The Internet of Things (IoT) has characteristics such as node mobility, node heterogeneity, link heterogeneity, and topology heterogeneity. In the face of the IoT characteristics and the explosive growth of IoT nodes, which brings about large-scale data processing requirements, edge computing architecture has become an emerging network architecture to support IoT applications due to its ability to provide powerful computing capabilities and good service functions. However, the defense mechanism of Edge Computing-enabled IoT Nodes (ECIoTNs) is still weak due to their limited resources, so that they are susceptible to malicious software spread, which can compromise data confidentiality and network service availability. Facing this situation, we put forward an epidemiology-based susceptible-curb-infectious-removed-dead (SCIRD) model. Then, we analyze the dynamics of ECIoTNs with different infection levels under different initial conditions to obtain the dynamic differential equations. Additionally, we establish the presence of equilibrium states in the SCIRD model. Furthermore, we conduct an analysis of the model’s stability and examine the conditions under which malicious software will either spread or disappear within Edge Computing-enabled IoT (ECIoT) networks. Lastly, we validate the efficacy and superiority of the SCIRD model through MATLAB simulations. These research findings offer a theoretical foundation for suppressing the propagation of malicious software in ECIoT networks. The experimental results indicate that the theoretical SCIRD model has instructive significance, deeply revealing the principles of malicious software propagation in ECIoT networks. This study solves a challenging security problem of ECIoT networks by determining the malicious software propagation threshold, which lays the foundation for building more secure and reliable ECIoT networks.

Internet of Things (IoT) networks have experienced rapid development in areas such as smart cities, smart health, and smart transportation. Such networks have characteristics such as node mobility, node heterogeneity, link heterogeneity, and topology diversity [

Recent research shows that malicious software in ECIoT is capable of spreading itself and has become a major factor affecting ECIoT security [

The goal of the current work is to explore the spread rule of malicious software within ECIoTNs and propose strategies to prevent and inhibit its spread. It also proposes a malicious software infection model that integrates the expected probability of malicious software infection behavior by extending epidemic theory [

Here are our contributions:

(1) An epidemiology-based Susceptible-Curb-Infectious-Removed-Dead (SCIRD) model is proposed, which studies the characteristics of malicious software propagation in ECIoT networks by considering node heterogeneity, link heterogeneity, and topology structure heterogeneity. The model extends the Markov chain to study the state transition of ECIoTNs.

(2) The differential equations of the SCIRD model are derived, which represent the proportion dynamics of different compartments, namely

(3) Equilibrium states in the SCIRD model are demonstrated. Therefore, the conditions to determine whether malicious software will spread or die out in ECIoT networks can be obtained to guide the security mechanism defending malicious software propagation.

The key contributions of this paper are as follows. The application of the proposed SCIRD model can help researchers gain a deeper understanding of the propagation mechanism of malicious software in ECIoT networks, including characteristics such as propagation speed, range, and pathways, which will provide a more systematic and comprehensive perspective for the analysis, prediction, and formulation of strategies to combat malicious software propagation. Such a model can facilitate a better understanding and control of malicious software propagation behavior, contributing to enhancing security alertness and preventive capabilities of ECIoT networks. Moreover, our model can be extended to one considering different types of network topologies such as random, small-world, and scale-free networks to study the dynamics and patterns of malicious software propagation in different network structures.

The remaining sections of this paper are structured as follows. In

The propagation of malicious software in the context of ECIoT bears certain similarity to infectious diseases to some extent [

Some researchers have studied the spread of malicious software from different perspectives. Guo et al. [

These models all add certain states to the original classical SIR (Susceptible-Infectious-Removed) or SI model, while considering the communication radius and node distribution density. Besides, worm viruses are also highly contagious in the IoT, so people have proposed various propagation models based on compartmental populations [

Paper | Proposed model | Main contributions | Projecting point | Weakness |
---|---|---|---|---|

Lazfi et al. [ |
SI | Describing interactions between infectious and susceptible nodes | Classical model | Not considering the recovery and death states |

