Applied Mathematical Modelling 35 (2011) 37773787

Contents lists available at ScienceDirect

Applied Mathematical Modelling

journal homepage: www.elsevier.com/locate/apm

A mathematical model for the effect of malicious object on computer

network immune system
Dinesh Kumar Saini
Faculty of Computing and Information Technology, Sohar University, Sultanate of Oman, Oman

a r t i c l e i n f o a b s t r a c t

Article history: In this paper, a nonlinear mathematical model is proposed and analyzed to study the effect
Received 23 December 2009 of malicious object on the immune response of the computer network. Criteria for local sta-
Received in revised form 31 January 2011 bility, instability and global stability are obtained. It is shown that the immune response of
Accepted 2 February 2011
the system decreases as the concentration of malicious objects increases, and certain crite-
Available online 26 February 2011
rias are obtained under which it settles down at its equilibrium level. This paper shows
that the malicious objects have a grave effect on cyber defense mechanism. The paper
Keywords:
has two parts (i) in the rst part a mathematical model is proposed in which dynamics
Malicious object
Immune response
of pathogen, immune response and relative characteristic of the damaged node in the net-
Stability work is investigated, (ii) in second part the effect of malicious object on the immune
Computer network response of the network has been examined. Finally how and where to use this modeling
is discussed.
2011 Elsevier Inc. All rights reserved.

1. Introduction

Immune system of a computer network mounts a highly specic response against invading malicious objects attacks. The
extent and diversity of this response varies during the course of malicious objects spread. Kephart proposed a digital immune
system that learned some aspects of the immune system [1]. It is a centralized approach where few central computers ana-
lyze the virus and distribute the prescriptions not only to the infected computer, but also other connected computer. Con-
sequently, once the central computer is attacked or the path to/from the central computer is shutdown, the immune
system will completely breakdown (similarly to the fact that HIV causes AIDS) [2]. Intrusion Detection (ID) is the process
of identifying the presence of unauthorized access to an enterprises computing resources. In practice, ID is broader and in-
cludes the detection of misuse/abuse, reconnaissance, penetration attempt, penetration, trozanization, denial of service [3].
For any infection to develop the host needs to be affected by a critical number of infective malicious objects. These mali-
cious objects once inside the computer network multiply to increase their number further [4]. The surveillance mechanism
of the system also recognizes the infection only above a critical load (a very low number may lead to either the escape of
malicious object or development of immunological tolerance) [5,6]. So during any ongoing infection there is a dynamic inter-
action between the attacking malicious object and the resisting immune system [7]. The severity of infection as well as the
duration of attack would depend upon which of the above two factors predominate.
The immune response to antimalicous software may be classied as minimal form, acute form with recovery, and acute
form with lethal outcome and chronic [2]. Minimal form of attack usually develops latently and in this malicious object is
suppressed by the immune system before it reaches the level of concentration to cause an observable damage of the com-
puter system. An acute form of attack develops if the immune response has been delayed for various reasons so that the node
attacked by the malicious object has been considerably damaged. Acute form of attack with possible lethal outcome may

E-mail addresses: [email protected], [email protected]

0307-904X/$ - see front matter 2011 Elsevier Inc. All rights reserved.
doi:10.1016/j.apm.2011.02.025
3778 D.K. Saini / Applied Mathematical Modelling 35 (2011) 37773787

result in absence of any therapeutic intervention whereas acute form of attack followed by recovery occurs on therapeutic
intervention. Spontaneous recovery takes place under certain optimal conditions [8].
The attack acquires a chronic state when equilibrium between the antimalicous and all components participating in the
immune system develops [9]. Here again solution is possible only either by activating the immune system to lead to the
malicious objects subsequent self healing. Mathematical models show that the chronic state is a stable immune process
and has either an almost cyclic or time dependent dynamics. The antimalicous concentration tends not to zero but a positive
quantity [10,11].
Some investigations have been conducted to study the effect of malicious objects on computer networks (Bimal Mishra
and Dinesh Saini) using mathematical modeling but the effect of malicious object on the immune response of the systems
has not been studied using mathematical modeling [4]. Mathematical modeling of the interaction between the growth rate
of malicious objects and activation of immune system provides a suitable system to study the state of infection during the
course of attack. We will try to use this modeling in designing an intrusion detection system for the network. The strengths
of IDSes are their capability to continuously watch packets on your network, understand them in binary, and alert when
something suspicious that matches a signature occurs. IDSes are a great addition to a networks defense-in-depth architec-
ture. We can use this model to identify vulnerabilities and weaknesses in the perimeter protection devices; for example, re-
walls, switches, and routers. The rewall rules and router access lists can be veried regularly for functionality.

