Distributed adaptive patching strategies against malware propagation: A passivity approach

Abstract

A computer malware is a malicious code that compromises a node and then attempts to infect the node's neighbors in order to mount further attacks. Strategies for mitigating malware propagation attacks are based on patching each node at a certain rate, which is selected based on a trade-off between removing the viruses and the cost of patching. This selection, however, implicitly assumes that the propagation rate is known, whereas in practice the propagation rate depends on the inherently uncertain goals and capabilities of the attacker. In this paper, we propose and analyze adaptive defense strategies against malware with unknown propagation rates from a control-theoretic perspective. We introduce a distributed defense strategy in which each host increases its patching rate when a malware is detected, and decreases its patching rate when the host is not infected. The proposed patching strategies can drive the probability of infection to an arbitrarily low value at steady-state by varying the patching update parameters. Using a passivity-based approach, we prove that, when each node has the same patching parameters, the adaptive defense strategy ensures that the infection probabilities converge to any desired positive steady-state value. When the parameters are heterogeneous among nodes, we prove local stability of the adaptive patching dynamics, analyze the convergence rate of the infection probability, and formulate an optimization problem for selecting the infection probabilities based on a trade-off between the cost of patching and the cost of infection at steady-state. Our results are illustrated through a numerical study.