Controlling the spread of deception-based cyber-threats on time-varying networks

TL;DR

This work tackles deception-based cyber-threats spreading on time-varying, directed networks by introducing activity-driven dynamics with heterogeneous gullibility classes and tunable homophily. It derives analytical epidemic-threshold expressions for four vaccination-like strategies—random, activity-based, egocentric sampling, and security-awareness-test—showing that targeting high-activity nodes most effectively suppresses macroscopic outbreaks, even with small protection fractions. Egocentric sampling performs consistently well without full system knowledge, while SAT-based strategies yield limited gains except in highly heterogeneous populations. The results reveal that strong within-class homophily expands the parameter space supporting outbreaks but can localize spread within highly gullible subgroups, emphasizing the importance of accounting for temporal structure and susceptibility heterogeneity in cyber-defense design.

Abstract

We study the efficacy of strategies aimed at controlling the spread of deception-based cyber-threats unfolding on online social networks. We model directed and temporal interactions between users using a family of activity-driven networks featuring tunable homophily levels among gullibility classes. We simulate the spreading of cyber-threats using classic Susceptible-Infected-Susceptible (SIS) models. We explore and quantify the effectiveness of four control strategies. Akin to vaccination campaigns with a limited budget, each strategy selects a fraction of nodes with the aim to increase their awareness and provide protection from cyber-threats. The first strategy picks nodes randomly. The second assumes global knowledge of the system selecting nodes based on their activity. The third picks nodes via egocentric sampling. The fourth selects nodes based on the outcome of standard security awareness tests, customarily used by institutions to probe, estimate, and raise the awareness of their workforce. We quantify the impact of each strategy by deriving analytically how they affect the spreading threshold. Analytical expressions are validated via large-scale numerical simulations. Interestingly, we find that targeted strategies, focusing on key features of the population such as the activity, are extremely effective. Egocentric sampling strategies, though not as effective, emerge as clear second best despite not assuming any knowledge about the system. Interestingly, we find that networks characterized by highly homophilic interactions linked to gullibility might expand the range of transmissibility parameters that allows for macroscopic outbreaks. At the same time, they reduce the reach of these spreading events. Hence, rather isolated patches of the network formed by highly gullible individuals might provide fertile grounds for the propagation and survival of cyber-threats.

Figures (4)

• Figure 1: Numerical validation of the threshold under different strategies. Each panel shows the stationary fraction of infected individuals $I_\infty / N$ as a function of $R_0$, for the four immunization strategies: (a) Random, (b) Activity-based, (c) Egocentric sampling, and (d) SAT. Results are shown for two parameter settings: $(p=0.4, \gamma=10^{-1}, \lambda_2 = 0.5)$ in blue and $(p=0.8, \gamma=10^{-1}, \lambda_2 = 0.3)$ in orange for panels (a), (c), and (d); and $(p=0.4, \gamma=10^{-2}, \lambda_2 = 0.5)$ in blue and $(p=0.8, \gamma=10^{-2}, \lambda_2 = 0.8)$ in orange for panel (b). The vertical dashed line indicates the critical value of the threshold computed analytically (i.e., $R_0 = 1$). Solid lines with markers represent mean values while shaded areas indicate $95\%$ confidence intervals computed in $100$ stochastic simulations. Other parameters common to all simulations: $\alpha=2.1$, $\epsilon=10^{-3}$, $m=4$, initial infected percentage $0.5\%$, $\mu_1=\mu_2=10^{-2}$. In the egocentric sampling strategy case we set $T=10$.
• Figure 2: Phase space of $R_0$ as a function of $\lambda_1$ and $\lambda_2$, under different strategies. Each panel corresponds to a specific strategy: (a) Random, (b) Activity-based, (c) Egocentric sampling, and (d) SAT, with two sub-panels per strategy representing $(p=0.4, \gamma=10^{-1})$ and $(p=0.8, \gamma=10^{-1})$—except for panel (b), which uses $\gamma=10^{-2}$. The colored contours show analytically computed $R_0$ values for each strategy. The red solid contour line marks the critical threshold $R_0 = 1$ under the given intervention strategy, while the black dashed line shows the $R_0 = 1$ threshold in the absence of intervention. Other parameters common to all panels: $\mu_1=\mu_2=10^{-2}$, $m=4$, $\alpha=2.1$, $\epsilon=10^{-3}$.
• Figure 3: Phase diagrams of $R_0$ as a function of $\mu_1$ and $\mu_2$, under different immunization strategies. Each panel corresponds to a specific strategy: (a) Random, (b) Activity-based, (c) Egocentric-sampling, and (d) SAT, with two sub-panels per strategy representing $(p=0.4, \gamma=0.2)$ and $(p=0.8, \gamma=0.2)$—except for panel (b), which uses $\gamma=10^{-2}$. The colored contours show analytically computed $R_0$ values for each strategy. The red solid contour line marks the critical threshold $R_0=1$ under the given intervention strategy, while the black dashed line shows the $R_0=1$ threshold in the absence of intervention. Other parameters common to all panels: $\lambda_1=10^{-1}$, $\lambda_2=0.8$, $m=4$, $\alpha=2.1$, $\epsilon=10^{-3}$.
• Figure 4: subcritical $(\lambda_1, \lambda_2)$ phase space fraction ($\Phi$) under different strategies. Each panel reports results for a specific combination of parameters: (a) $p = 0.4$, $\mu_1 = \mu_2 = 10^{-2}$; (b) $p = 0.8$, $\mu_1 = \mu_2 = 10^{-2}$; (c) $p = 0.4$, $\mu_1 = 10^{-2}$, $\mu_2 = 5 \times 10^{-2}$; (d) $p = 0.8$, $\mu_1 = 10^{-2}$, $\mu_2 = 5 \times 10^{-2}$. The horizontal dashed lines and gray bars represent the value of $\Phi$ in the absence of intervention. Numerical labels above the bars indicate the total controlled fraction and, in parentheses, the gain with respect to the no-intervention baseline. Other parameters common to all panels: $m=4$, $\alpha=2.1$, $\epsilon=10^{-3}$.