2. Mathematical model

Consider a system where we wish to model the interactions of malicious object, immune response of the system and the
relative characteristic of the damaged node of the computer network. It is assumed that dynamics of the malicious object
follows a logistic model [12]. The growth of the malicious infection depends upon its initial status, decline caused by the
immune response and its own crowding effect where as change in the immune response depends upon its initial status, nat-
ural decline, stimulation leading to enhancement of the response and the damage caused by the malicious object [1315].
Finally, relative characteristic of the damaged organ depends upon the density of malicious object and its natural degener-
acy. Then dynamics of the system may be governed by the following system of differential equations:
dP
bP  cIP  b0 P2
dt
dI
l  aI bIP  gcIP
dt 2:1
dM
aP  a0 M
dt
P0 P 0; I0 P 0; M0 P 0; 0 6 g 6 1:
Here P(t) is the density of malicious objects, I(t) the immune status of the system and M(t) the relative characteristic of the
damaged node of the computer network at time t P 0. b is the growth rate coefcient of the malicious object, c is the decay
rate coefcient of the malicious object due to its interaction with immune system of the network and b0 is the intraspecic
interference coefcient of the malicious objects. l is the growth rate of the immune system of the system, a is its natural
decay rate coefcient, b is the stimulating growth rate of the immune system due to its interaction with the malicious ob-
jects, and g is its decay rate coefcient due to its interaction with the malicious object. a is the growth rate coefcient of the
damaged node due to malicious object and a0 is its natural decay rate coefcient.
In the following lemma we show that all solutions of the system under consideration are nonnegative and bounded. The
proof of this lemma is easy and hence omitted.

Lemma 2.1. The set

X1 fP; I; M : 0 6 P 6 b=b0 ; 0 6 I 6 Ic ; 0 6 M 6 ab=a0 b0 g

is a region of attraction for all solutions initiating in the interior of the positive orthant, where
lb0
Ic ; ab0  bb > 0:
ab0  bb
The above lemma shows that the system is well behaved.

2.1. Stability analysis

In this section, rst of all we nd the feasible equilibrium points of model system (2.1). We note that model system (2.1)
has two nonnegative equilibria, namely, E1(0, l/a, 0) and E(P, I, M). Clearly E1 exists. Here l/a represents the inherent im-
mune response of the system in absence of any malicious object attacks, and therefore there will be no damage caused to the
computer node. For the existence of E, we note that P, I and M are the positive solutions of the following algebraic
equations:
 D.K. Saini / Applied Mathematical Modelling 35 (2011) 37773787 3779

cI b  b0 P; 2:2a
l
I ; 2:2b
a  bP gcP
aP
M : 2:2c
a0
Behaviors of Eqs. (2.2) are presented in Fig. 1. Clearly the isocline (2.2a) is an equation of a straight line passing through the
dI
points (P = 0, I = b/c) and (P = b/b0, I = 0) with the slope dP  bc0 < 0.
From (2.2b) we note the following:
When P ? 0, I ? l/a,
dI lb  gc
: 2:3
dP a  bP gcP2

From (2.3), we note that

dI
> 0 if b > gc;
dP
dI
and < 0 if b < gc:
dP
From the above analysis we note that the interior equilibrium E(P, I, M) exists (see Fig. 2) if the following inequalities
hold:
b > gc; 2:4a
ba > lc: 2:4b
From Fig. 2, we observe that
0 < P < b=b0 and l=a < I < b=c: 2:5

We also note that the interior equilibrium E (P , I , M ) exists (see Fig. 3) if the following inequalities hold:
b < gc; 2:6a
ba > lc: 2:6b
From Fig. 3, we observe that
0 < P < b=b0 and 0 < I < l=a: 2:7

Fig. 1. The behavior is plotted for c = 0.4, b = 0.6, b0 = 0.2, a = 0.3, a0 = 0.1, g = 0.2, a = 0.2, b = 0.4, and l = 0.5.
3780 D.K. Saini / Applied Mathematical Modelling 35 (2011) 37773787

Fig. 2. The behavior is plotted for c = 0.4, b = 0.6, b0 = 0.2, a = 0.3, a0 = 0.1, g = 0.2, a = 0.2, b = 0.4, and l = 0.2. Here b > gc and ba > lc.

We note that the rst two equations in model (2.1) do not depend on P. Then it may be useful to study the behavior of the
equilibrium in the PI plane. The two-dimensional sub-system of model (2.1) is given by
dP
bP  cIP  b0 P2  h1 x; y; 2:8a
dt
dI
l  aI bIP  gcIP  h2 x; y 2:8b
dt
In the following theorem we show that the above system does not have any closed trajectory in the interior of the positive
quadrant of the PI plane.

Theorem 2.1. The model system (2.8) does not have any periodic solution in the interior of the positive quadrant of the PI plane.

Proof. Consider the function

1
HP; I :
PI
It is clear that H(P, I) > 0 in the interior of the rst quadrant of the PI plane. Then we have

Fig. 3. The behavior is plotted for c = 0.4, b = 0.6, b0 = 0.2, a = 0.3, a0 = 0.1, g = 0.2, a = 0.2, b = 0.02, and l = 0.2. Here b > gc and ba > lc.
 D.K. Saini / Applied Mathematical Modelling 35 (2011) 37773787 3781

@ @ b l
DP; I h1 H h2 H  0  2 < 0:
@P @I I PI
Since D(P, I) does not change sign, by DulacBendixson criteria it follows that the model system does not have any closed
trajectory in the interior of the positive quadrant of the PI plane, and hence no period solution and no limit cycle exists
in the interior of the positive quadrant of the PI plane. h

The stability behavior of the equilibria can be studied by computing variation matrices corresponding to each equilib-
rium. From these matrices and using the RouthHurwitz criteria, the following results follow immediately.

Theorem 2.2

(i) If ba > lc (i.e. if E exists), then E1 is a saddle point with stable manifold locally in the IM plane and with unstable manifold
locally in the P direction.
(ii) If ba < lc (i.e. if E does not exists), then E1 is locally asymptotically stable in the PIM space.
(iii) Let the following inequalities hold:

b0 l b  gccI2 > 0: 2:9

Then E is locally asymptotically stable in the PIM space.

Remark. Let M denotes the variational matrix of model (2.1) corresponding to the equilibrium E. Then we may note that
eigenvalue of M in the M direction is a0 which is negative. Further, the characteristic equation in the PI plane is given by

k2  Ak B 0;
where
l
A b0 P ;
I
B b0 l b  gccI2 :
If A2 < 4B, then eigenvalues of M in the PI plane are complex conjugate with negative real parts. In such a case, E will be a
stable focus that may induce the damping oscillations.
In the following theorem we are able to show that E is globally asymptotically stable.

Theorem 2.3

(i) If b > gc, then E is globally asymptotically stable with respect to all solutions initiating in the interior of the positive orthant.
(ii) If b < gc, then E is globally asymptotically stable with respect to all solutions initiating in the interior of the positive orthant,
provided the following inequality holds:

b0 l > 4gc  bcIc I ; 2:10

where Ic is dened in Lemma 2.1.

Proof. Consider the following positive denite function around E,

   
P I 1
Vt P  P  P ln  c1 I  I  I ln  c2 M  M  2 ; 2:10
P I 2
where c1 and c2 are positive constants to be chosen suitably later on.
Differentiating V with respect to t along the solutions of model (2.1), a little algebraic manipulation yields
dV c1 l
b0 P  P 2   I  I 2  c2 a0 M  M 2 P  P I  I c c1 b  c1 gc P  P M  M c2 a:
dt II
The above equation can be re-written as in the form of quadratics,
dV 1 1
 a11 P  P  2 a12 P  P I  I  a22 I  I 2
dt 2 2
1 1
 a11 P  P a13 P  P M  M  a33 M  M  2
 2  
2 2
1 1
 a22 I  I a23 I  I M  M  a33 M  M 2 ;
 2  
2 2
3782 D.K. Saini / Applied Mathematical Modelling 35 (2011) 37773787

where
c1 l
a11 b0 ; a22 ; a33 c2 a0 ; a12 c c1 b  gc; a13 c2 a; a23 0:
II

dV
Sufcient conditions for dt
to be negative denite are that the following inequalities hold:

a212 < a11 a22 ; 2:12a

a213 < a11 a33 ; 2:12b
a223 < a22 a33 : 2:12c

It may be noted that inequality (2.12c) is automatically satised. By choosing c2 aa0 b2 0 , we note that inequality (2.12b) is sat-
ised. If b > gc, then by choosing c1 bcgc it may be noted that inequality (2.12a) is also satised. This proves the rst part of
Theorem 2.3.
If b < gc, then by choosing c1 gccb we note that (2.9)(2.12a). Thus we conclude that V is a Liapunovs function [16]
whose domain contains the region of attraction X1, proving second part of the theorem. h

3. Model with malicious objects effect

In this section, we consider the effect of malicious object on the immune response of the system. The concentration of
malicious objects depends upon the rate of introduction of the Malware into the environment [17,18]. It is assumed that
the growth rate of uptake concentration of Malware by the system increases with the environmental concentration of mali-
cious objects. The uptake concentration of malicious object decreases due to its interaction with the immune system of the
network and also has a detrimental effect on the network. Considering the above aspect, the dynamics of the system can be
governed by the following system of differential equations:
dP
bP  cIP  b0 P2
dt
dI
l  aI bIP  gcIP  g1 k1 UI 3:1
dt
dM
aP  a0 M
dt
dT
Q 0  d0 T
dt
dU
h0 T  d1 U  k1 UI
dt
P0 P 0; I0 P 0; M0 P 0; T0 P 0; U0 P 0; 0 6 g 6 1; 0 6 g1 6 1:

In model (3.1), T(t) is the concentration of malicious objects in the cyber space and U(t) is the uptake concentration of mali-
cious object by the system. Q0 is the constant rate of introduction of malicious object into the cyber space and d0 is its natural
decay rate coefcient. h0 is the growth rate coefcient of U(t), d1 is its natural depletion rate coefcient, k1 is its depletion rate
coefcient due to its interaction with the immune system of the network and g1 is the decay rate coefcient of the networks
immune system due to uptake concentration of the toxicant by the network. Other notations in model (3.1) have the same
meaning as in model (2.1).

3.1. Stability analysis

^ P;
The model system (3.1) has two nonnegative equilibria, namely, E0; I; 0; Q 0 =d0 ; U and E ^ ^I; M;
^ T;
^ U.
^ In the existence
of E, it may be noted that I and U are the positive solutions of the following algebraic equations:

l
I ; 3:2a
a g1 k1 U
h0 Q 0
U : 3:2b
d0 d1 k1 I

The behavior of Eq. (3.2) is represented by the Figs. 4 and 5.

It can be seen that the isoclines (3.2a) and (3.2b) intersect at a unique point I; U in the positive quadrant. This shows
that equilibrium E exists.
 D.K. Saini / Applied Mathematical Modelling 35 (2011) 37773787 3783

Fig. 4. The behavior is plotted for l = 0.3, a = 0.5, g1 = 0.4, and k1 = 0.02.

Fig. 5. The behavior is plotted for h0 = 0.03, k1 = 0.02, Qn = 0.3, dn = 0.6, and d1 = 0.3.

Fig. 6. Intrusion detection model based on immunity [21].

^ we note that P;
To show the existence of E, ^ ^I; M;
^ T^ and U
^ are the positive solutions of the following algebraic equations:
b  cI
P ; 3:3a
b0
aP
M ; 3:3b
a0
Q0
T ; 3:3c
d0
3784 D.K. Saini / Applied Mathematical Modelling 35 (2011) 37773787

1 l 
U  a cb  cI ; where c b  gc=b0 ; 3:3d
g1 k1 I
h0 Q 0
U : 3:3e
d0 d1 k1 I
From (3.3d) we note the following:
When I ! 0; U ! 1: 
q
1
When U ! 0; I ! a  cb  a  cb2 4cc :
2cc
If c > 0, i.e. if b > gc, then we have
 q
1
I Ia a  cb a  cb2 4cc > 0:
2cc
If c < 0, i.e. if b < gc and (a  cb)2 + 4cc > 0, then we have two positive values of I, namely,
 q
1
I Ib a  cb a  cb2 4cc > 0;
2cc
and
 q
1
I I0b a  cb  a  cb2 4cc > 0:
2cc
From (3.3d) we also note that
 
