Available online at www.sciencedirect.

com

ScienceDirect
IFAC PapersOnLine 53-2 (2020) 6650–6655
Optimal Control of Joint Multi-Virus
Optimal Control of Joint Multi-Virus
Optimal
Infection Control
and of Joint Multi-Virus
Spreading
Optimal and Information
InfectionControl of Joint Multi-Virus
Information Spreading
Infection and ∗Information Spreading ∗∗
Infection
Vladislav and
Vladislav Taynitskiy Information
Taynitskiy Elena
∗ Elena Gubar Spreading
Gubar Denis
∗
∗ Denis Fedyanin ∗∗
Fedyanin
Vladislav Taynitskiy
∗
Ilya Petrov
∗
Petrov ∗ Elena Gubar ∗Zhu
∗∗
Quanyan Denis ∗∗∗ Fedyanin
Gubar ∗Zhu
∗∗
Vladislav Taynitskiy Ilya ∗∗ Quanyan
∗∗
Elena Denis
∗∗∗
∗∗∗ Fedyanin
∗∗
Vladislav Taynitskiy Ilya Petrov ∗
Elena Quanyan
Gubar Zhu
Denis ∗∗∗ Fedyanin ∗∗
Ilya Petrov ∗∗ Quanyan Zhu ∗∗∗
∗∗
∗ St. Petersburg State
∗
Ilya University,
Petrov Faculty
Quanyan of Applied
Zhu Mathematics and
∗ St. Petersburg State University, Faculty of Applied Mathematics and
St. Petersburg
Control
Control State State University,
Processes,
Processes, Faculty
Saint-Petersburg,
Saint-Petersburg, of Applied
Russia. Mathematics
Russia. (E-mail:
(E-mail: and
∗
St. Petersburg
Control University,
Processes, Faculty of Applied
Saint-Petersburg, Russia. Mathematics
(E-mail: and
∗
St. Petersburg
Control tainitsky@gmail.com,
State University,
tainitsky@gmail.com,
Processes, e.gubar@spbu.ru)
Faculty of Applied
e.gubar@spbu.ru)
Saint-Petersburg, Russia. Mathematics
(E-mail: and
∗∗
∗∗ V. A.
V. A.Control tainitsky@gmail.com,
Trapeznikov
Trapeznikov Institute
Processes, of e.gubar@spbu.ru)
Control
Saint-Petersburg,
Institute of Control Sciences
Russia.
Sciences of
of RAS,
(E-mail:
RAS, Moscow,
Moscow,
tainitsky@gmail.com, e.gubar@spbu.ru)
∗∗ V. A. Trapeznikov Institute of Control Sciences of RAS, Moscow,
∗∗
V. Russia.
Russia.
A. (E-mail:
Trapeznikov dfedyanin@inbox.ru,
tainitsky@gmail.com,
(E-mail: dfedyanin@inbox.ru,
Institute of Control zyxzy@protonmail.ch)
e.gubar@spbu.ru)
zyxzy@protonmail.ch)
Sciences of RAS, Moscow,
V.
∗∗∗ Russia.
Department
A. (E-mail:
Trapeznikov of dfedyanin@inbox.ru,
Electrical
Institute and
of Computer
Control zyxzy@protonmail.ch)
Engineering,
Sciences of RAS,New York
Moscow,
∗∗∗ Department of Electrical and Computer Engineering, New York
∗∗
∗∗∗
Russia. (E-mail: dfedyanin@inbox.ru, zyxzy@protonmail.ch)
∗∗∗ Department
Russia.University, of Electrical
(E-mail:
University, USA. and Computer
(E-mail:
dfedyanin@inbox.ru,
USA. (E-mail: Engineering, New York
quanyan.zhu@nyu.edu)
zyxzy@protonmail.ch)
quanyan.zhu@nyu.edu)
Department
University, of Electrical
USA. (E-mail:and Computer Engineering,
quanyan.zhu@nyu.edu) New York
∗∗∗
Department
University, of Electrical
USA. (E-mail:and Computer Engineering, New York
quanyan.zhu@nyu.edu)
Abstract: Nowadays,University,
Abstract: Nowadays, epidemic models
epidemic
USA. provide
models (E-mail:anquanyan.zhu@nyu.edu)
provide an appropriate tool
appropriate tool to
to describe
describe the the propagation
propagation
Abstract:
of
of biological
biological Nowadays,
viruses
viruses in
inepidemic
human
human models
or
or animal
animalprovide an appropriate
populations,
populations, rumors
rumors tool
and
andto misinformation
describe the propagation
misinformation in
in social
social
Abstract:
of biological Nowadays,
viruses inepidemic
human models
or animalprovide an appropriate
populations, rumors tool
andto misinformation
describe the propagation
in social
networks,
Abstract:
networks,
of biologicaland
and malware
Nowadays,
malware
viruses in in
in both
epidemic
human computer
both models
computer
or animal and
provide
and ad
ad hoc networks.
an appropriate
hoc networks.
populations, rumors toolIt
and is common
Ittoismisinformation
describe
commonthe that there
propagation
that there
in are
are
social
networks,
multiple
of biological
multiple andviruses
types
types malware
of
of malware
in
malware in both
human computer
infecting
or
infecting a
animal
a and
network ad
of hoc
populations,
network of networks.
computing
computingrumors It ismisinformation
devices,
and
devices, common
and
and that there
different
different messages
in are
social
messages
networks,
multiple and
types malware
of malware in both computer
infecting a and
network ad
of hoc networks.
computing It
devices,is common
and that
different there
messages are
can
can spread
networks,
spread
multiple overmalware
and
over
types ofthe
the social
social
malware network.
in both
network.
infecting Information
computer and ad
Information
a network ofspreading
hoc
spreading
computing anddevices,
networks.
and virus
virus propagation
It ispropagation
common
and differentarethere
that
are interde-
interde-
messages are
can spread
pendent
multiple
pendent overofthe
processes.
types
processes. To social
malware
To capture
capturenetwork.
their
infecting
their Information
independencies,
a network
independencies, ofspreading
we
computing
we anddevices,
integrate
integrate virus
two
two propagation
epidemic
and
epidemic differentaremessages
models
models interde-
into
into one
one
can spread
pendent over theTosocial
processes. capturenetwork.
their Information spreading
independencies, and virus
we integrate propagation
two epidemic are into
models interde-
one
holistic
can
holistic
pendent framework,
spread over theTo
framework,
processes. known
social
knowncaptureas
as the
network.
the
theirmodified
modified Susceptible-Warned-Infected-Recovered-Susceptible
Information spreading and virus propagation
Susceptible-Warned-Infected-Recovered-Susceptible
independencies, we integrate two epidemic are into
models interde-
one
holistic
(SWIRS)
pendent
(SWIRS) framework,
model.
