SUMMARY

In this chapter, we discussed the idea that once a reasonable model of spread of worms and malware in a network is developed, how it can help the actors to utilize its predictive and analytic power to manipulate the dynamics in one’s favor. In particular, we introduced the tools from optimal control theory, specifically, the PMP. We showed through a stylized example how PMP can be applied in a SIRD worm epidemic in which the worm can dynamically control when to destroy an infective node, facing an evolving tradeoff between infecting more nodes and being recovered by the system manager. We showed how, even in the absence of closed-form solutions that plagues nonlinear systems, a careful analysis of the necessary conditions that optimal solutions must satisfy can reveal significant structural properties of the solution. In particular, in our stylized example, we observed that the optimal killing strategy is to refrain completely to maximally exploit them for spreading until a certain threshold after which killing them with maximum intensity.
The system manager can similarly use optimal control tools to develop dynamic countermeasures that take into account the evolving state of a malware epidemic. These dynamic countermeasures include, e.g. reducing the communication rates of the nodes as a means of containing the spread of the worm but at the expense of introducing additional delays in the normal communications, rate of disseminating the security patches at the expense of taxing both the shared media of the network as well as the energy resources of the mobile nodes, etc. However, the assumption in optimal control problems is that there is only one entity that can manipulate the system in its own favor. In the next chapter, we will discuss the case where multiple decision-makers with distinct, and potentially antagonistic, incentives are at play. Specifically, when both the network defender and worm can dynamically and strategically manipulate the dynamics of a malware epidemic.

1 Note that static optimization problems, with powerful tools from convex, linear and mixed-integer programming, are sometimes used in relation to “dynamic” systems too. A notable example is the area of Network Utility Maximization (NUM) with applications in wired and wireless network scheduling (see e.g. [128]). The dynamic nature of the system is related to the fact that the arrival of flows, packets, channel fading, channel shadowing, mobility, etc. are realized over time, and measures of optimality such as average end-to-end delay or energy consumption rate make sense in the context of time. However, the utility functions in such problems depend on measures of long-term averages of the dynamics, and the underlying stochastic processes such as flow/packet arrival, channel availability, fading, etc., are stationary–ergodic processes. None of these assumptions are well-justified in the context of controlling a transient evanescent outbreak of a malware.

2 Along with the following two classes of convergence theorems: (1) ergodicity theorems that provide conditions to relate the long-term “time-average” performance measures of a dynamic stochastic system involving stationary–ergodic processes to its statistical measures (such as first and second moments); and (2) algorithmic convergence theorems that establish that classes of distributed iterative update rules can lead to a global optimal point. The first class of results enable us to find a solution of a carefully constructed deterministic static optimization and establish its optimality in the underlying dynamic and stochastic system. On the other hand, the second class of results enable distributed implementation of the solutions using methods such as gradient or sub-gradient descent numerical algorithms. This is attractive in practical situations where aggregation of the required information and carrying out a centralized computation and relaying back the new solutions is less desirable than a distributed and local update (usually with a small tradeoff in the nonasymptotic performance) – see e.g. [50,151].

3 The prominent result in calculus of variations is the Euler-Lagrange equation developed by the two name-bearing mathematicians in the 1750s. We will only focus on the PMP from optimal control theory (developed in 1950s by Lev Pontryagin) that entails the Euler-Lagrange as a special case.

4 A quadratic function can for instance represent the magnitude of the distance of the state from a desired path.

5 To see this, note that the SIR epidemics starts with a very slow growth since the fraction of the nodes that are infected in the beginning is small and the initial spreading occasions, whose rate is proportional to the “product” of the number of infective and susceptible nodes, are rare. However, once the fraction of infected nodes reaches a critical mass, there will be a period of avalanche of spread, but eventually, the number of spreading occasions decreases once again since there will be few susceptible nodes left. This leads to an almost S-shape evolution, which is not present in linear systems, and is exactly due to the presence of nonlinear terms such as the product of susceptible and infective fractions in the state dynamics.

6 The following anecdote shows the extent of the reach of the virus: During March 1999, IBM discovered that it had accidentally shipped a batch of new Aptiva PCs in the number of several thousands that were infected with the CIH virus. The virus was set to be activated in a month!

7 For instance, elevated network traffic due to the media scanning activities of the infected nodes may reduce the rate of patching as the network administrator has to compete for the same bandwidth resources and shared media as the worm.

8 This is because the users are likely to receive the security patches either from software stores or from servers distributed in the area. In the first case, the rates are naturally constants. In the latter case, the dissemination rates of the patches depend on the host’s reception gains, servers’ transmission gains, etc.; and none of the above depend on the infective and susceptible fractions, as long as the bandwidths are not critically used.

9 For a general function f(x)image, the notations f(x0+)image and f(x0)image are defined as limxx0f(x)image and limxx0f(x)image, respectively. We denote ḟ(t+)image as the right-side time derivative of fimage at time timage.

..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset