Prediction Dynamics of Malicious Objects in Internet of Things (IoT)

Presently, the Internet of Things (IoT) is playing an important role in data gathering and submitting information to different data analysis engines for most of the real-world applications. However, IoT applications have a danger of information theft or manipulation by malicious attacks which lead to a wrong conclusion or result. Therefore, malicious attacks are to be taken care of by using some means like prediction dynamics of malicious objects in IoT. In this manuscript, the behavior of malicious objects in the IoT network is studied with the help of two deterministic models. These models are working like the pre-predator model in IoT networks where prey consists of infected and uninfected nodes, whereas, the predator consists of malicious objects. Besides, the time delay is not much real in the spread of infection in networks due to the chaotic nature of the malicious object’s outbursts, and therefore, these models are explored with delay differential equation modeling. Stochastic behavior of malicious objects in real dynamics of transmission of malicious objects makes Hemraj Saini Department of Computer Science and Engineering, Jaypee University of Information Technology, Waknaghat, Solan, India E-mail: hemraj1977@yahoo.co.in Dinesh Kumar Saini Department of Computer and Communication Engineering, Manipal University Jaipur, Jaipur, India E-mail: dineshkumar.saini@jaipur.manipal.edu Anouar Ben Mabrouk Department of Mathematics, University of Kairouan and Monastir, Monastir, Tunisia Email: email2@uni.edu Punit Gupta Department of Computer and Communication Engineering, Manipal University Jaipur Dehmi Kalan, Near GVK Toll Plaza, Jaipur, Rajasthan, India E-mail: punit.gupta@jaipur.manipal.edu Rajan Prasad Tripathi Department of Electronincs and Communication, Amity University Tashkent, Uzbekistan E-mail: rajantripathi22@gmail.com 2 Hemraj Saini et al. things worse. Therefore, the study of proposed models in absence of antimalicious software as well as in presence of anti-malicious software is carried out. Threshold conditions are characterized by the reproductive number and the system is identified as in an asymptotically stable state to help the fast recovery from malicious objects which helps to model the behavior of malicious objects spread in the real environment like IoT.