processes.
model. The
The known
To first
capture
first as the
epidemic
epidemictheirmodified
model Susceptible-Warned-Infected-Recovered-Susceptible
describes
independencies,
model describes the
we
the information
integrate
information twospreading
epidemic
spreading regarding
models
regarding the
into
the risk
one
risk
holistic
(SWIRS) framework,
model. The known
first as the
epidemic modified Susceptible-Warned-Infected-Recovered-Susceptible
model describes theTheinformation spreading regarding the risk
of malware
holistic
of malware
(SWIRS) attacks
framework,
attacks
model. and
known
and
The possible
as
possible
first the
epidemic preventive
modified
preventive procedures.
procedures.
model describes The
theThe second
second
information one
one describes
Susceptible-Warned-Infected-Recovered-Susceptible
describes
spreading the
the propagation
propagation
regarding the risk
of
of malware
multiple
(SWIRS)
of attacks
viruses
multiplemodel.
viruses and
Theover
over possible
firstthe
theepidemic preventive
network
network of
model procedures.
of devices. To
describes
devices. minimize
To the second
the
information
minimize one
the impact
impact describes
of
of the
spreading the the propagation
virus
regarding
virus spreading
the risk
spreading
of
of malware
multiple attacks
viruses and possible
overpossible
the network preventive procedures.
of devices. The second one describes the propagation
and
of
and
of improve
malware
improve
multiple the
the protection
attacks
viruses and
protection
over the of
of the
the
network networks,
preventive
networks,
of devices.we To
we minimize
consider
procedures.
consider
To Thean
minimize an the impact
optimal
second
optimal
the impact
of the
one control
describes
control
of the
virus
problem
the
problem spreading
with
with two
propagation
virus spreading two
and
types
of improve
of control
multiple
types of the strategies:
control
viruses protection
strategies: of the networks,
information
over the information
network of devices. we To
spreading
spreading consider
among
minimize
among an optimal
healthy
the impact
healthy control
nodes
nodes ofand
the
and problem
the
the with two
treatment
virus spreading
treatment of
of
and
types improve
of nodes. the
control protection
strategies: of the
informationnetworks, we
spreading consider
amongan an optimal
healthy control
nodes problem
andproblem
the with
treatment twoof
infected
and
infected nodes.
improve
types of nodes. the
controlWe We
We obtain
protection
obtain
strategies: the
the of structure
the
structure
information of
networks,
of optimal
we
optimal
spreading control
consider
control strategies
optimal
strategies
among strategies
healthy nodes and
and study
control
study
and the the
the condition
with
condition
treatment twoof
of
of
infected
epidemic outbreaks.
types of nodes.
epidemic control
outbreaks. obtain
The
strategies:
The main the
main structure
results
information
results areareof optimal
extended
spreading
extended control
to
amongthe case
healthy
to the case of the and
nodes
of the study
network
network of
and the the
two
ofthe condition
connected
treatment
two connected of
of
infected
epidemic We
outbreaks. obtain
The the
main structure
results areof optimal control
extended to the strategies
case of the and study
network of twocondition
connected of
clusters.
infected
clusters.
epidemic Numerical
nodes.
Numerical
outbreaks. examples
We obtain
examples
The the are
main are used
structure
usedare
results to
toofcorroborate
optimal control
corroborate
extended to the
the
the theoretical
strategies
theoretical
case of the findings.
and studyofthe
findings.
network twocondition
connected of
clusters.
epidemic Numerical
outbreaks. examples
The mainThisare usedare
results to corroborate
extended to the
the theoretical
case findings.
clusters.
CopyrightNumerical
© 2020 Theexamples
Authors. are used to corroborate
is an open access articlethe theofCC
theoretical
under theBY-NC-ND
network of
findings. two connected
license
clusters.
Keywords: Numerical
Network
(http://creativecommons.org/examples
Security, are
Optimalused to corroborate
Control,
licenses/by-nc-nd/4.0) Epidemic the
Keywords: Network Security, Optimal Control, Epidemic Process, Information Spreading. theoretical
Process, findings.
Information Spreading.
Keywords: Network Security, Optimal Control, Epidemic Process, Information Spreading.
Keywords: Network Security, Optimal Control, Epidemic Process, Information Spreading.
Keywords:
1. Network Security, Optimal Control, Epidemic
1. INTRODUCTION
INTRODUCTION same time,
same Process,
time, Information
information
information Spreading.
propagation
propagation of the
of the vulnerability
vulnerability
1. INTRODUCTION same
of
of the
the time, information
computing
computing devices
devices propagation
and
and personal
personal of accounts
the vulnerability
accounts in
in social
social
1. INTRODUCTION same
of the time, information
computing devices propagation
and personal of accounts
the vulnerability
inprotec-
social
1. INTRODUCTION networks,
same
networks,time, as well as
asinformation
well as the knowledge
propagation
the knowledge of the
of of
the effective
the vulnerability
effective protec-
of the
networks, computing
as well devices and personal accounts in social
Recent
Recent advances
advances in in information
information technologies
technologies have have wit- tion
wit- networks,
of the
tion measures,
computing
measures, canas
can the raise
help
devices
help knowledge
raise
and the
the of the
awareness
personal
awareness effective
of the
accounts
of the in protec-
security
social
security
Recent advances in information as wellcanas the raise
knowledge of the effective protec-
nessed
nessed
Recent an
an exponential
exponential
advances in growth
growth in
information in technologies
the
the number
number of
technologies
have
of
have
wit- tion
devices
devices
wit- threatsmeasures,
networks,
threats and
andas their
well
their ashelp
solutions
the
solutions thereduce
to
knowledge
to awareness
reduce
of thethe of the security
theeffective
number
number of in-
protec-
of in-
nessed
Recent an
connected
connected exponential
to
advances
to the Internet
the Internet growth
and the
in information
and in technologies
the the
rapid
rapid number
expansion
expansion of
have of the tion
devices
of wit-
the threats
fected
tion
fected
measures,
and their
devices.
measures,
devices.
can solutions
help raiseto
Generally,
can help
Generally,
thereduce
multiple
raise the
multiple
awareness
types
awareness
types the
of
of
of the security
number
viruses
of the
viruses of in-
co-exist
security
co-exist
nessed
connected an exponential growth in the number of devices
of the threats and their solutions to reduce the numberco-exist
of in-
use
use of an to
of social
nessed social the Internet
networks.
exponential
networks. The
The and
growth the rapid
proliferation
in the
proliferation expansion
of
number
of devices
devices creates
of devices
creates fected
at the
threats
at devices.
same Generally,
time.
and their
the devices.
same time. Hence,
solutions multiple
we
wetomodel
Hence,multiple types
reduce
model the
thethe ofmalware
viruses spread-
numberco-exist
of in-
connected
use of social
opportunities
to the Internet
networks.