Gómez-Corral et al. [ |
SIS | Dynamic description of an extended SI model | Classical model | Not considering the recovery and death states |

Wu et al. [ |
STSIR | Reasonable description of the propagation of malicious software | Improved and innovative model | Unable to fully consider security measures and the complexity of the actual network environment |

Coronel et al. [ |
SEIR | Considering the impact of latency on the propagation of malicious software | Classical model | Difficulty in accurately modeling the complexity and heterogeneity of nodes |

Yi et al. [ |
twin-SIR | Introducing a rumor clarification node with spreading ability | Improved and innovative model | Lack of consideration for real-world factors such as changes of node behavior and network structure |

Tang et al. [ |
SLBRS | Considering the outbreak situation of malicious software | Improved and innovative model | Existing multiple factors that increase complexity and require high actual data |

Hosseini et al. [ |
SEIRS-QV | Introducing immune attenuation and vaccine effectiveness | Improved and innovative model | Requiring accurate parameter estimation and extensive data support |

Tran Le et al. [ |
SEIQ-VS | Providing the dynamics of infectious disease transmission | Improved and innovative model | Requiring accurate parameter estimation and extensive data support |

Dong et al. [ |
SIQR | Considering the isolation state of nodes | Improved and innovative model | Neglecting complex propagation dynamics |

This paper | SCIRD | Considering the heterogeneity of communication connectivity among ECIoTNs | Improved and innovative model | Special for ECIoTNs |

However, the above research still fails to address some problems related to the spread of ECIoT malicious software. One problem is how to describe the actual situation where an ECIoTN becomes ineffectual due to energy depletion, physical degradation, or malicious software attacks. The other problem is how to ascertain the conditions under which malicious software will spread or disappear in wireless hardware. Herein, considering the heterogeneity of communication connectivity among ECIoTNs, we address the first problem by adding two states, namely, the dead state and the suppressed state, to the traditional SIR model. Furthermore, we address the second problem by studying the equilibrium point stability of our non-homogeneous model and mathematically verifying the correctness of our theoretic results.

Viewed in terms of the network’s topology, we assume that the malicious software-infected ECIoT consists of

Based on the characteristics of ECIoTNs, we develop a state diagram to represent the behavior of an ECIoTN within the malicious software-infected ECIoT. This can be analogized to an epidemiology-based model for malicious software propagation. In the state diagram, an ECIoTN is assigned to a single state that reflects its manner. We categorize an ECIoTN as state

As illustrated in

We categorize the ECIoTNs based on their heterogeneous communication connectivity. Within the ECIoT, all ECIoTNs can be classified into

Let

Here,

Various equations for the spread capability that may be borrowed to ECIoTNs have been presented. Representative examples contain (1)

Up to this point, we have established the dynamics of all states. At time

satisfying equations

Our main focus is to determine the steady states of our SCIRD model for ECIoT with malicious software infection, enabling us to identify the critical thresholds at which malicious software will either spread or die out within the ECIoTNs.

At the same time, we can define two steady states:

This completes the proof.

According to epidemiological theory, steady state

In summary, at steady state

In order to explore dynamical characteristics of the proposed SCIRD model, our current focus is on determining the fundamental reproduction number denoted by

Subsequently, we proceed to calculate the fundamental reproduction number

We achieve

Then, we can obtain the fundamental reproduction number

Now we will perform stability analysis on the equilibrium points in the model to investigate whether the model displays the characteristics of viral contagion. Assessing the stability of an equilibrium point involves determining whether the system’s key conditions associated with that point lead trajectories to converge towards it over time, indicating stability. Conversely, if an equilibrium point is deemed unstable, the trajectories will diverge away from it as time progresses.

