The use of biological models (for example, epidemic models) to study the spreading of network-related computer viruses is not new. However, most of these biological models assume the homogeneity of nodes in a network, that is, all nodes are equally powerful in infecting other nodes. They also lack the theoretical treatment of the dynamic nature of the networks, that is, the interplay of attack and defense over time.

The authors propose a theoretical model, called the susceptible-infectious-susceptible (SIS) model, to explain the dynamic behavior of adaptive defenses. The parameters in the model change over time, capturing the dynamic evolution of attacks and defenses on a timeline. These parameters include the adjacency matrix for a network (A), the probability of cure capability (β(t)), the probability of infection capability (γ(t)), the probability of a node being susceptible to a virus attack (s(t)), the probability of a node infection (i(t)), and the largest eigenvalue of the adjacency matrix A(λ).

The semi-adaptive defense scenario and the fully adaptive defense scenario are considered. The theory’s validity is shown using simulation studies. For the semi-adaptive defense, the sufficient conditions (ratios of β and γ) under which the virus spreading will (or will not) die out are shown. In addition, the larger the β value is, the more effective the defense is against the virus spreading. The degree of infection depends on the ratio of ergodic stochastic processes Ε(β(0))/Ε(γ(0)) in cases that the spreading does not die out. The paper also shows that a fully adaptive system can adjust its defense strategy levels without knowing the infection capabilities (γ(t)) to control the rate of a virus dying out.

The theoretical model for the semi-adaptive and adaptive defense systems with non-homogeneity assumption is mathematically proven, and the findings seem significant. But the paper falls short of applying the significance of the results to real network security management. Some illustrative examples, and more explanations of how to model a real network and how to determine and measure the parameters (for example, probability of node infection and defense controls) in the real network, would enhance the reader’s appreciation of the issues and results. This would point out the remaining challenges in transferring the theoretical results from an experimental setting to a practical setting.