to spread The and the
information
rapid
proliferation expansion
of
more devices of the fected
creates
conveniently. at the same Generally,
time. Hence, we model types
the ofmalware
viruses
malware
spread-
spread-
connected
opportunities to the
use of social networks.to Internet
spread and the
information
Theinformation rapid
proliferation moreexpansion of
conveniently.
of devices the
creates at ing
fected
ing as
as Susceptible-Infected-Recovered-Susceptible
devices. Generally, multiple types
Susceptible-Infected-Recovered-Susceptible of viruses (SIRS)
co-exist
(SIRS)
opportunities
Still, to spread more conveniently. ing the same time. Hence, we model the malware spread-
as Susceptible-Infected-Recovered-Susceptible (SIRS)
use of it
Still,
opportunities
has
itsocial also
has networks.
also created
created
to spread
a large
large attack
Theinformation
aproliferation
attack of surface
more devices
surface for
for
conveniently.
the
creates
the ing dynamics
at the
dynamics samein time.
in whichHence,
which the population
the population
we modelof ofthe devices
malware
devices is grouped
is grouped
spread-
Still,
malware it has also
to exploit
exploit created
existing a large attack
vulnerabilities surface for
ofconveniently.
the devices the
devices into as
dynamics Susceptible-Infected-Recovered-Susceptible
in which the population of devices is (SIRS)
grouped
opportunities
malware
Still, it has to to spread
existing
also created information
vulnerabilities
a vulnerabilities more
large attack surface of the for the intoing as several
dynamics subpopulations, i.e., the
Susceptible-Infected-Recovered-Susceptible
several in subpopulations,
which the population susceptible
i.e., theof susceptible (S),
devices is grouped(SIRS)
(S), the
the
malware
and spread
Still,
and it
spread tomalicious
has exploit
malicious
also existing
codesaover
created
codes over theattack
large
the Internet.
Internet. ofThe
The
surfacethechannels
devices
channels
for the into several
infected (I) subpopulations,
and recovered i.e.,
(R). the
In susceptible
addition, a (S),
group the
of
malware to exploit existing vulnerabilities of the devices dynamics
infected
into several in which the
(I) subpopulations, population
and recovered (R). i.e., In
theof devices
addition,
susceptible is grouped
a group
(S), of
the
and
of spread
malware
malware
of malware to malicious
spreading
exploit
spreading codes
existing over
nowadays
nowadays the areInternet.
vulnerabilities
are not
not just
of
justThethe channels
limited
devices
limited to
to infected
infected (I)
nodes andis recovered
also divided (R).
intoIn addition,
several a
subgroups.group The of
and spread malicious codes over the Internet. The channels into several
infected
infected nodes
(I) subpopulations,
andis also divided
recovered i.e.,
into
(R). the
In susceptible
several
addition, subgroups.
a (S),
group the
The of
of
and malware
computer
spread
computer spreading
networks
malicious
networks but nowadays
codesalso include
over
but also include the are not
mobile
Internet.
mobile just limited
networks
The
networks to
and
channels
and infected
SIRS nodes
dynamics is also
describe divided
the(R).into several
evolution subgroups.
of the
the apopulation
populationThe
of malwarenetworks spreading infected
SIRS (I) and
dynamics recovered
isdescribe the intoInseveral
evolution addition,
of groupThe of
computer butnowadays
also include aremobile
not just limitedand
networks to infected
SIRS nodes
dynamics also divided of subgroups.
online
of malware
online
computer
socialspreading
social networks.
networks.
networks but
Moreover,
nowadays
Moreover,
also include arethenot
the wide
wide
mobile just applications
limitedand
applications
networks to size that
infected
size
SIRS that can
can be
nodes
dynamics isdescribe
be controlled
also
describe
the using
divided
controlled the
evolutionspecial
into several
using
evolutionspecialof
the population
patching
subgroups.
patching
the population and
The
and
online
of social
networks
computer networks.
generate
networks an
butan Moreover,
also includethe
increasing widenetworks
amount
mobile applications
of securityand size
security that
recovery. can be controlled
Spreading of using special patching and
of networks
online social generate
networks. increasing
Moreover, the amount of
wide applications SIRSthat
recovery.
size dynamics
can bedescribe
Spreading of information
the using
evolution
information
controlled
is
is also
specialof the
also described
population
described
patching
by
by
and
of networks
threats.
online
threats. Computer
social
Computergenerate
networks. an
virus
virus increasing
or malware
Moreover,
or malware amount
spread
theamount of
and security
wide applications
spread and attack recovery.
the
attack recovery. modified Spreading
SIR of information
model, whichwhich is
includes also described
susceptible by
(S),
of networks
threats. Computergenerate an
virus increasing
or malware spread of
and security
attack size
the that
modified can be
SIR
Spreading controlled
model,
of using
information special
includes
is also patching
susceptible
described and
(S),
by
a
of large
networks number
a large number of
generate nodes
of virusan as
nodesorasmalwarethe
increasing network
the networkamount connectivity
of security
connectivity the
warnedmodified
recovery.
warned (W), SIR
and
Spreading
(W), and model,
recovered which
(R)
of information includes
nodes. Here,
isHere,
alsosusceptible
warned
described (S),
nodesby
athreats. Computerof
large number nodes spread connectivity
and attack the modified SIRrecovered
model, (R) nodes.
which includes warned
susceptible nodes
(S),
increases.
threats.
increases.
a large
It can
Computer
It
number
can disrupt
disrupt
of virus
nodes oras
computer
computer
as
the functionalities,
malware
the
network
functionalities,
spread connectivity
network
collect
and collect
attack are warned
the
are
warned
(W), of
informed
modified
informed
(W),
and
of therecovered
the
SIR
and necessity
model,
necessity
recovered
(R)
of
which
(R)
nodes.
of protection
includes
protection
nodes.
Here,
Here, of warned
their
susceptible
of their
warned
nodes
accounts
accounts(S),
nodes
increases.
sensitive,
a large number It can disrupt
confidential computer
information,
of nodes as the and functionalities,
and gain illegal
network illegal collect
access are
connectivity and informed
devices of thetheir
necessity of protection of their accounts
sensitive,
increases. confidential
It can disrupt information,
computer gain
functionalities, access
collect warned
and
are (W),from
devices
informed and
from
of therecovered
their neighbors.