Introduction
The Internet of Things (IoT) is a system of physical items, or 'things,' inserted with gadgets that take into account distributed control and the gathering and trade of information [1]. Each IoT object is assigned an IP address and sensory or in citation abilities. An IoT object can impart and be distinguished through Radio Frequency Identification strategies (RFID) [2]. Moreover, with RFID, objects can pinpoint their locations and their statuses can be followed in realtime [2].
The execution of interest includes the early exhibition of the IoT as a smart home, where IoT skilled gadgets are situated in various sections of the home [3] [4]. From a worldwide point of view, the IoT will introduce an enormous increment in the measure of traffic dealt with by communication protocols. By 2022, it is assessed that in excess of 20 million structured gadgets (things or objects) will almost certainly transmit data by means of the Internet [5]. As a 'thing' is any object that can be interestingly distinguished by means of radio, radar or satellite transmission, the thing element being added to organize traffic can raise security concerns. Internet of Things (IoT) has not yet achieved a distinctive definition. A nonexclusive comprehension of IoT is that it offers various administrations in numerous areas, using customary web framework by empowering diverse correspondence examples, for example, human-to-object, object-to-objects, and object-to-object [6]. Coordinating IoT objects into the standard Internet, nonetheless, has opened a few security challenges, as most internet technologies and connectivity protocols have been explicitly intended for unconstrained objects. Additionally, IoT objects have their own constraints as far as computation power, memory and data transfer capacity. IoT vision, in this way, has experienced exceptional assaults focusing on people as well as undertakings, a few instances of these assaults are loss of protection, organized crime, mental anguish, and the likelihood of risking human lives. Figure 1 shows how IoT empowered gadgets can convey all through a system alongside available protocols.
In any case, as in any communication network, the IoT is presented to different sorts of vulnerabilities and security dangers. Specifically, security is a critical challenge for the IoT advancement, as it establishes an all-inclusive form of the traditional unbound Internet model and joins numerous innovations, for example, Wireless Sensor Networks (WSNs), optics systems, portable broadband, and 2G/3G correspondence systems. Each of the previously mentioned technologies is inclined to different security dangers. Additionally, the items in the IoT can interface with their condition automatically and autonomously, with no control of outside factor and consequently, different security and protection issues can be caused. What's more, security issues of IEEE 802.15.4, ZigBee, Z-Wave, BLE, LoRaWAN, RPL, Transport Layer Security (TL S), DTL S and CoAP are likewise exists [7]. At last, the different interconnections either between the clients and objects or among articles create huge measures of information that are hard to oversee. Table 1 speaks to the real security dangers in the IoT at different layers.
IoT Communication model, as depicted in Figure 2, has many protocols which are working over request response kind of mechanism. These kinds of protocols have a scope of malicious attack like DDoS. In addition, there is handshaking before communication and hence cryptographic concepts involved which opens the ways of Cryptanalytic Attacks. Communication with Application Service Provider leads to the attacks like snipping attack, Spyware, Botnets, Rootkit, Buffer Overflow, Backdoor and APTs.
In IoT Scenario, collaboration between healthy IoT hubs and malicious objects produces the Prey-Predator environment and prey-predator interaction is a standout amongst the most usually watched connections in ecosystem. In the investigation of prey-predator models [8], it is every now and again expected that the changes in population densities are just time-subordinate and the elements is commonly spoken to by coupled nonlinear ordinary differential equations. In normal framework, in any case, either prey or predator or both move starting with one spot then onto the next for different reasons. In such a case, their dynamic interaction depends both on time and space and requires coupled nonlinear partial differential equations for its dynamic portrayal. It is additionally very much archived that prey asylums influence the interaction among prey and predator fundamentally.
In literature many of the mathematical models are available to simulate the behavior of the malicious attacks [9][10] [11] but they are deterministic and there are very rare mathematical models those focuses of IoT network. Hence, providing a comprehensive mathematical modeling to simulate the behavior of attacks on IoT nodes can play a significant role for countermeasure the attacks.In this paper, two mathematical models are proposed to study the predator-prey system inside a computer system, which is attached to the computer network and is prone towards the attack of malicious objects like Worm, Virus, Exploit, Denial of Service (DoS), Flooder, Sniffer, Spoofer, Trojan etc. [12].
In mathematical model 1 as depicted in Figure 3, the prey consists of infected and the uninfected nodes, whereas, the predator consists of malicious objects. To immune the system, anti-malicious software is run. In mathematical model 2, as depicted in Figure 4, malicious objects constitute the prey and anti-malicious software is the predator. Self-replication time of malicious agents and latency period of anti-malicious software is considered. Stability of the result is stated in terms of threshold parameter R 0 .  Model 1 incorporates the differential equations based on basic epidemiological model [14][15] [16] [17], namely the S-I model [18][8] [19] [20] in order to investigate how the prediction process when malicious objects influence the IoT computer networks. We consider the case where predator attacks both infected and uninfected prey.
Differential infectivity [21]is considered, which classifies nodes being susceptible to infection, if they are free from any infection and also those nodes which are infected by other malicious agents (since even though it is infected by one kind of malicious agent other malicious agents can attack the same node and can affect other applications of it's interest, for example, some attack executable file while other attacks bootable files) and corresponding change in the Mathematical Model 2 describes the use of anti-malicious software inside a particular node keeping in view of the self-replication time [22] of malicious agents and latency period [23] of anti-malicious software. If the software is not efficient enough to recover the node from malicious attacks, this results in the death of that anti-malicious software (i.e., the existing anti-malicious software is not capable of removing the malicious objects).
Nomenclature-S(t) : population density of susceptible prey I(t) : population density of infected prey Y(t) : population density of predator S 0 : Inflow population rate r : intrinsic birth rate K : carrying capacity of the environment β : transmission coefficient a : intraspecific competition coefficient of infected prey b : intraspecific competition coefficient of predator c : death rate of infected prey d :death rate of predator q k : coefficient of conversing prey into predator when attacked by the kth malicious object p k : predation coefficient of the kth malicious object p : probability of replication of the kth malicious object Y k : replication factor V : number of malicious objects in a node X : number of uninfected target files Y : number of infected files a' : replicating factor b' : death rate of a malicious object c' : birth of uninfected files by users d' : natural death of an uninfected file m : death rate of infected files m k : probability of getting susceptible by kth malicious agent f = m + d ′ α : recovery rate of infected files β: infectious contact rate, i.e., the rate of infection per susceptible perinfective Z : response of anti-malicious software, which immunes the system g : rate at which anti-malicious software is run, which is constant h : death rate of anti-malicious software ω : latency period φ : self-replication time Y ζZ : rate at which anti-malicious software cleans the infected files Basic Terminologies-1. Deaths of malicious objects equivalently mean to say, the complete recovery of infected files from malicious objects, when antivirus software is run in the computer node for a specific session.
2. Natural death of a file equivalently means to say that the file become irrelevant (garbage) after a certain interval of time.
3. Death rate of infected files equivalently mean to say that files get damaged and unable to be recovered after the run of anti-malicious software due to infection from the malicious objects.
4. Death of anti-malicious software equivalently mean to say the present version of the software is incapable of identifying the attack of new malicious objects.

