Optimal and robust epidemic response for multiple networks

We study the optimization of malicious software removal or patch deployment processes across multiple networks. The well-known classical epidemic model is adapted to model malware propagation in this multi-network framework. We capture the trade-off between the infection spread and the patching costs in a cost function, leading to an optimal control problem. We linearize the system to derive feedback controllers using pole-placement, linear quadratic regulator (LQR) optimal control, and Hinfin optimal control, where we explicitly model measurement errors in the number of infected clients. The resulting patching strategies are analyzed numerically and their results are compared. The proportional response that is typically assumed for the classical epidemic model is shown to be sub-optimal.

[1]  Thomas M. Chen,et al.  Effectiveness of Quarantine in Worm Epidemics , 2006, 2006 IEEE International Conference on Communications.

[2]  Tamer Basar,et al.  The detection of RCS worm epidemics , 2005, WORM '05.

[3]  David Moore,et al.  Code-Red: a case study on the spread and victims of an internet worm , 2002, IMW '02.

[4]  David M. Nicol,et al.  Simulating realistic network worm traffic for worm warning system design and testing , 2003, WORM '03.

[5]  T. Basar,et al.  A game theoretic analysis of intrusion detection in access control systems , 2004, 2004 43rd IEEE Conference on Decision and Control (CDC) (IEEE Cat. No.04CH37601).

[6]  Stefan Savage,et al.  Inside the Slammer Worm , 2003, IEEE Secur. Priv..

[7]  T. Basar,et al.  H∞-0ptimal Control and Related Minimax Design Problems: A Dynamic Game Approach , 1996, IEEE Trans. Autom. Control..

[8]  Fred Cohen,et al.  Computer viruses—theory and experiments , 1990 .

[9]  O. Patrick Kreidl,et al.  Feedback control applied to survivability: a host-based autonomic defense system , 2004, IEEE Transactions on Reliability.

[10]  Donald F. Towsley,et al.  Worm propagation modeling and analysis under dynamic quarantine defense , 2003, WORM '03.

[11]  T. Basar,et al.  Intrusion Response as a Resource Allocation Problem , 2006, Proceedings of the 45th IEEE Conference on Decision and Control.

[12]  Herbert W. Hethcote,et al.  The Mathematics of Infectious Diseases , 2000, SIAM Rev..

[13]  T. Başar,et al.  An Intrusion Detection Game with Limited Observations , 2005 .

[14]  Ram Dantu,et al.  Dynamic control of worm propagation , 2004, International Conference on Information Technology: Coding and Computing, 2004. Proceedings. ITCC 2004..

[15]  David Moore,et al.  Internet quarantine: requirements for containing self-propagating code , 2003, IEEE INFOCOM 2003. Twenty-second Annual Joint Conference of the IEEE Computer and Communications Societies (IEEE Cat. No.03CH37428).

[16]  Donald F. Towsley,et al.  Code red worm propagation modeling and analysis , 2002, CCS '02.