(R)
neighbors.
necessity nodes. Here,
of protection warned
of their nodes
accounts
sensitive,
to private
increases.
to confidential
computer
Itcomputer
can disrupt
privateconfidential information,
networks
computer
networks at and
a gain
much illegal
functionalities,
at anda much larger access
scale.
larger collect
scale. and and devices from their neighbors.
sensitive, information, gain illegal access are informed
devices of the necessity of protection of their accounts
to private it
Therefore,
sensitive, computer
is
is critical networks
to
to design atpreventive
a much larger
and scale. The
effective The goal
goal ofoffrom
the their
the work neighbors.
work is
is to
to combine
combine the the twotwo epidemic
epidemic
to privateconfidential
Therefore,
Therefore, it is
criticalinformation,
itcomputer
critical
designat
networks
to design
and
preventive
a much
preventive
gain illegal
and
larger
and
access
effective
scale. The
effective
and devices
goal
processes
processes of
in
in
from
the
one
one
their
work
model.
model.
neighbors.
is to
One
One combine
epidemic
epidemic the the two describes
process
process epidemic
describes
treatment
to private
treatment strategies.
computer
strategies. networks at a much larger scale. The goal of the work is to combine two epidemic
Therefore,
treatment it is critical
strategies. to design preventive and effective processes
the in
dissemination
The dissemination
goal in one
of one model.
the model.of the
work theOne
isOne epidemic
information,
toinformation,
combine process
and describes
the other
Therefore,
treatment
The control it ofis malware
critical tospreading
strategies. design preventive
can be and effective
considered as
the
processes
the dissemination
of
of ofthe epidemic the
information,
andtwothe
process
and the
epidemic
other
describes
other
The control
treatment of malware
strategies. spreading can be considered as one
one is
processes
is the
thein spreading
one model.
spreading of viruses.
One We
epidemic
viruses. We consider
process
consider a gener-
describes
a gener-
The
an
an control
optimal
optimal of malware
control
control problem
problem spreading
that defines
that can be
defines considered
a trade-off
a trade-off as the
solu-
solu- one
alized
dissemination
is the spreading of oftheviruses.
information,
We
Susceptible-Warned-Infected-Recovered-Susceptible
and the
consider a other
gener-
Theoptimal
controlcontrolof malware spreading can be considered the
as alized
one is dissemination
the spreading of oftheviruses.
information,
Susceptible-Warned-Infected-Recovered-Susceptible
We consider and the other
a gener-
an
tion
tion between
Theoptimal
controlcontrol
between the
of problem
cost
themalware
cost of
of fast that
and
spreading
fast defines
and periodic
can be
periodic adevelopment
trade-off
considered
development solu-
of
as alized
(SWIRS)
of alized Susceptible-Warned-Infected-Recovered-Susceptible
model, whichof extends theWe model for information
information
an problem that defines a trade-off solu- one isSusceptible-Warned-Infected-Recovered-Susceptible
(SWIRS) themodel,
spreading
which viruses.
extends the model consider
for a gener-
tion
patches
an between
and thevalue
the cost of the
of fastrecovery
and periodicof theadevelopment
of the devices.
trade-offAt of (SWIRS) model, which extends the model for information
the
tionoptimal
patches
patches
and control
between
and the
the value
thevalueproblem
cost of the
of the
of
that
recovery
fastrecovery defines
and periodic devices.
of thedevelopment
Atsolu-
devices. At the
the alized Susceptible-Warned-Infected-Recovered-Susceptible
of (SWIRS) model, which extends the model for information
tion between the cost of fast and periodic
patches and the value of the recovery of the devices. At the development of (SWIRS) model, which extends the model for information
patches
2405-8963and the value
Copyright © 2020of The
the Authors.
recoveryThis of the
is andevices.
open access Atarticle
the under the CC BY-NC-ND license.
Peer review under responsibility of International Federation of Automatic Control.
10.1016/j.ifacol.2020.12.086
 Vladislav Taynitskiy et al. / IFAC PapersOnLine 53-2 (2020) 6650–6655 6651
spreading by incorporating the SIRS model that describes
the propagation of two types of malware. In the paper,
we formulate a controlled SWIR and SWIRS model and
show the structure of the optimal policies of spreading
information about virus protection and optimal treatment.
Moreover, we carry out a series of numerical simulations
to corroborate the results.
Recent literature has seen a surge of interest in using
optimal control and stability equilibrium analysis to study
malware protection in computer networks, social networks,
and ad-hoc networks (See Fedyanin (2011); Wu (2013);
Sharma (2015); Zuzek (2015); Taynitskiy (2015, 2017);
Farooq and Zhu (2019); Moon (2019); Huang and Zhu
(2019a)). Moreover, the clusters of the population play an
important role. Several waves of the viruses propagation
might occur due to sequential propagation information
from one cluster to another, even when a single cluster
model might predict just a monotone spreading.
In this paper, we establish a control-theoretic model to
design optimal quarantining and immunization strategies
to mitigate the impact of epidemics on our society. The
recent spreading of ransomware (e.g., CryptoLocker, Cryp-
toDefense, or CryptoWall) has spread using spam emails
to extort money from home users and businesses alike by
locking files on a PC or network storage (See Luo (2009);
Newman (2016)). Mean-field dynamical systems are used
to model the underlying evolution of the host subpopula-
tions. In Wang (2017), many variants of optimal control
models of SIR-epidemics are investigated in the context
of medical vaccination and health promotion campaigns.
Previous studies have shown the application of epidemic
frameworks to the models of network protection as in
Mieghem (2009); Sahneh (2013); Vespignani (2015);
Farooq and Zhu (2019); Taynitskiy (2017, 2018); Altman
(2019). Many different research works have provided vari-
ants of epidemic models in computer security. Spreading
information on social networks has been studied in Moore
(2002).
The rest of the paper is organized as follows. Section 2
presents the controlled SWIRS mathematical model. In
Section 2.1, we formulate the SWIRS model. Section 2.2
describes the optimal control problem and Section 2.3
presents the structure of optimal protection and informa-
tion spreading policies. In Section 3, theoretical results are
applied to the case of a clusterized population. Section
4 presents a series of numerical experiments. Section 5
concludes the paper.
2. DETERMINISTIC POPULATION MODEL
2.1 Model formulation
In this Section, we formulate a two-level modified SIRS
model (Susceptible-Infected-Recovered-Susceptible) with
two different types of viruses circulated in a population
of size N . This auxiliary partitioning allows capturing two
processes that occur in both computer and social networks.
The first process is the propagation of information about
harmful malware attacks and the protection of personal
data, documents, projects, etc. We consider this spreading
process as the first level hierarchy in the Susceptible-
Warned-Infected-Recovered-Susceptible (SWIRS) model.
The second process, which corresponds to the physical
propagation of antivirus software, is considered as the
second level of the model, which is a modified Susceptible-
Infected-Recovered-Susceptible (SIRS) model with two
competitive viruses. Thereby, in contrast to classical SIRS
models (Capasso (1993); Allen (2008)), where popula-
tions are divided into three groups: Susceptible (S), In-
fected (I), and Recovered (R), here the Infected subgroup
is divided into two subgroups: a subgroup of nodes infected
by the first type of virus V1 and the subgroup infected by
the second type V2 . Spreading information on the first level
introduces a new group Warned (W ) into consideration.
