware'. Together they form a unique fingerprint.

## Cite this

- APA
- Standard
- Harvard
- Vancouver
- Author
- BIBTEX
- RIS

*IFAC-PapersOnLine*,

*50*(1), 15038-15043. https://doi.org/10.1016/j.ifacol.2017.08.2515

**Optimal Impulsive Control of Epidemic Spreading of Heterogeneous Malware.** / Taynitskiy, Vladislav; Gubar, Elena; Zhu, Quanyan.

Research output: Contribution to journal › Article › peer-review

*IFAC-PapersOnLine*, vol. 50, no. 1, pp. 15038-15043. https://doi.org/10.1016/j.ifacol.2017.08.2515

**Optimal Impulsive Control of Epidemic Spreading of Heterogeneous Malware**. In: IFAC-PapersOnLine. 2017 ; Vol. 50, No. 1. pp. 15038-15043.

}

TY - JOUR

T1 - Optimal Impulsive Control of Epidemic Spreading of Heterogeneous Malware

AU - Taynitskiy, Vladislav

AU - Gubar, Elena

AU - Zhu, Quanyan

N1 - Funding Information: St. Petersburg State University, Faculty of Applied Mathematics and ∗∗ St. Petersburg State University, Faculty of Applied Mathematics and St. Petersburg State University, Faculty of Applied Mathematics and Saint-Petersburg, Russia, 198504. (E-mail: tainitsky@gmail.com, Control Processes, Universitetskii prospekt 35, Petergof, Saint-Petersburg, Russia, 198504. (E-mail: tainitsky@gmail.com, ∗∗ Saint-Petersburg, Russia, 198504. (E-mail: tainitsky@gmail.com, Department of Electrical and Computer Engineering, Tandon School ∗∗ e.gubar@spbu.ru) ∗∗ Department of Electrical and Computer Engineering, Tandon School ∗∗ Department of Electrical and Computer Engineering, Tandon School Department of Electrical and Computer Engineering, Tandon School of Engineering, New York University, Brooklyn, NY, USA, 11201. (E-mail: quanyan.zhu@nyu.edu) (E-mail: quanyan.zhu@nyu.edu) Abstract: As the number of devices connected to the Internet is growing, the epidemics of malware spreading imposes a serious cyber security problem. It is common that there exist Abstract: As the number of devices connected to the Internet is growing, the epidemics of multiple types of malware infecting a network of devices. Periodically scheduled patching is a malware spreading imposes a serious cyber security problem. It is common that there exist multiple types of malware infecting a network of devices. Periodically scheduled patching is a multiple types of malware infecting a network of devices. Periodically scheduled patching is a multiple types of malware infecting a network of devices. Periodically scheduled patching is a common way to protect the devices and thwart the malware spreading over a large population of devices. In this paper, we study the heterogeneous SIR model where two types of malware of devices. In this paper, we study the heterogeneous SIR model where two types of malware optimal strategy of periodic patching that happens at discrete points of time. We obtain the spread over the network and formulate an impulse optimal control problem to describe the optimal strategy of periodic patching that happens at discrete points of time. We obtain the optimal strategy of periodic patching that happens at discrete points of time. We obtain the discrete impulses and the continuous components of the control. Numerical simulations are structure of optimal impulse controls and consider the hybrid case in which we combine the discrete impulses and the continuous components of the control. Numerical simulations are discrete impulses and the continuous components of the control. Numerical simulations are used to corroborate the theoretical results. us©e2017, IFAC (Internationd to corroborate theal Federationtheoretical reofsAuultstomatic Control) Hostin. g by Elsevier Ltd. All rights reserved. Keywords: Impulse control, control system analysis, optimal control, SIR, epidemic process. Keywords: Impulse control, control system analysis, optimal control, SIR, epidemic process. 1. INTRODUCTION critical for the device manufacturers to develop patches 1. INTRODUCTION critical for the device manufacturers to develop patches 1. INTRODUCTION critical for the device manufacturers to develop patches Recent advances in information technologies have wit- ppeerioriodicdicaallylly aandnd aadvisdvisee ththeeirir dedevicvicee ususeersrs toto insinstatallll ththeemm Recent advances in information technologies have wit- toeriomitigdicaatellyfurtheand ardvisinfeecthtioensir.device users to install them nessed a growing number of devices connected to the tohme ictoignatrtoelfoufrtmhearlwinafrectsipornesa.ding can be seen as an opti-Recent advances in information technologies have witnessed a growing number of devices connected to the The control of malware spreading can be seen as an opti-IInntteernernet.t. IItt hahass bbeeeenn foforereccaasstt thathatt ththeerere wwillill bbee 3344 billiobillionn maelccoonnttrroollproof malblemwainrewsphirceadhaitrangdecanoffbeexisseentsbasetwaneenopthtie- Internet. It has been forecast that there will be 34 billion moasltcoofnftarsotl parnodblpeemrioindiwchdicehvealotprmadeenotffoefxpisattscbheestwaenedn the ddeveviicesces conconnnectecteded ttoo tthhee IInntterernnetet bbyy 2020,2020, uupp ffrromom 1010 costalcofonftastrolproandblepermioindiwchdicehvealoptramdeenotffofexispattscbhesetwaneedntthhee devices connected to the Internet by 2020, up from 10 cost of tfhaestreacnodvepreyrioofdtihceddeevveliocepsm. eInntthoifspwaotrckh,esweanmdotdheel billion in 2015 (see Atzori (2010)). The proliferation of cost of the recovery of the devices. In this work, we model dedevicviceess ccrereaatetess ooppppoortunitiertunitiess toto ssprepreaadd infoinformrmaatiotionn mmoorere the mofatlhwearerecospreveryadinofgtheasdevSIiRces.dynaIn tmhiicsswoinrk,wwheicmoh thedel devices creates opportunities to spread information more thoepumlaatliwonaroef dsepvriecaedsiinsggraosupSeIdRindtoynthamreiecsubinpowphuilcahtiotnhse, conveniently but has also created a large attack surface population of devices is grouped