Effective Delayed Patching for Transient Malware Control on Networks

TL;DR

This paper introduces a novel patching policy for malware control that accounts for patching delays and limited resources, using a susceptible-infected network model to identify critical edges and optimize node patching.

Contribution

It develops a new patching strategy based on critical edges and graph partitioning that effectively manages delays and resource constraints in malware mitigation.

Findings

Outperforms baseline policies in simulations

Effectively prevents malware spread with limited resources

Incorporates patching delay into network defense strategies

Abstract

Patching nodes is an effective network defense strategy for malware control at early stages, and its performance is primarily dependent on how accurately the infection propagation is characterized. In this paper, we aim to design a novel patching policy based on the susceptible-infected epidemic network model by incorporating the influence of patching delay--the type of delay that has been largely overlooked in designing patching policies in the literature, while being prevalent in practice. We first identify 'critical edges' that form a boundary to separate the most likely infected nodes from the nodes which would still remain healthy after the patching delay. We next leverage the critical edges to determine which nodes to be patched in light of limited patching resources at early stages. To this end, we formulate a constrained graph partitioning problem and use its solution to identify a set of nodes to patch or vaccinate under the limited resources, to effectively prevent malware propagation from getting through the healthy region. We numerically validate that our patching policy significantly outperforms other baseline policies in protecting the healthy nodes under limited patching resources and in the presence of patching delay.