This group consists of the nodes, which have received infor-
mation about the potential risks of virus attack/spreading
and methods of protection.
Fig. 1. The scheme of transitions between groups S, W ,
I1 , I2 , R.
We model the epidemic process as a system of nonlinear
differential equations. The total number of nodes in the
network during the entire process remains constant and
equal to nS + nW + nV1 + nV2 + nR = N . Let S(t) = nSN(t) ,
W (t) = nWN(t) , I1 (t) = VN , I2 (t) = VN , R(t) = nRN(t)
n (t) n (t)
1 2
as a fraction of the Susceptible, the Warned, the Infected,
and the Recovered nodes, respectively. At the beginning of
the epidemic, at time t = 0, the majority of the individuals
are in the Susceptible state, and a small fraction of
individuals are infected by different types of virus. Hence,
initial states are S(0) = S 0 > 0, W (0) = W 0 ≥ 0,
I1 (0) = I10 > 0, I2 (0) = I20 > 0 and R(0) = R0 = 1 −
S 0 − W 0 − I10 − I20 .
Behavior of the system is described by a system of nonlin-
ear differential equations:
dS/dt = −kW S − β1S SI1 − β2S SI2 + γR − u3 S;
dW/dt = kW S − β1W W I1 − β2W W I2 + u3 S − σ3 W ;
dI1 /dt = β1S SI1 + β1W W I1 − εI1 I2 − σ1 I1 − u1 I1 ; (1)
dI2 /dt = β2S SI2 + β2W W I2 + εI1 I2 − σ2 I2 − u2 I2 ;
dR/dt = σ1 I1 + u1 I1 + σ2 I2 + u2 I2 + σ3 W − γR,
where βiS are infection rates for susceptible nodes for virus
Vi , i = 1, 2 and βiW are infection rates for the warned
nodes. On the second level of the epidemic process, we
can view a self-recovery rate σ1 for virus V1 or σ2 for virus
V2 as the probability that infected nodes from subgroups
I1 or I2 are recovered from the infection without incurring
any costs on our system. On the first level, nodes that are
informed of virus attacks have a recovery rate σ3 . Without
loss of generality, we can say that the second virus V2 is
stronger than the first V1 , and with the probability ε virus
V2 can supersede the first virus in the node infected by the
first virus.
6652 Vladislav Taynitskiy et al. / IFAC PapersOnLine 53-2 (2020) 6650–6655

The application of antivirus patches reduces the number of
infected nodes. It can be interpreted as control parameters
by u1 (t) and u2 (t) in (1), where ui are the fractions of
the infected under treatment, u1 (t), u2 (t) ∈ [0, 1], for all t.
The warned nodes can avoid an epidemic by taking spe-
cial quarantine measures. Control parameter u3 (t) is the
fraction of susceptible nodes that become warned of the
virus spreading at time t.
2.2 Optimal Control of Epidemics
Let the objective function J be the sum of two functionals,
which correspond to the two levels of the model. On the
first level, functional J1 describes the costs of the quaran-
tine measures, i.e., the costs of disseminating information
about the epidemics to susceptible nodes. On the second
level, functional J2 defines the cost of antivirus treatment
and includes the costs incurred by infected nodes, costs
of spreading antivirus, and the benefit from the recovered
nodes.
At any given t, f1 (I1 (t)), f2 (I2 (t)) are infection costs;
L(W (t)) is the utility of the warned nodes. Function
g(R(t)) defines the benefit rate for recovered nodes; func-
The adjoint system is defined as follows:
λ̇S (t) = (λS − λW )kW + (λS − λI1 )β1S I1 +
(λS − λI2 )β2S I2 + (λS − λW )u3 ;
λ̇W (t) = −L′ (W ) + (λS − λW )kS + (λW − λI1 )β1W I1 +
(λW − λI2 )β2W I2 + (λW − λR )σ3 ;
λ̇I1 (t) = f1′ (I1 ) + (λS − λI1 )β1S S + (λW − λI1 )β1W W +
(λI1 − λI2 )εI2 + (λI1 − λR )(σ1 + u1 );
λ̇I2 (t) = f2′ (I2 ) + (λS − λI2 )β2S S + (λW − λI2 )β2W W +
(λI1 − λI2 )εI1 + (λI2 − λR )(σ2 + u2 );
λ̇R (t) = −g ′ (R) + (λR − λS )γ,
(5)
with the transversality conditions given by
λS (T ) = λW (T ) = λI1 (T ) = λI2 (T ) = λR (T ) = 0. (6)
According to Pontryagin’s maximum principle, there exist
continuous and piece-wise continuously differentiable co-
state functions λr (t), r ∈ {S, W, I1 , I2 , R} that satisfy (5)
and (6) for t ∈ [0, T ] together with continuous functions
u∗1 (t), u∗2 (t) and u∗3 (t):
(u∗1 , u∗2 , u∗3 ) ∈
arg max H(λ, S, W, I1 , I2 , R, u1 , u2 , u3 ). (7)
u1 ,u2 ,u3 ∈[0,1]

tions h1 (u1 (t)), h2 (u2 (t)) are costs for antivirus treatments
and h3 (u3 (t)) is cost of information spreading. Here func- 2.3 Structure of Optimal Control
tions fi (Ii ) are non-decreasing and twice-differentiable,
convex functions, fi (0) = 0, fi (Ii ) > 0 for Ii > 0, i = 1, 2, In this subsection, we construct the structure of the
g(R) and L(W ) are non-decreasing and differentiable func- optimal control u∗ (t) = (u∗1 (t), u∗2 (t), u∗3 (t)).
tions, and hi (ui (t)) is twice-differentiable and increasing
function in ui (t) such as hi (0) = 0, hi (x) > 0, i = 1, 2, 3, Proposition 1. The following statements hold for the
when ui > 0. Also costs of information spreading are optimal control problem described in Section 2:
lower than costs for antivirus treatments h3 (·) < h1 (·) • When hi (·) are concave functions, then there exists
and h3 (·) < h2 (·). t0 ∈ [0, T ] such that for any i = 1, 2, 3 :
The aggregated system costs over the time interval [0, T ] {
1, for 0 ≤ t ≤ t0 ;
are defined as J = J1 + J2 , where u∗i (t) =
0, for t0 < t ≤ T.