dU 1 l l
 2  cc < 0 if  2  cc < 0: 3:4
dI g1 k1 I I
We note that if c > 0, then inequality (3.4) is satised.
From (3.3e) it is clear that
Q 0 h0
when I ! 0; U! ;
d0 d1
when U ! 0; I ! 1;
dU
and < 0:
dI
From the above analysis we note that the isoclines (3.3d) and (3.3e) intersect at a unique point ^I; U
^ if any one of the fol-
lowing holds:
1: b  gc > 0: 3:5a
2
2: b  gc < 0; a  cb 4cc > 0 and  l  cc^I2 < 0: 3:5b
Knowing the values of ^I and U,
^ the values of P
^ and M
^ can be computed from (3.3a) and (3.3b), respectively. It may be noted
^ to be positive we must have
here that for P
b  c^I > 0: 3:6
^ exists if either (3.5a) and (3.6) or (3.5b) and (3.6) are satised.
Thus we conclude that the interior equilibrium E
The following lemma shows that all solutions of system (3.1) are positive and bounded. The proof of this lemma is easy
and hence omitted.

Lemma 3.1. The set

X2 fP; I; M; T; U : 0 6 P 6 b=b0 ; 0 6 I 6 Ic ; 0 6 M 6 ab=a0 b0 ; 0 6 T 6 Q 0 =d0 ; 0 6 U 6 h0 Q 0 =d0 d1 g

is a region of attraction for all solutions initiating in the interior of the positive orthant, where Ic abl0bbb
0
; ab0  bb > 0:
In order to study the local stability behavior of the equilibria, we compute the variational matrices corresponding to each
equilibrium. Then we note that E is a saddle point with stable manifold locally in the IMTU space and with unstable man-
ifold locally in the P direction (assuming that b  cI > 0).
In the following theorem we are able to show that the interior equilibrium E ^ is locally asymptotically stable. The proof of
this theorem follows from the RouthHurwitz criteria, and hence omitted.

Theorem 3.1

^ is locally asymptotically stable if the following inequality holds:

(i) If k1 = 0, then the interior equilibrium E

b0 l b  gcc^I2 > 0: 3:7a

 D.K. Saini / Applied Mathematical Modelling 35 (2011) 37773787 3785

^ is locally asymptotically stable if the following inequalities hold:

(ii) If k1 0, then the interior equilibrium E
a3 > 0; a1 a2 > a3 ; 3:7b
where
l
^ d1 k1^I > 0;
a1 b0 P
^
 I 
^ l l 2 ^
a2 b0 P d1 k1^I d1 k1^I  g1 k1^IU cb  gcP^^I;
^I ^I
 
2 ^^ l ^^Id1 k1^I l d1 k1^Ib P:
a3 bg0 g1 k1^IU P d1 k1^I cb  gcP 0
^
^I ^I

Remark 1. If k1 = 0, then environmental toxicant does not have any effect on the immune system of the network. Thus, the
result of rst part of Theorem 3.1 agrees with those obtained in the third part of Theorem 2.1 (see Eqs. (2.8) and (3.7a)).

Remark 2. In the second part of Theorem 3.1, it may be noted that a1 is always positive and a3 > 0 if b  gc > 0. Thus, a2 > 0
when (3.7b) holds.
From the above theorem we note that if b > gc, then inequality (3.7) is automatically satised. This shows that whenever
^ exists under condition (3.5a), it is locally asymptotically stable. Further, if E
E ^ exists under condition (3.5b), then for E
^ to be
locally asymptotically stable, condition (3.7) must be satised.
In the following theorem we show that E ^ is globally asymptotically stable.

Theorem 3.2
(i) Let the following inequalities hold:
b > gc; 3:8a
 2
c 2 k1 Q 0 c1 c2 l
c1 g1 k1 < d1 k1^I; 3:8b
d0 Ic^I
^
where c1 bcgc ; c2 d0 d1bk
0
1 I
.
^
Then E is globally asymptotically stable with respect to all solutions initiating in the interior of the positive orthant.
(ii) Let the following inequalities hold:
b < gc; 3:9a
c2 b0 l
c b gc2 < d1 k1^I; 3:9b
Ic^I
 2
c k Q c l
g1 k1 2 1 0 < 2 ^ d1 k1^I; 3:9c
d0 Ic I
^
1 I
where c2 d0 d1bk
0
.
^ is globally asymptotically stable with respect to all solutions initiating in the interior of the positive orthant.
Then E

