۱- Introduction

۲- The epidemic model for Stuxnet virus

۳- Model analysis

۴- Simulation and results

۵- Conclusion

References

Abstract

The purpose of this study is to develop an epidemic virus model that portrays the spread of the Stuxnet virus in a critical control infrastructure after bridging the air-gap between a normal local area network and the critical network. Removable storage media plays an important role in the transfer of data and virus to the computers connected to the critical network (consisting of industrial controllers) and this can compromise the whole system. A mathematical model is formulated that incorporates these features and depicts the controlling mechanism. Disease free and endemic equilibria are analyzed in terms of the basic reproduction number R0. Global stability of disease free and endemic equilibrium points are analyzed using Lyapunov functions. Numerical simulations are performed to determine the accuracy of the proposed model for the smart Stuxnet virus which is designed to target critical industrial systems. Model shows very good resemblance with the observed real life data available for this virus. Future work may invoke interesting results and control strategies.

Introduction

In the last few years cyber threats, in the form of virus, malware and trojan, stealing information or hacking accounts are more often happened in a sophisticated and technical ways. Nations and individuals are accumulating cyber resources, developing novel methods to exploit the selected target in an optimal manners (Axelrod and Iliev, 2014; Tounsi and Rais, 2018; Van der Walt et al., 2018). The world economy and security depends upon the secure connectivity of the Internet and Intranet due to automation of the industrial and economic processes. International conflicts poses serious threats to the opponents system security, financial market, critical information and assets of critical natures (Ashibani and Mahmoud, 2017; Hassan et al., 2018; Ullah et al., 2018). In present days network become the target of well-crafted cyber-attacks, especially the incident relating to breaking of internal systems security and espionage of critical information. The airgap between these systems are mostly filled by exploiting the internal weaknesses of the arrangement and zero-day exploits in the software / hardware (Ablon and Bogart, 2017; Kim and Lee, 2018). Zero-day vulnerabilities are the holes of any software / hardware that could be exploited in the real world before disclosure and availability of any patch (Haldar and Mishra, 2017). Due to the natural desire of automating every appliance, enormously increase the use of software which increases the dependability on codes. Poor programming approach and weak software testing methodologies are unable to detect the vulnerability in the codes, that may lead to compromise the whole system and an easy prey for hackers (Ablon et al., 2014). Price estimate of valuable zero-day exploit can go over $100,000 (Finifter et al., 2013). The discovery of a new vulnerabilities in known software are very common. It was found that in a three-year period, 2009–۲۰۱۲, more than 400 problems were found in Firefox browser and approximately over 800 were found in Chrome browser (Kesler, 2011). The rapid growing market of zero-day exploits, demands careful system design and understanding of malicious code spread mechanism.