into three subpopulations, for the malware to exploit existing vulnerabilities of the populationofdevicesisgroupedintothreesubpopulations, for the malware to exploit existing vulnerabilities of the i.e., the susceptible (S), the infected (I) and recovered (R). devices and spread malicious codes over the Internet. The i.e., the susceptible (S), the infected (I) and recovered (R). devices and spread malicious codes over the Internet. The The SIR dynamics describe the evolution of the popula-cchhaannennelsls ooff mmaallwwaarere ssprepreaadingding nnoowwaaddaayyss aarere nonott jusjustt limlim--tiohen SIsizRe dynathat mcaicnsbdeesccoribnterothelledeusvoinglutiopnerioofdicthepapotcpulahing- channels of malware spreading nowadays are not just lim-ainodnrseiczoevethrya.tAcacnonbtienucountsrcoollnetdroulsoinvegrpthereiopdoipcuplaatticohninogf ited to computer networks but also include mobile net-and recovery. A continuous control over the population of works and online social networks. The recent spreading of and recovery. A continuous control over the population of works and online social networks. The recent spreading of devices is not feasible. In practice, patching happens at ransomware (e.g. CryptoLocker, CryptoDefense or Cryp-devices is not feasible. In practice, patching happens at ransomware (e.g. CryptoLocker, CryptoDefense or Cryp-discrete points in spite of the fact that the infection and toWall) has spread using spam emails to extort money discretepointsin spite of the fact that theinfection and toWall) has spread using spam emails to extort money the spreading of the malware are continuous. Therefore, from home users and businesses alike by locking files on the spreading of the malware are continuous. Therefore, from home users and businesses alike by locking files on an impulse control problem is an appropriate model to a PC or network storage (see Luo (2009)). Threats like an impulse control problem is an appropriate model to a PC or network storage (see Luo (2009)). Threats like describe the control structure. In this work, we formulate raransnsoommwwaarere aarere risrisinging aandnd ccrereaatintingg aa ggrroowwinging risriskk ooff thescribproeblethemcofonrtrSIolRstrucdynaturem.icIsnathndiswusoerk,thewemfoarxmimuluatem ransomware are rising and creating a growing risk of threincpiproleblefomr ifmorpuSlIsRe cdoynntraoml i(csseeanSdethuise(2t0h0e6)m; aZxaicmcouumr information security and privacy. Reported in Newman principle for impulse control (see Sethi (2006); Zaccour (2016), recent massive east coast Internet outage due to principle for impulse control (see Sethi (2006); Zaccour (2016), recent massive east coast Internet outage due to (2016); Chahim (2012)) to obtain structural results of the DDDDoSoSatatttaacckkiiss alalsosoaaconconseqsequuenencece ofof malmalwwaarreeiinnffectectiionon ofof optim016);alCcohanthimrol pro(20ble12))mtoto coobntataininsthetrucmturaalwlareressultspreaodfintheg. DDoS attack is also a consequence of malware infection of optimal control problem to contain the malware spreading. protective measure is to patch the devices periodically to One important feature of malware is that there often aprolartegectpivope muleatasionureofisIntoterpanettchoftheThidengsvic(IoT)es pedrioevdicices.allyOntoe One important feature of malware is that there often fix the known vulnerabilities and hence reduce the risks. coexist multiple types of heterogeneous malware at the protective measure is to patch the devices periodically to One important feature of malware is that there often fix the known vulnerabilities and hence reduce the risks. coexist multiple types of heterogeneous malware at the fix the known vulnerabilities and hence reduce the risks. coexist multiple types of heterogeneous malware at the play a major role in the spreading of the malware. It is manufacturers should develop multiple patches to remove However, the timing and the adoption level of the patches same time (as discussed in Gubar (2013)). The device play a major role in the spreading of the malware. It is manufacturers should develop multiple patches to remove play a major role in the spreading of the malware. It is manufacturers should develop multiple patches to remove This work are partially supported by the grant CNS-1544782, text, the decision-makers have to make holistic decisions ⋆ a number of vulnerabilities from the system. In this con-This work are partially supported by the grant CNS-1544782, text, the decision-makers have to make holistic decisions ⋆ This work are partially supported by the grant CNS-1544782, text, the decision-makers have to make holistic decisions This work are partially supported by the grant CNS-1544782, text, the decision-makers have to make holistic decisions EFRI-1441140 and SES-1541164 from National Science Founda- from multiple malware. Therefore, the optimal control EtionFRI(N-1441140SF)andandtheSEresS-1541164earchgrantfrom”OptimalNationalBehaScienceviorinConflict-Founda-froymdismtributingultiple mthealwaereffo.rtTheinrerefocreov,eringthe otheptimpaolpulacontiotronl tion (NSF) and the research grant ”Optimal Behavior in Conflict- problem becomes multi-objective in nature since the goal tion (NSF) and the research grant ”Optimal Behavior in Conflict- from multiple malware. Therefore, the optimal control Controlled Systems” (17-11-01079) from Russian Science Founda- problem becomes multi-objective in nature since the goal Ction.ontrolled Systems” (17-11-01079) from Russian Science Founda- problem becomes multi-objective in nature since the goal tion.tion. 2405-8963 © 2017, IFAC (International Federation of Automatic Control) Hosting by Elsevier Ltd. All rights reserved. Copyright © 2017 IFAC 15603 CPoepeyr rriegvhiet w© u2n0d1e7r IrFeAspConsibility of International Federation of Autom1a5t6ic0 3Control. Copyright © 2017 IFAC 15603 10.1016/j.ifacol.2017.08.2515