The SCIRD model, which includes

Furthermore, we compute the Jacobian matrix at the equilibrium point representing the absence of malicious software

Let

Therefore, we can obtain all the eigenvalues:

From the above formula derivation, we can deduce that

According to Theorem 2, when

As a matter of course,

It can be obtained in the same way that the eigenfunction of matrix

Clearly, it is infeasible to determine all the eigenvalues of matrix

Given a quartic polynomial expression, we can determine its positivity by inspecting the discriminant, denoted as

Through simulation, we attain that the discriminant

According to Theorem 3, when

To confirm the SCIRD model for malicious software-infected ECIoTNs, we implemented the model using MATLAB R2022a. The computational algorithm, Algorithm 1, was utilized for this purpose.

In the simulation program of MATLAB, the ECIoT network consists of 1500 static ECIoTNs. The interval

In this part, we verify the correctness of Theorem 2 by setting various infection capacities.

Here, the infection capacity

Apart from the infectivity factor

In

By conducting experiments under the equal infection capacity as well as diverse infection capacity, we have successfully validated Theorem 2. These experiments offer compelling evidence that the malicious software residing in infected ECIoTNs will ultimately be eliminated.

When the conditions for Theorem 2 are satisfied, although malicious software infects a large number of ECIoTNs from the beginning, it is crucial to strive for the stable conditions of an equilibrium without malicious software. This phenomenon can be attributed to the stability of the system, which guarantees that the infected ECIoTNs will be cleared of malicious software, even in the presence of new outbreaks.

In this case, we will employ a similar approach as in

During the verification process, all values except

In

According to the simulation results, we obtain the conclusion that no matter what proportions of infected ECIoTN there are, the ECIoTN cluster

In this section, using the identical parameter values as those provided in

As depicted in

In the end, we have successfully verified that Theorem 3 possesses both homogeneous and heterogeneous infection capabilities. The results of simulation experiments indicate that when the conditions of Theorem 3 are met, the infected ECIoTNs will eventually stabilize at a consistent level. As a result, during the defense process of ECIoT, it is of utmost importance to prevent the fulfillment of the stability conditions of the local equilibrium., as these conditions greatly enhance the potential for malicious software propagation.

Drawing inspiration from epidemiology, we have proposed an SCIRD model that takes into account the heterogeneous nature of the ECIoTN ecosystem and the varying connectivity of ECIoTN communication. By formulating a system of differential equations, we have described the dynamics of different states and degrees of high-speed rail fractions. Based on computational and experimental analysis, we have successfully demonstrated the existence of two equilibrium points within the SCIRD model. One represents a state without any malicious software, where malicious software eventually dissipates within ECIoTNs, while the other represents a localized equilibrium where malicious software persists and continues to propagate. Using the next generation matrix approach, we have calculated the fundamental reproduction number that governs the stability of these equilibrium points. Through computations and simulation experiments, we have verified that by controlling ECIoTN parameters, we can achieve stable conditions for a malicious software-free equilibrium and prevent the occurrence of localized equilibria. In our future work, we will focus on further optimizing the IoT security model by integrating the SCIRD infectious disease model to better reflect security issues in actual systems. We may consider incorporating more factors and variables, such as user behavior, interactions between IoT devices, to enhance the accuracy and applicability of the model, and provide guidance for the security management of real systems. Besides, future research can focus on developing new security mechanisms and technologies to enhance the security of IoT systems. This includes technological innovations in areas such as security authentication, encrypted communication, and intrusion detection and response, to address the constantly evolving security threats.

The authors would like to express their gratitude for the valuable feedback and suggestions provided by all the anonymous reviewers and the editorial team.

This work was supported in part by National Undergraduate Innovation and Entrepreneurship Training Program under Grant No. 202310347039, Zhejiang Provincial Natural Science Foundation of China under Grant No. LZ22F020002, and Huzhou Science and Technology Planning Foundation under Grant No. 2023GZ04.

Study conception and design: J. Ye, S. Shen; Data collection: W. Cheng, W. Zhu; Analysis and interpretation of results: J. Ye, X. Liu; Draft manuscript preparation: J. Ye, X. Wu, S. Shen. All authors reviewed the results and approved the final version of the manuscript.

Data available on request from the authors.

The authors declare that they have no conflicts of interest to report regarding the present study.