^
Proof. Consider the following positive denite function about E,
   
^ ln P c1 I  ^I  ^I ln P a0 b0 M  M
^P
Wt P  P ^ 2 1 T  T
^ 2 1 c2 U  U
^ 2:
^
P ^I 2a2 2 2
In order to prove the rst part of this theorem, we choose c1 and c2 as specied in the theorem, and to prove the second part
of the theorem we choose c1 = 1 and c2 as specied in the theorem. Then under an analysis similar to the proof of Theorem
2.2, it can be checked that time derivative of W along the solutions of model (3.1) is negative denite under conditions given
in the theorem, which proves the theorem. h

From this study it can be seen that the presence of malicious object in the cyber space affects the oscillatory pattern of the
immune status implying that the malicious object has severely obviated the immune system ability to be repeatedly acti-
vated and it also settles at a very low level. This compromised state of immune status can be very detrimental for the node
in the network and can lead to the development of acute form of infection. This would lead to an increased morbidity and
may even be fatal to the node in the network.

4. Traditional IDS

Current IDS are divided in to two main categories: signature based detection, and anomaly based detection. The signature
based detection is designed to inspect incoming packets headers and against know patters. If tuned effectively signature
based IDS can be a powerful protection tool against all known attacks. The main drawback of signature based IDS is that
3786 D.K. Saini / Applied Mathematical Modelling 35 (2011) 37773787

it inability to protect against new type of intrusions. Anomaly detection approach was designed to overcome the signature
based approach failures by using classication mechanism. The idea is to analyze system activities and classify them as nor-
mal or abnormal. Abnormal activity is classied as an attack or intrusive behavior. This approach has the potential to
identify new intrusions but raises the issue of how to distinguish clearly between normal and abnormal system activities.
In this case, a slight change in a normal activity can be classied as intrusive, or intrusive activity can be similar to normal
activity and is therefore unable to be identied.
In the current network environment we see a growing number of threats and attacks ranging from computer virus,
worms, Trojan horses, and DOS/DDOS attacks. Traditional intrusion detection system, rewall and anti-viruses all operates
independently and in a passive defense mode resulting in their inability to be cognitive about the network they are protect-
ing. The biological immune system can be the answer to solve current network security issues.

5. Biological immune system based IDS

Human immune system is a very complicated and intelligent system capable of protecting human beings against infec-
tious organisms and other invaders. The adaptive learning of the human immune system and its power information process-
ing capabilities makes it a hot spot for researchers [19,20]. Its capability of unique signature extraction from antigens,
classication and recognition of dangerous antigenic peptides makes it very powerful.
The immune system operates distributively and collectively through a network of cells, tissues, and organs. Immunolog-
ical memory of the immune system is a key element in its ability to be adaptive. The activation process of B cells and T cells
will produce an offspring which will be the memory cells that is able to detect any future attacks from already encountered
pathogens. The lymphocytes are the primary actor in distinguishing self cells (normal human cells) from non-self cells (dan-
gerous foreign cells). Immune based detection system imitates the biological immune system by having an effective detec-
tors production mechanism, by implementing the biological negative selection principle which is the ability to distinguish
self cells from non-self cells (Fig. 6).

6. Where to use the model

Through analysis and research network security system can adapt some aspects of biological immune system. The
responsibility of the human immune system is the protection against the invasion of diseases, while the network security
system defends against the malicious objects. Thus, both systems has the same goal of distinguishing self cells from non-self
cells. The main objective for both biological immune system and network security system is how to keep the system stable in
a continuous changing environment. In this paper we apply the biological immune theoretic in the articial immune system
to search and design relevant models and algorithms to solve various problems occurred in the eld of computer security.
Inspired by the biological immune system, we analyze the interactions of malicious objects in the network and study the
effect of malicious objects on the immune response of the computer network. The above formulated models can be used
for designing a proper articial intrusion detection system for the network.

7. Conclusions

In this paper, a mathematical model has been proposed and analyzed to study the effect of malicious object on the im-
mune response of the computer network. It has been found that if b > gc, then immune response of the node increases as the
concentration of the malicious object decreases. This result agrees with the initial asymptomatic stage of the infection in
which no obvious form of disorder is manifested because the immune system is effectively able to overcome the affect of
malicious object. From Eq. (2.5), we note that I > l/a. This implies that under conditions (2.4a,b), the immune response
has been stimulated to achieve a value above the inherent immune status (l/a). Further, if b < gc, then the immune state
of the network decreases below the inherent immune status (see Eq. (2.7)) as the concentration of the malicious object in-
creases. Such situations arise when the malicious object dominates the immune response, and the network starts manifest-
ing symptoms of infection or damage. From Theorem 2.1, we note that if b > gc, then inequality (2.8) is automatically
satised. This shows that whenever E exists under condition (2.4), then it is locally asymptotically stable. We also note that
if the immune status of the network is sufciently large or it has been articially increased by using prophylactic agents, then
E may be locally asymptotically stable even when b < gc.

