A modified epidemiological model for computer viruses José Roberto C. Piqueira * , Vanessa O. Araujo Escola Politécnica da Universidade de São Paulo, Avenida Prof. Luciano Gualberto, travessa 3, n. 158, 05508-900, São Paulo, SP, Brazil article info Keywords: Bifurcation Disease-free Endemic Equilibrium SIR Stability abstract Since the computer viruses pose a serious problem to individual and corporative computer systems, a lot of effort has been dedicated to study how to avoid their deleterious actions, trying to create anti-virus programs acting as vaccines in personal computers or in strate- gic network nodes. Another way to combat viruses propagation is to establish preventive policies based on the whole operation of a system that can be modeled with population models, similar to those that are used in epidemiological studies. Here, a modified version of the SIR (Susceptible-Infected-Removed) model is presented and how its parameters are related to network characteristics is explained. Then, disease-free and endemic equilibrium points are calculated, stability and bifurcation conditions are derived and some numerical simulations are shown. The relations among the model parameters in the several bifurca- tion conditions allow a network design minimizing viruses risks. Ó 2009 Elsevier Inc. All rights reserved. 1. Introduction Computer viruses arose in the 1980s in the form of programs, being able to spoil the correct operation of a machine. At that time, they caused minor damages and their spread capacity was low. As hardware and software technology developed and computer networks became an essential tool for daily life, viruses started to be a major threat [1]. Nowadays, these virus programs have more complex codes, being able to produce mutations of themselves, and their detection and removal by anti-virus programs became more difficult [2]. Besides, they are capable of acquiring personal data from network users, such as passwords and bank accounts, causing severe damages to individuals and corporations [3]. Consequently, trials on better understanding computer viruses spreading dynamics is an important matter, in order to improve the safety and reliability in computer systems and networks [4,5]. Inspired on Biology, there are two ways to study this problem: microscopic and macroscopic [6–8]. Following a microscopic approach, in the late 1980s, a classical paper by Kephart et al. [6] was published triggering the efforts on the development of anti-virus programs, responsible for the detection and removal of viruses, based on the pre- vious recognition of the infection code based on models developed in [2,7,8]. These programs have a great upgrading power, but act just as simple vaccines against diseases [2,4]. They are not able to predict the behavior of networks when an infection is established in a machine and, consequently, can not support preventive attitude against viruses actions based on the net- work events [9,10]. Furthermore, a macroscopic approach with models for the spreading of computer viruses based on their epidemiological counterparts started to be reported in the late 1980s [7] showing that the long-term behavior of a virus propagation can be derived considering the network connections graph. This kind of approach was successfully applied to e-mail propagation schemes [11] and modifications of SIR (Susceptible-Infected-Removed) models generated guides for infection prevention by using the concept of epidemiological threshold [5,12–14]. 0096-3003/$ - see front matter Ó 2009 Elsevier Inc. All rights reserved. doi:10.1016/j.amc.2009.03.023 * Corresponding author. E-mail addresses: piqueira@lac.usp.br (J.R.C. Piqueira), vanessa.o.araujo@gmail.com (V.O. Araujo). Applied Mathematics and Computation 213 (2009) 355–360 Contents lists available at ScienceDirect Applied Mathematics and Computation journal homepage: www.elsevier.com/locate/amc