∫ T
J1 = h3 (u3 (t)) − L(W (t))dt, • When hi (·) are strictly convex functions, then there
0 exist the time t0 , t1 , 0 < t0 < t1 < T such that for
∫ T∑ 2 ( ) (2) any i = 1, 2, 3 (α(t) ∈ (0, 1)):
J2 = fq (Iq (t)) + hq (Iq (t)) − g(R(t)). {
0 q=1
1, 0 ≤ t ≤ t0 ;
∗
ui (t) = α(t), t0 < t ≤ t1 ;
and the optimal control problem is to minimize these costs, 0, t1 < t ≤ T.
i.e., min{u1 ,u2 ,u3 } J.
By using Pontryagin’s maximum principle (Pontrya- To prove Proposition 1, we consider the following auxiliary
gin (1962)), we construct the optimal control u(t) = lemma.
(u1 (t), u2 (t), u3 (t)) of the problem described above in Sec- Lemma 1. Functions φi , i = 1, 3 are decreasing func-
tion 2. To simplify the presentation, we use short-hand tions of t for t ∈ [0, T ].
notations S, I1 , u1 , etc. in place of S(t), I1 (t), u1 (t), etc.
Define the associated Hamiltonian H and the adjoint func- We can divide this maximization problem into three sub-
tions λS (t), λW (t), λI1 (t), λI2 (t), λR (t) as follows: problems and find optimal control u∗1 (t), u∗2 (t) and u∗3 (t),
separately:
H = g(R) − f1 (I1 ) − f2 (I2 ) + L(W ) + (λW − λS )kW S+
max[−h1 (u1 ) + φ1 u1 ] + max[−h2 (u2 ) + φ2 u2 ]+
(λI1 − λS )β1S SI1 + (λI2 − λS )β2S SI2 + u1 u2
(8)
(λI1 − λW )β1W W I1 + (λI2 − λW )β2W W I2 + max[−h3 (u3 ) + φ3 u3 ].
u3
(λI2 − λI1 )εI1 I2 + (λR − λI1 )σ1 I1 +
(λR − λI2 )σ2 I2 + (λS − λR )γR+ We obtain the following derivatives:
(−h1 (u1 ) + φ1 u1 ) + (−h2 (u2 ) + φ2 u2 )+ ∂H
= −ḣi (ui ) + ψi = 0, i = 1, 3. (9)
(−h3 (u3 ) + φ3 u3 ), ∂ui
(3) As hi (ui ) are increasing functions and Iq ≥ 0 and S ≥
where functions φi (t) are defined as follows: 0, then the Hamiltonian reaches its maximum if ψi =
φq (t) = (λR (t) − λIq (t))Iq (t), q ∈ {1, 2}, ḣi (ui ) ≥ 0, i = 1, 2, 3. We can find such ui if and only
(4) if the following conditions are satisfied: λR (t) − λI1 (t) ≥ 0,
φ3 (t) = (λW (t) − λS (t))S(t).
 Vladislav Taynitskiy et al. / IFAC PapersOnLine 53-2 (2020) 6650–6655 6653
λR (t) − λI2 (t) ≥ 0 and λW (t) − λS (t) ≥ 0. To complete
the proof of proposition, we consider the auxiliary lemma.
Lemma 2. For all t ∈ [0, T ], we have λR (t) − λI1 (t) ≥ 0,
λR (t) − λI2 (t) ≥ 0 and λW (t) − λS (t) ≥ 0.
The proof of Lemma 2 consists of two parts: firstly, we
consider the case when t = T and show that derivatives of
the functions λR (t) − λI1 (t), λR (t) − λI2 (t) and λW (t) −
λS (t) are non-positive; secondly, we prove by contradiction
that on the whole interval [0, T ] these functions are non-
negative. The complete proofs of Proposition 1, Lemma
1 and Lemma 2 follow the same technique as in Altman
(2011); Taynitskiy (2018).
Functions hi (·) are concave
Let hi (·) be a concave functions (h′′i (·) < 0), then ac-
cording to (3) the Hamiltonian is a convex function of
ui , i = 1, 3. There are two different options for ui ∈ [0, 1]
that maximimize the Hamiltonian. If −hi (0) + φi · 0 >
−hi (1)+φi ·1 or hi (1) > φi , then optimal control is ui = 0
(see Fig. 2 (left)); otherwise – ui = 1 (see Fig. 2 (right)).
Fig. 2. Hamiltonian if functions hi (·) are concave.
For i = 1, 3, the optimal control parameters ui (t) are
defined as follows:
{
0, φi (t) < hi (1),
∗
ui (t) = (10)
1, φi (t) ≥ hi (1).
Functions hi (·) are strictly convex
Let hi (·) be a strictly convex functions (h′′i (·) > 0), then
Hamiltonian is concave function. Consider the following
derivative:
∂ rameters in the system remain the same as in Section 3.1.
(−hi (x) + φi x) |x=xi = 0, (11)
∂x
where x ∈ [0, 1], u∗i (t) = xi . There are three different types
of points at which the Hamiltonian reaches its maximum
(Fig. 3). To find them, we need to consider the derivatives
of the Hamiltonian at ui = 0 and ui = 1. If the derivatives
(11) at ui = 0 are non-increasing (−h′i (0) + φi ≤ 0), then
the value of the control that maximizes the Hamiltonian
is less than 0, and according to our restrictions (ui ∈
[0, 1]) optimal control will be equal to 0 (Fig. 3a). If the
derivatives at ui = 1 are increasing (−h′i (1) + φi > 0), it
means that the value of the control that maximizes the
Hamiltonian is greater than 1. Hence the optimal control
will be 1 (Fig. 3c); otherwise, we can find such value
u∗i ∈ (0, 1) (see Fig. 3b):

 0, φi ≤ h′i (0), i = 1, 2, 3;
∗
ui (t) = h′−1 (φi ), h′i (0) < φi ≤ h′i (1), i = 1, 2, 3.
 1, h′ (1) < φ , i = 1, 2, 3.
i i
(12)
Functions φi (t), h′i (t), u∗i (t) are continuous at all t ∈ [0, T ].
In this case hi is strictly convex and h′i is strictly increasing
Fig. 3. Hamiltonian when functions hi (·) are convex.
functions, so h′ (0) < h′ (1). Thus there exist points t0 and
t1 (0 < t0 < t1 < T ) so that conditions (12) are satisfied,
and according to φi are decreasing functions.
3. SWIRS MODEL ON META-POPULATION
NETWORK
The clustering of the nodes in the network can be con-
sidered as a natural extension of the SWIRS model from
Section 2. We assume that all nodes inside the one cluster
follow the same behavioral rules. However, the infection
can be transferred among clusters. For this reason, we
consider a case of a network with N nodes, which can be
divided into several clusters. Here, the matrix A = {aτ µ }
is the adjacency matrix of the first level of SWIRS model,
where information about possible consequences of malware
attacks is spreading, and B = {bτ µ } is the adjacency
matrix of the second level, where special antivirus patches
are applied. Denote as kaτ µ the probability that a node
from cluster τ of size Nτ and a node from a cluster µ of size
Nµ change their states from S to W at every time instant.