Model 1: IoT Without Anti-Malicious Software
We assume uninfected and infected nodes to act as prey and infectious agents like Worm, Virus, Exploit, Denial of Service (DoS), Flooder, Sniffer, Spoofer, Trojan etc. act as predator. There is conversing of prey to predator, i.e., once the node is infected by any one of the malicious agents, it is susceptible to other malicious agents, because the same node can be attacked by different types of malicious agents and some of these agent's self-replicate within the infected nodes, finally these nodes are converted into predator. Thus predator population is going to increase over a period of time. There is intraspecific competition among prey, i.e., in a network, nodes which are connected to outside ones are more susceptible to malicious attacks than that are connected within that particular network, which is represented by factor a. Different malicious objects compete with each other to gain entry into the nodes, which we term as intraspecific competition. Suppose worms and virus attack a particular node and if the node has anti-virus software installed in it, then due to the intraspecific competition between worm and virus, the worm enters the node and the virus die-out. This is represented by factor . On the basis of our assumptions the Figure 5 depicts the schematic diagram for model 1 which can be further represented in the following system of equations. (1)

Model 2: With Anti-Malicious Software
In this model, infected node becomes prey and anti-malicious software acts as predator. Our model differs from Model 1, as here we consider self-replication time φ and latency period ω. In infected nodes, malicious agents self-replicates with period φ, said to be self-replication time. Anti-malicious software takes some time ω, to make the infected files recover temporarily from malicious agents within the same node said to be latency period. p is probability of self-replication (either 0 or 1). p = 0, do not rself-replicate. 1, rself-replicate. On the basis of our assumptions, we get the following system of equations.
On the basis of our assumptions the Figure 6 depicts the schematic diagram for model 2 which can be further represented in the following system of equations.
2 Study of Model 1 Let us Consider our following model-1- Denote next Denote similarly, Denote finally a 0 = r K .
The system (3) may be written in a simple way as Notice that the last equation in problem (4) is independent of S and I and admits as a solution We thus discuss the remaining parts in (4). To avoid the singularity in S we rewrite the remaining parts in problem (4) in a slightly different way as   and consider the 2-variables function We immediately observe from standard computation that for all real numbers a, b and denote a 1 = 2|a 0 r|, a 2 = (q 0 +β) 2 , a 3 = 2|a 0 (a 0 +β)|, a 4 = 2|r(a 0 +β)|, a 5 = β 2 (α 0 +pα 3 ) 2 +r 2 , It follows that for any compact set K ⊂ R 2 there exists a constant η = η K > 0 such that This means that Φ is locally Lipschitz continuous on R 2 and thus our system (5) is uniquely solvable.

The case i.
In the first case we obtain from (5) the estimations which yields that As a result, I → 0 or I → 2r α0+β . In the first sub-case we get where λ S is a constant. This somehow contradicts the nature of the problem. In the second sub-case we get already from system (5) by using similar estimations
The system (7) may be written in a matrix form as d dt Denote next ω 2 0 = −λ 1 λ 2 . Standard calculus yield that where K i,S , K i,I , λ S and λ I are constants.

Study of Model 2
Let us consider our following model-2- Remark-firstly, the function Z may be deduced directly from the last equation which yields indeed that where Z 0 is a constant depending on the initial values. Next, to simplify quitely the model we denote Denote also Taking into account (10), the system (9) may be simplified to Next, to study the behavior of the model we will distinguish three cases. In the first one, we assume that no backward phenomenon in the model exists, which will be expressed mathematically be Φ = ω = 0. The second case will be devoted to the situation where the variables have the same nonzero backwards Φ = ω = 0. Finally, we will serve of these cases to investigate the general case Φ = ω.

Case 1:
In this case the model (9) or equivalently (10)- (11) becomes Denote We immediately observe that F is locally Lipschitz continuous on R 4 and thus our system (12) is uniquely solvable.
To study the asymptotic behavior of the problem we shall conduct as in the previous case the critical analysis by evaluating the solution around the zero points of the function F . We get two eventual points Denote for simplicity Denote also and W (t) = T V , X, Y , Z , where the upper-script T is the transpose. Near the critical point Ω c we get This leads to thee solution by standard computations. For the convenience we develop here the first steps of the resolution of (14) for Ω c = Ω 1 . In this case, the matrix A c of the system will be Its eigenvalues are λ 1 = −h, λ 2 = −d ′ , . As a result, the solution will be expressed as where the v i , x i , y i , i = 1, 2, 3, 4, 5 and z 1 are constants depending on the problem parameters and hypothesis.

