Passivity framework for composition and mitigation of multi-virus propagation in networked systems

The increasing importance of networked control systems makes them inviting targets for cyber attacks. In a virus propagation attack, an adversary attempts to compromise a set of nodes in order to compromise their neighbors via software exploits. When the neighbor of a compromised node has already been compromised by a different virus, a newly-introduced virus can remove, co-exist with, or reinforce the existing virus. In this paper, we study propagation of multiple viruses within a network, as well as design of efficient mitigation strategies. We develop a unifying passivity-based approach for modeling competing and coexisting viruses, as well as arbitrary combinations of competing and coexisting viruses propagating through the network. We prove the output feedback passivity of the propagation dynamics, and derive bounds on the passivity indices. Based on the passivity analysis, we derive sufficient conditions for patching-based mitigation strategies, under both Susceptible-Infected-Susceptible (SIS) and Susceptible-Infected-Recovered models, to remove the viruses at a desired rate. The virus propagation and removal rates under our model are illustrated via a numerical study.