The probability that a susceptible node from cluster τ will
be infected due to the contact with a node from a cluster µ,
infected by virus Vl , l ∈ {1, 2} is equal to βVSl bτ µ . A warned
node from cluster τ will be infected by virus Vl , l = {1, 2}
through the contact with the node from a cluster µ with
probability βVWl bτ µ .
Vector Xj (t) = (Sj (t), Wj (t), I1j (t), I2j (t), Rj (t)) defines
the proportions distribution of being in each of the states
for the cluster j = 1, . . . , M at t. For any t ∈ [0, T ],
the sum of the probabilities for any node j is equal to
Sj (t) + Wj (t) + I1j (t) + I2j (t) + Rj (t) = 1. All other pa-
This simultaneous process of information spreading and
patching is described by a system of nonlinear differential
equations:
∑ ∑
dSj (t)/dt = −kSj (t) ajl Wl (t) − β1S Sj (t) bjl I1l (t)−
∑l l
β2S Sj (t) bjl I2l (t) + γRj (t) − u3j (t)Sj (t);
∑
l ∑
dWj (t)/dt = kSj (t) ajl Wl (t) − β1W Wj (t) bjl I1l (t)−
∑ l l
β2W Sj (t) bjl I2l (t) + u3j (t)Sj (t) − σ3 Wj (t);
∑
l ∑ (13)
dI1j (t)/dt = β1S Sj (t) bjl I1l (t) + β1W Wj (t) bjl I1l (t)−
∑ l l
εI1j (t) bjl I2l (t) − σ1 I1j (t) − u1j (t)I1j (t);
l ∑ ∑
dI2j (t)/dt = β2S Sj (t) bjl I2l (t) + β2W Wj (t) bjl I2l (t)+
∑ l l
εI1j (t) bjl I2l (t) − σ2 I2j (t) − u2j (t)I2j (t);
l
6654 Vladislav Taynitskiy et al. / IFAC PapersOnLine 53-2 (2020) 6650–6655

( )
dRj (t)/dt = σ1 I1j (t) + u1j (t)I1j (t) + σ2 I2j (t)+
J →T· min(h1 (U ), h2 (U )) − L(W (0)) − g(R(0)) . (19)
u2j (t)I2j (t) + σ3 Wj (t) − γRj (t),
∑
where l defines the sum from 1 to M . Initial states are 4. NUMERICAL EXPERIMENTS
Sj (0) > 0, Wj (0) ≥ 0, I1j (0) > 0, I2j (0) > 0, Rj (0) = 1 −
Sj (0) − Wj (0) − I1j (0) − I2j (0) for all clusters j. In this section, we present numerical case studies to corrob-
orate our results. For the experiments, we use the following
The aggregated system costs on the time interval [0, T ] are costs functions: infection costs – f1 (I1 (t)) = 30I1 (t) and
defined as J = J1 + J2 , where f2 (I2 (t)) = 40I2 (t); treatment costs – h1 (u1 (t)) = 20u21 (t),
∫ T (∑ ) (∑ ) h2 (u2 (t)) = 25u21 (t); vaccination cost – h3 (u3 (t)) =
J1 = h3 (u3j (t)) − L Wj (t) dt, 10u23 (t); and utility functions are L(W (t)) = 2W (t) and
g(R(t)) = 5R(t). The time interval in the first two exper-
0 j j
∫ 2 (
T ∑ (∑ ) (∑ )) iments is equal to [0,20].
J2 = fq (Iqj (t)) + hq (Iqj (t)) − (14)
0 q=1 j
∑ j

g( Rj (t))dt.
j

and the optimal control problem is to minimize these

costs, i.e., min{u1j ,u2j ,u3j } J.
We focus on a case when both malware can cause extreme
damages, and there is a need to lock down the entire sys-
tem to prevent future destruction. To avoid this lockdown
or other expensive security activity, we have to construct
a constant control such that any malware will be instantly Fig. 4. Experiment I: Behavior of the system in the uncon-
eliminated, even though the time when the viruses attack trolled case (left), the controlled case (middle) and the
structure of the optimal control(right). Parameters
the system cannot be precisely identified. We assume that
are: k = 0.3, β1S = 0.35, β2S = 0.45, β1W = 0.25,
max (h1 (u1j ), h2 , (u2j ), h3 (u3j ), L(Wj ), g(Rj )) << β2W = 0.35, σ1 = 0.05, σ2 = 0.03, σ3 = 0.01, γ = 0.2,
min (f1 (I1j ), f2 (I2j ))) , ε = 0.5).
∀j, u1j , u2j , u3j , Wj , Rj , I1j , I2j > 0.
Experiment I shows the behavior of the SWIRS-model
We have to define the condition for u which remains system in two different cases: controlled and uncontrolled ones
in disease free state with minimum costs. We assume that (see Fig. 4). In the uncontrolled cases, at T = 20 the
h1 (u1j ) = h2 (u2j ) = h3 (u3j ) = u. The initial state of the majority of nodes are infected by virus V2 (I2 (20) =
system is the equilibrium point E2 from the Section 3.2. 0.77). The values of the two cost functionals are equal
(13) can be reformulated as:
∑ ∑ ∑ to J1 = −2.86 and J2 = 10.41. After the treatment
βqS Sj0 0
bjl Iql + βqW Wj0 0
bjl Iql + (−1)q εI1j
0 0
bjl Iql − and information dissemination about possible epidemic
l l l
(15) outbreaks, all infected nodes are cured. Here, all nodes
0
σq Iqj 0
− uqj (0)Iqj ≤ 0, q ∈ {1, 2}. are in the disease-free state (S(20) = 0.29, W (20) = 0.23,
It is assumed that viruses can infect only one node at one R(20) = 0.48) and the values of the two cost functionals
time moment, then the system can be transformed in the are equal to J1 = −11.12 and J2 = 0.58, respectively.
following way: Comparing the aggregated costs in the uncontrolled case
(Juncntl = 7.55) and the controlled case (Jcntl = −10.54),
βqS Sj0 bjm + βqW Wj0 bjm − σq − uqj (t) ≤ 0, q = 1, 2, (16)
we can see that information spreading and the applied
where m is a node which was infected by a virus. treatment are beneficial.
