Networking 22 JAN, 2014

A Computer Virus Propagation Model Using Delay Differential Equations With Probabilistic Contagion And Immunity

A Computer Virus Propagation Model Using Delay Differential Equations With Probabilistic Contagion And Immunity

The SIR model is used extensively in the field of epidemiology, in particular, for the analysis of communal diseases. One problem with SIR and other existing models is that they are tailored to random or Erdos type networks since they do not consider the varying probabilities of infection or immunity per node. In this paper, we present the application and the simulation results of the pSEIRS model that takes into account the probabilities, and is thus suitable for more realistic scale free networks. In the pSEIRS model, the death rate and the excess death rate are constant for infective nodes. Latent and immune periods are assumed to be constant and the infection rate is assumed to be proportional to I (t) N(t), where N (t) is the size of the total population and I(t) is the size of the infected population. A node recovers from an infection temporarily with a probability p and dies from the infection with probability (1-p).

💡 Research Summary

**
The paper addresses a fundamental shortcoming of classic epidemic models—most notably the SIR and SEIR frameworks—when they are applied to computer virus propagation on realistic networks. Traditional models assume homogeneous infection and recovery probabilities across all nodes and are typically calibrated for random or Erdős–Rényi graphs. Real-world digital infrastructures, however, are highly heterogeneous: they follow a scale‑free topology, exhibit widely varying security postures, and experience non‑uniform patching or antivirus deployment. To capture these nuances, the authors introduce the probabilistic SEIRS (pSEIRS) model, which integrates three key extensions: (1) a node‑specific infection‑recovery probability p (with complementary death probability 1‑p), (2) fixed latency (exposed) and immunity periods modeled as constant delays τ_E and τ_R, (3) an infection rate β that scales with the product I(t)·N(t), reflecting the fact that larger populations generate more contact opportunities. Additionally, a constant natural death rate μ and an excess death rate μ_excess are applied only to infected nodes, allowing the model to represent resource exhaustion and service interruption caused by malware.

Mathematically, the dynamics are expressed as a system of delay differential equations (DDEs):

  • dS/dt = –β S(t) I(t)/N(t) + γ R(t–τ_R)
  • dE/dt = β S(t) I(t)/N(t) – σ E(t)
  • dI/dt = σ E(t) – (μ + p δ) I(t) – (1–p) μ_excess I(t)
  • dR/dt = p δ I(t) – γ R(t)

Here σ denotes the rate at which exposed nodes become infectious, δ the recovery rate, and γ the rate at which immunity wanes. The delayed term R(t–τ_R) re‑introduces recovered nodes into the susceptible pool after the immunity window expires. Linear stability analysis yields a characteristic equation whose dominant eigenvalue determines the basic reproduction number R₀. When R₀ > 1 the infection persists; the presence of delays can generate complex conjugate eigenvalues, leading to oscillatory outbreaks—a phenomenon observed in real cyber‑attack waves.

To evaluate the model, the authors generate a synthetic scale‑free network using the Barabási–Albert algorithm with 10 000 nodes. Each node receives a probabilistic infection parameter p drawn from a normal distribution, thereby mimicking heterogeneous security levels. High‑degree hub nodes are intentionally assigned lower p values (i.e., stronger protection) in some scenarios to test the impact of targeted hardening. Simulations compare pSEIRS against a baseline SIR model lacking latency and immunity. Key findings include:

  1. Reduced Peak Prevalence – The pSEIRS model produces infection peaks roughly 30 % lower than the SIR counterpart, illustrating how fixed latency and immunity dampen rapid spread.
  2. Extended Outbreak Duration – Because recovered nodes re‑enter susceptibility after τ_R, the total time until the virus dies out is about 1.5 × longer than in the SIR case.
  3. Hub Immunization Effect – Immunizing a small fraction of the most connected hubs dramatically lowers R₀ and can halt the epidemic early, confirming the strategic value of protecting critical servers.
  4. Probabilistic Mortality – When p is small (high death probability), the model shows a rapid collapse of the infected population but at the cost of widespread node failure, reflecting real‑world scenarios where malware causes system crashes or forced shutdowns.

The authors also discuss limitations and future directions. The current formulation assumes deterministic, constant delays for latency and immunity, whereas in practice patch deployment times and vaccine efficacy vary. Incorporating stochastic delay distributions or adaptive delays that depend on network load could improve realism. Moreover, extending the framework to dynamic networks—where nodes join or leave, and edges rewire—would capture the fluid nature of modern cloud and IoT environments. Finally, empirical validation using real malware outbreak data (e.g., ransomware campaigns) is necessary to calibrate parameters such as β, σ, δ, and to assess predictive accuracy.

In conclusion, the pSEIRS model offers a mathematically rigorous yet practically relevant tool for studying computer virus spread on heterogeneous, scale‑free networks. By blending probabilistic contagion, fixed latency/immunity periods, and delay differential equations, it overcomes the homogeneity assumptions of classic SIR models and yields insights directly applicable to cybersecurity policy: prioritize protection of high‑degree nodes, schedule timely patches to shorten effective latency, and consider the trade‑off between rapid containment (through node “death”) and service continuity. This work thus bridges epidemiological theory and cyber‑defense engineering, providing a foundation for more nuanced, data‑driven mitigation strategies.