References

[1] J. Kephart, S. White, Directed graph epidemiology models of computer virus, in: Proceedings of the 1991 Computer Society Symposium on Research in
Security and Privacy, pp. 342359.
[2] T. Okamoto, Y. Ishida, A distributed approach against computer viruses inspired by immune system, IEICE Trans. Commun. E83-B (5) (2000).
[3] G. Post, A. Kagan, Management tradeoffs in anti-virus strategies, Inform. Manag. 37 (1) (2000) 1324.
[4] Bimal Kumar Mishra, Dinesh Kumar Saini, SEIRS epidemic model of transmission of malicious objects in computer network, Int. J. Appl. Math. Comput.
188 (2) (2007) 14761482.
[5] Hemraj Saini, Dinesh Kumar Saini, Malicious object dynamics in the presence of anti Malicious software, Eur. J. Sci. Res. 18 (3) (2007) 491499. ISSN
1450-216X. Euro Journals Publishing, Inc. Available from: <http://www.eurojournals.com/ejsr.htm/>.
 D.K. Saini / Applied Mathematical Modelling 35 (2011) 37773787 3787

[6] Dinesh Kumar Saini, Hemraj Saini, Proactive cyber defense and recongurable framework for cyber security, Int. Rev. Comput. Softw. 2 (2) (2007) 89
98.
[7] Bimal Kumar Mishra, Dinesh Kumar Saini, Mathematical models on computer viruses, Int. J. Appl. Math. Comput. 187 (2) (2007) 929936.
[8] Mihai Christodorescu, Somesh Jha, Testing malware detectors, in: ISSTA 04: Proceedings of the 2004 ACM SIGSOFT International Symposium on
Software Testing and Analysis, July 2004.
[9] Mikdam A. Al-Salami, Salah F. Saleh, Sabah A. Ali, General virus detector and deactivator, in: Al-Hadba University College Conference, 2000.
[10] Dinesh Kumar Saini, Hemraj Saini, Cyber defense: mathematical modeling and simulation, in: National Conference on Mathematical Analysis and its
Real Time Applications, 1617th September, 2006, University of Berhampur (Berhampur), Orissa, 2006, pp. 106111.
[11] Dinesh Kumar Saini, Hemraj Saini, A study on cyber crime in India, in: National Seminar on Mathematics and Computer Science, 2930 November,
2005, S.D. (P.G.) College, Muzaffarnagar.
[12] Dinesh Kumar Saini, Hemraj Saini, VAIN: a stochastic model for dynamics of malicious objects, ICFAI J. Syst. Manag. 6 (1) (2008) 1428.
[13] J. LaSalle, S. Lefschetz, Stability by Liapunovs Direct Method with Applications, Academic Press, New York, London, 1961.
[14] G.I. Marchuk, Mathematical Models in Immunology, Optimization Software, Inc., Publications Division, New York, 1983.
[15] G.I. Marchuk, Mathematical Modelling of Immune Response in Infectious Disease, Springer, 1997.
[16] Dinesh Kumar Saini, Hemraj Saini, Cyber wars and defense: an introduction, in: National Symposium on Cyber Forensics and Computer Crimes, 11
13th August, Punjabi University (Patiala), Punjab, 2006.
[17] M.A. Nowak, R.M. May, Virus Dynamics: Mathematical Principles of Immunology and Virology, Oxford University Press, New York, 2000.
[18] A. Rescigno, The struggle for life: V. One species living in a limited environment, Bull. Math. Biol. 39 (1977) 479485.
[19] Fu Yu-Zhen, Hu Yu, Zhang Qing-Hua, Application and Research of Adaptive Immune Network Intrusion Detection Model [D], Taiyuan Institute of
Technology Press, 2008, 5.
[20] Dipankar Dasgupta (Ed.), Articial Immune Systems and Their Applications, Springer-Verlag, 1999. ISBN 3 540-64390-7.
[21] L. Nian1, et al., Research on network security situation awareness technology based on articial immunity system, in: IFITA 09: International Forum on
Information Technology and Applications, 2009.