PY - 2017/7

Y1 - 2017/7

N2 - As the number of devices connected to the Internet is growing, the epidemics of malware spreading imposes a serious cyber security problem. It is common that there exist multiple types of malware infecting a network of devices. Periodically scheduled patching is a common way to protect the devices and thwart the malware spreading over a large population of devices. In this paper, we study the heterogeneous SIR model where two types of malware spread over the network and formulate an impulse optimal control problem to describe the optimal strategy of periodic patching that happens at discrete points of time. We obtain the structure of optimal impulse controls and consider the hybrid case in which we combine the discrete impulses and the continuous components of the control. Numerical simulations are used to corroborate the theoretical results.

AB - As the number of devices connected to the Internet is growing, the epidemics of malware spreading imposes a serious cyber security problem. It is common that there exist multiple types of malware infecting a network of devices. Periodically scheduled patching is a common way to protect the devices and thwart the malware spreading over a large population of devices. In this paper, we study the heterogeneous SIR model where two types of malware spread over the network and formulate an impulse optimal control problem to describe the optimal strategy of periodic patching that happens at discrete points of time. We obtain the structure of optimal impulse controls and consider the hybrid case in which we combine the discrete impulses and the continuous components of the control. Numerical simulations are used to corroborate the theoretical results.

KW - Impulse control

KW - SIR

KW - control system analysis

KW - epidemic process

KW - optimal control

UR - http://www.scopus.com/inward/record.url?scp=85032866085&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85032866085&partnerID=8YFLogxK

U2 - 10.1016/j.ifacol.2017.08.2515

DO - 10.1016/j.ifacol.2017.08.2515

M3 - Article

AN - SCOPUS:85032866085

VL - 50

SP - 15038

EP - 15043

JO - IFAC-PapersOnLine

JF - IFAC-PapersOnLine

SN - 2405-8963

IS - 1

ER -