Understanding Malware Propagation Dynamics through Scientific Machine Learning

TL;DR

This paper demonstrates that hybrid physics-informed models, specifically Universal Differential Equations, significantly improve malware propagation prediction accuracy and interpretability over traditional and neural methods, aiding cybersecurity efforts.

Contribution

The study introduces a novel application of Universal Differential Equations to malware modeling, achieving better accuracy and interpretability than existing approaches.

Findings

UDE reduces prediction error by 44% compared to baselines.

Symbolic recovery reveals key suppression mechanisms.

Hybrid models outperform purely analytical or neural models.

Abstract

Accurately modeling malware propagation is essential for designing effective cybersecurity defenses, particularly against adaptive threats that evolve in real time. While traditional epidemiological models and recent neural approaches offer useful foundations, they often fail to fully capture the nonlinear feedback mechanisms present in real-world networks. In this work, we apply scientific machine learning to malware modeling by evaluating three approaches: classical Ordinary Differential Equations (ODEs), Universal Differential Equations (UDEs), and Neural ODEs. Using data from the Code Red worm outbreak, we show that the UDE approach substantially reduces prediction error compared to both traditional and neural baselines by 44%, while preserving interpretability. We introduce a symbolic recovery method that transforms the learned neural feedback into explicit mathematical expressions, revealing suppression mechanisms such as network saturation, security response, and malware variant evolution. Our results demonstrate that hybrid physics-informed models can outperform both purely analytical and purely neural approaches, offering improved predictive accuracy and deeper insight into the dynamics of malware spread. These findings support the development of early warning systems, efficient outbreak response strategies, and targeted cyber defense interventions.