Effective Delayed Patching for Transient Malware Control on Networks

TL;DR

This work addresses malware control on networks under realistic patching delays by modeling propagation with a susceptible-infected (SI) framework. It introduces a delay-aware boundary notion captured via critical edges and constructs a constrained graph-partitioning problem, solved through a flipped-normalized-cut formulation and linear constraints to identify patchable nodes under budget. The proposed Delayed patching policy consistently outperforms eigenvector-centrality, degree-based, and reactive baselines, especially for larger delays, by accurately isolating high-risk boundary nodes. The approach offers a practical, scalable strategy for deploying patches or vaccines in networks with time-to-effect constraints, with potential impact on cybersecurity and epidemic mitigation in complex infrastructures.

Abstract

Patching nodes is an effective network defense strategy for malware control at early stages, and its performance is primarily dependent on how accurately the infection propagation is characterized. In this paper, we aim to design a novel patching policy based on the susceptible-infected epidemic network model by incorporating the influence of patching delay--the type of delay that has been largely overlooked in designing patching policies in the literature, while being prevalent in practice. We first identify 'critical edges' that form a boundary to separate the most likely infected nodes from the nodes which would still remain healthy after the patching delay. We next leverage the critical edges to determine which nodes to be patched in light of limited patching resources at early stages. To this end, we formulate a constrained graph partitioning problem and use its solution to identify a set of nodes to patch or vaccinate under the limited resources, to effectively prevent malware propagation from getting through the healthy region. We numerically validate that our patching policy significantly outperforms other baseline policies in protecting the healthy nodes under limited patching resources and in the presence of patching delay.

Figures (6)

• Figure 1: Influence of the patching delay $T$ on which nodes to vaccinate. The color indicates the probability of infection.
• Figure 2: An overview of our proposed framework for effective delayed patching.
• Figure 3: Performance comparison in partition quality and running time.
• Figure 4: The expected number of infected nodes by each vaccination policy on synthetic graphs.
• Figure 5: The expected number of infected nodes at $t \!=\! 1000$ on a synthetic graph with $n \!=\! 8000$ when changing the values of $k$, $b$, and $T$.