As cyber threats grow more complex, cyber security professionals are turning to mathematical models inspired by disease spread models to understand digital infections. In this world just like a virus spread through human population, malware infects computer network silently, rapidly and often without warning and that’s where mathematical modeling comes in and by using the tools like differential equation experts can simulate and even forecast the behaviors of malware outbreaks in digital system. Mathematical modeling of malware spread using differential equation is a powerful way to understand and predict how malicious software moves through a network.one widely used approach is SIR model and in SIR model the “S” stands for Susceptible(system that are vulnerable to infection but not yet infected, the “I” stands for Infected (system that are currently infected and can spread the malware, and “R” stands for Recovered(system that has been cleaned and patched and no longer infectious. The model uses differential equations to calculate how each group changes over time. The number of infected systems rises or falls based on two key factors: how fast malware spreads (infection rate, β), and how fast it is removed or patched (recovery rate, γ). The dynamics of the malware spread can be described using the following system of differential equations (ODEs)
[latex]\frac{dS}{dt} = -\beta S I[/latex]
[latex]\frac{dI}{dt} = \beta S I – \gamma I[/latex]
[latex]\frac{dR}{dt} = \gamma I[/latex]
By adjusting the variables like infection rate and recovery speed, analyst can forecast how fast malware will spread and how effective the different defense strategies might be. This fusion of mathematics and cyber security allows for more strategic, data driven responses of modern cyber threats, transforming abstract equations into powerful tools for digital protection. Another model is SIS (susceptible infected susceptible) model which is great for understanding and capturing how some malware behaves and when device can get reinfected after recovery. Suppose a network of computers or phones where malware keeps trying to come back even after cleaning many times. This SIS model splits the population into just two groups Susceptible (device that can get infected) and infected (device actively carrying and spreading the malware). Unlike the SIR model there’s no recovered group because devices that get fixed can become susceptible again like the first system that is recovered and again falls victim to new variant of malware. The SIS model for malware spread can be described using a system of differential equations. The population of devices divided into two groups Susceptible(S) and infected(I), the total population N is constant so S(t)+I(t)=N and the differential equation of this model is as follows:
[latex]\frac{dS}{dt} = -\beta S I + \gamma I[/latex]
[latex]\frac{dI}{dt} = \beta S I – \gamma I[/latex]
Beta is the infection rate and is recovery rate. But remember that there is no recovered group in this model. After recovery systems return to susceptible pool. Another powerful and commonly used model in cybersecurity is the SEIR model. In additional stage this model represents the system that are infected but not yet actively spreading malware. This model is useful when there’s a delay between when a system is infected and when it begins spreading the malware. In SEIR the “S(T)” stands for susceptible, the “E(t)” stands for Exposed, the “I(t)” for infected and the “R(t)” stands for recovered. The differential equation of SEIR model is
[latex]\frac{dS}{dt} = -\beta S I[/latex]
[latex]\frac{dE}{dt} = \beta S I – \sigma E[/latex]
[latex]\frac{dI}{dt} = \sigma E – \gamma I[/latex]
[latex]\frac{dR}{dt} = \gamma I[/latex]
Sigma is the activation speed of latent malware, is how quickly malware spreads, is how quickly systems are recovered.
These models are not perfect. They sometimes assume that all devices interact in random ways or that everyone updates their system the right way, which is not always true case in real life. But even with this limitation they are helpful. They can show when a malware outbreak might reach its worst point or help how quickly the system needs to fix out. Since the mathematical differential equations can get complex, tools like MATLAB, Latex, Python are often used to simulate how the malware spreads through the network.
The author is an independent researcher, and her area of interest is game theory and cyber security. She can be reached at naimafaq744@gmail.com
Related