Inequalities (16) can be rewritten as
uqj (0) ≥ (βqS Sj0 + βqW Wj0 )bjm − σ1 , q = 1, 2. (17)
We find control strategies that maintain the disease
free state in the the worst case of epidemics. This value
provides an estimation on system costs when hj = uj (t) on
the time interval [0, T ]. Summing the control parameters
gives:
∑
(u1j (0) + u2j (0)) ≥
( j )
∑ ∑ (18)
(β1S + β2S ) Sj0 + (β1W + β2W ) Wj0 bjm −
j j Fig. 5. Experiment II: Behavior of the system in two
M (σ1 + σ2 ) = U, different clusters of the population. Parameters are:
k = 0.15, β1S = 0.25, β2S = 0.3, β1W = 0.2, β2W = 0.25,
where uij (t) is the control of a type i ∈ {1, 2, 3} in a cluster σ1 = 0.3, σ2 = 0.4, σ3 = 0.3, γ = 0.3, ε = 0.5).
µ at time t. As a result, we obtain
Experiment II presents the SWIRS model on a meta-
population network. The behavior of the system (13) in
 Vladislav Taynitskiy et al. / IFAC PapersOnLine 53-2 (2020) 6650–6655 6655
two different clusters is represented in Fig. 5. Matrices
A, B indicate the strong connections between these clus-
ters, hence the epidemic which has been started in the first
cluster continue in the second (one: )
10
A=B= . (20)
11
Initial parameters are X1 (0) = (0.4, 0.4, 0.1, 0.1, 0) and
X2 (0) = (1, 0, 0, 0, 0). Final states are X1 (30) = (0.97, 0, 0,
0, 0.03) and X2 (30) = (0.9, 0, 0.02, 0.02, 0.06).
5. CONCLUSIONS
This paper presents a modified Susceptible-Warned-
Infected-Recovered-Susceptible (SWIRS) model of simul-
taneous spreading of the virus protection information and
the malware over a large population of nodes. We have
obtained the structure of the optimal control as well as
the properties of feasible controls for a special class of cost
functions. Numerical examples have been used to corrob-
orate the results. We would further explore the extension
of the SWIRS model to an epidemic model over complex
networks with different topologies and design the optimal
control strategies in the meta-population SWIRS model.
6. ACKNOWLEDGEMENT
The research has been partially supported by the RSF
grant No. 16-19-10609, U.S. National Science Foundation
Awards ECCS-1847056, CNS-1544782, and SES-1541164,
grant W911NF-19-1-0041 from U.S. Army Research Office
(ARO), and an NYU seed fund on coronavirus research.
REFERENCES
Allen L. J. S. An introduction to stochastic epidemic
models. Mathematical epidemiology, Springer. pp. 81-
130, 2008.
Altman E., Khouzani M., Sarkar S. Optimal control
of epidemic evolution. Proceedings of INFOCOM., pp.
1683–1691, 2011.
Altman E., Avrachenkov K., De Pellegrini F., El-Azouzi
R., Wang H. Multilevel Strategic Interaction Game
Models for Complex Networks. Springer Nature,
Switzerland, 2019.
Capasso V. Mathematical Structures of Epidemic Systems,
Vol.97, 1993.
Fedyanin D.N., Chkhartishvili A.G. On a model of in-
formational control in social networks. Automation and
Remote Control, Vol. 72, No. 10, pp. 2181–2187, 2011.
Huang Y., Zhu Q. A differential game approach to de-
centralized virus-resistant weight adaptation policy over
complex networks. IEEE Transactions on Control of
Network Systems, 2019.
Farooq M.J., Zhu Q. Modeling, analysis, and mitigation
of dynamic botnet formation in wireless IoT networks.
IEEE Transactions on Information Forensics and Secu-
rity, Vol.14, No. 9, pp. 2412–2426, 2019.
Luo X., Liao Q. Ransomware: A new cyber hijacking
threat to enterprises. Handbook of research on infor-
mation security and assurance. pp. 1-6, 2009
Mieghem P. V., Omic J., Kooij R. Virus spread in
Networks. IEEE/ACM Transactions on Networking.
Vol. 17, No. 1. pp. 1-14, 2009.
Moon A. S., Sahneh F.D., Scoglio C. Generalized group-
based epidemic model for spreading processes on net-
works: GgroupEM, arXiv:1908.06057, Physics and So-
ciety (physics.soc-ph), 2019.
Moore D., Shannon C. Code-Red: a Case Study on the
Spread and Victims of an Internet Worm. Proceedings
of the 2002 ACM SICGOMM Internet Measurement
Workshop. 273–284, 2002.
Newman L. H. What we know about Friday’s
massive east coast Internet outage. Wired Maga-
zine, Oct. 21, 2016, https://www.wired.com/2016/10/
internet-outage-ddos-dns-dyn/
Pontryagin L., Boltyanskii V., Gamkrelidze R.,
Mishchenko E. The Mathematical Theory of Optimal
Processes. Russia: Interscience, 1962.
Sharma S., Samanta G. P. Stability analysis and optimal
control of an epidemic model with vaccination. Interna-
tional Journal of Biomathematics, 2015. Vol. 8, No. 3,
P. 28, 2015.
Sahneh F.D., Scoglio C., and Mieghem P. V. Generalized
epidemic meanfield model for spreading processes over
multilayer complex networks. IEEE/ACM Transactions
on Networking. Vol. 21, No. 5. pp. 1609-1620, 2013.
Taynitskiy V., Gubar E., Zhitkova E.Structure of optimal
control in the model of propagation of two malicious
softwares. Proc. of Int. conf. ”Stability and Control
Processes” in memory of V.I. Zubov (SCP)., 261—264,
2015.
Taynitskiy V., Gubar E., Zhu Q. Optimal Impulsive Con-
trol of Epidemic Spreading of Heterogeneous Malware.
IFAC-PapersOnLine. Vol.50 , No.1, pp.15038 – 15043,
2017.
Taynitskiy V., Gubar E., Zhu Q. Optimal Security Policy
for Protection Against Heterogeneous Malware. Static
and Dynamic Game Theory: Foundations and Applica-
tions. pp. 199–209, 2017.
Taynitskiy V., Gubar E., Zhu Q. Optimal Control of
Heterogeneous Mutating Viruses. Games, Volume 9,
Issue 4, Article number 103, 2018.
Vespignani A., Pastor-Satorras R., Van Mieghem M,
Castellano C. Epidemic processes in complex networks.
Rev. Mod. Phys., Vol. 87, No. 925, 2015.
Wang W., Tang M., Stanley H.E., Braunstein L. A. Unifi-
cation of theoretical approaches for epidemic spreading
in complex networks. Reports on Progress in Physics.
Vol. 80, No.3. pp. 1–16, 2017.
Wu Q., Small M., Liu H. Superinfection Behaviors on
Scale-Free Networks with Competing Strains. Journal
of Nonlinear Science., 23, 113—127, 2013.
Zuzek L. G. A., Stanley H. E., Braunstein L. A. Epidemic
Model with Isolation in Multilayer Networks. Sci. Rep.
5, 12151; doi: 10.1038/srep12151, 2015.