Analysis of Contagion Dynamics with Active Cyber Defenders

In this paper, we analyze the infection spreading dynamics of malware in a population of cyber nodes (i.e., computers or devices). Unlike most prior studies where nodes are reactive to infections, in our setting some nodes are active defenders meaning that they are able to clean up malware infections of their neighboring nodes, much like how spreading malware exploits the network connectivity properties in order to propagate. We formulate these dynamics as an Active Susceptible-Infected-Susceptible (A-SIS) compartmental model of contagion. We completely characterize the system's asymptotic behavior by establishing conditions for the global asymptotic stability of the infection-free equilibrium and for an endemic equilibrium state. We show that the presence of active defenders counter-acts infectious spreading, effectively increasing the epidemic threshold on parameters for which an endemic state prevails. Leveraging this characterization, we investigate a general class of problems for finding optimal investments in active cyber defense capabilities given limited resources. We show that this class of problems has unique solutions under mild assumptions. We then analyze an Active Susceptible-Infected-Recovered (A-SIR) compartmental model, where the peak infection level of any trajectory is explicitly derived.