Case 2:
In this case the model (9) becomes We propose in the present case to approximate the system (16) with a suitable discrete version. To do this we consider a discrete time grid t n = t 0 +nl, n ≥ 0, where l = ∆t is a step time. For n ≥ 0, let k = k n ≤ n be such that t n − ≃ t k , i.e., k is the unique index such that t n −−t k is minimal. We obtain the discrete system Denote W n = T V n , X n , Y n , Z n , where as usual the upper-script T is the transpose. Consider also the matrices The discrete system (17) becomes an auto-regressive system The last matrix/vector system permits the computation of W n recursively. In the sequel we will develop one case. Assume for example that k = n − 1, we get a 3-level recurrence relation Given the initial values W 0 and W 1 we compute W n for any n ≥ 2.

Case 3: Φ = ω
We propose quitely as for the previous case. For n ≥ 0, let j = j n ≤ n and k = k n ≤ n be such that t n − Φ ≃ t j and t n − ≃ t k , respectively. We obtain the discrete system Denote next The discrete system (20) becomes an auto-regressive system The last matrix/vector system permits the computation of W n recursively as in the previous case. For example, when j = n − 1 and k = n − 2, we get a 4-level recurrence relation Given the initial values W 0 , W 1 and W 2 we compute W n for any n ≥ 3.

Software Simulation
After solving the proposed mathematical models, an optimum time interval for the anti-malicious software to run has been found out. We have simulated the system which runs the anti-malicious software in the network after some particular interval of time and in this the network administrator needs not to check every node for some malicious object. An optimal time interval has obtained by analyzing the rate of change of susceptibility, the infectivity of computer nodes in a computer network. Similarly, in the case of a praypredator system, this optimal time interval obtained by analyzing the graphs for the rate of change prays population and predator population. We have used MATLAB 9.8 as a platform to generate the graphs of the rate of change of susceptibility, the infectivity of computer nodes. The same platform is also used to plot graphs of the rate of change of population of the prey-predator population. These generated graphs are helpful in finding the optimum time interval for the anti-malicious software to run.

Conclusion and Discussion
The behavior of malicious objects in the IoT network is modeled as (3) and solved by employing a numerical method. The behavior of prey i.e. non-infected nodes is analyzed when they are attacked by the predator i.e. malicious objects and the corresponding change in the population of malicious objects are observed which is further depicted by Figure 6. Figure 6(a) and Figure 6 (b) represent the rate of change of the population of non-infected IoT nodes and the the population of malicious objects with respect to time respectively for p k = 1, p = 0, µ = 2.
Based on our result, we analyzed the rate at which the population of noninfected IoT nodes is going to decrease and the population of malicious objects is going to increase over time. Initially, when there is no attack of malicious objects, the population of non-infected IoT nodes is high and as time progresses, non-infected nodes are going to be attacked by the malicious objects and there is a corresponding decrease in the population of non-infected IoT nodes. The infected IoT nodes are going to change into predators i.e. malicious objects increasing the population of malicious objects. Also we employ numerical method to solve system (4), for appropriate values of µ 1 and µ 2 , in particular to the equation involving the rate of change of infected files within a particular node. The rate at which files are affected due to malicious objects within a node and the effect of anti-malicious software can be easily analyzed with the help of Figure 7. When any malicious objects affects a group of nodes in the IoT network, it replicates linearly in them.
Thus initially within a node, malicious objects attack files and anti-malicious software takes some time ω to recover those affected files, reducing the infected files to zero after the run of anti-malicious software and nodes again becomes susceptible. But as the population of malicious objects is already increasing rapidly in the IoT network, it effects the node and attack the files rapidly (Figure 7 : rise in peak) and again anti-malicious software curbs further attack of malicious objects and recovers the node with faster rate within the same time ω.
The threshold conditions are characterized by reproductive number and the system is asymptotically stable if R 0 < 1 and unstable if R 0 > 1. The reproductive number is obtained R 0 = c(X0)β α+m ( n i=1 (1 + pγ k ). We are able to describe the rate at which population of non-infected IoT nodes is going to decrease and population malicious objects is going to increase with respect to time. Self-replication time of malicious objects and latency period of antimalicious software is considered. The concept of intraspecific competition in computer terminology makes us to understand the behavior of different malicious objects which compete with each other to gain entry into the IoT nodes and their attacking nature is also categorically analyzed.

Future Work
Prediction dynamics of malicious objects in IoT network is Simulated by MAT-LAB 9.8. However, the models have to be deployed in the real test bed of the IoT network and it will be our further step of the verification Figure 1 An image of a galaxy  Schematic diagram for model 1 Figure 6 Dynamics of prey and predator population Rate of change of infected les population for =1, m=0.2, =1, p=1.