DYNAMIC MODEL ON THE SPREAD OF BOTS FOR AN E-COMMERCE NETWORK

— The primary goal of e-commerce network is to sell goods and services online. Increasing usages of e-commerce network increases the security loop holes in the network. Nodes of an e-commerce network can be easily compromised by various types of malware. The nature of the spread of malware among the nodes of an e-commerce network can be easily compared with the spread of biological viruses (infectious diseases) within human population of any locality. So we can easily apply the epidemic model for the spread of infectious disease within human population into the spread of malware among the nodes of a computer network. Various types of malware are used to attack the network of an organization, but, here, in this paper we concentrate and formulate a dynamic model for the propagation of bots in an e-commerce network and study its dynamic behavior. After categorizing the nodes of the network, based on their interface to the Internet, we have proposed two sub-models to formulate the overall architecture of the model. A schematic compartmental model is designed to represent the propagation of bots within the network and then differential equation model is formulated to represent the dynamics of all the compartments, respectively. The proposed system is solved and the basic reproduction number is also calculated to analyze the stability of the system. At the end, we have shown the result of numerical simulations using MATLAB to support the dynamism of our proposed model.


I. INTRODUCTION
E-commerce has presented a new way of doing business all over the world using Internet. It refers to a wide range of online business activities for products and services. It is a powerful tool for business transformation that allows companies to enhance their supply-chain operation, reach new markets, and improve services for customer as well as for providers [10]. Commercial activities over the Internet have been growing in an exponential manner over the last few years. As the world becomes more electronically connected, systems running on network become more vulnerable to cyber-attack and this has posted a serious challenge for information security. Web based attacks are considered to be the greatest threat to any business or state as it is related to the confidentiality, availability, and integrity of the data for the business and the state, respectively.
Major types of cyber-attacks on e-commerce network includes fraudulent-email, pharming, snooping the shopper's computer, malware, man in the middle attack, Cross Site Scripting (CSS), password attacks, etc. Here, in this paper, we concentrate on a specific type of malware attack, known as bots attack, which is the basis for formulation of our proposed model and its solution, is discussed throughout the remaining portion of this paper.
There are many different classes of malware that have varying ways of infecting systems and propagating themselves. Some of the more commonly known types of malware are viruses, worms, Trojans, bots, back doors, spyware, and adware. A malicious bot is self-propagating malware designed to infect a host and connect back to a central server or servers that act as a command and control (C&C) center for an entire network of compromised devices, known as "botnet". The term botnet comes from robot net In this section we will develop a model on the attack and spread of bots among the nodes within an e-commerce network. Several mathematical models have been developed which give clear view of attacking behavior as well as the transmission of malicious codes in network [1][2][3][4][5][6][7][8][9]. A typical e-commerce network consists of various types of computers, viz.; workstations, servers, routers and other devices also. Server may be of different types, viz.; web server, database server, application server, mail server, etc. All the servers are internal to the network, i.e.; they are not directly connected to the outside world. Apart from the servers there are some other workstations which are internal to the network and forms the backbone of the network, i.e.; an attacker or a valid client can't directly interact with those nodes also. But there will be some other computers (external nodes) which are the interfaces to the backbone of that network, i.e.; an attacker or a valid client can directly connect to those computers with the help of the Internet. A work. The computers under the botnet are the collection of computers that are connected to the internet and have been compromised by a cracker, computer virus, bots or Trojan horse and can be used to perform malicious tasks of one sort or another under the control of a remote server known as "bot herder" or "bot master" or "commandand-control (C&C) server". In most of the cases the owner of the systems of botnet are unaware that their systems are being used in this way and hence, these computers are metaphorically compared to zombies. The zombie computers of the botnet, which are controlled by a C&C server, are used to forward transmissions, including spam, viruses or worms to other computers on the e-commerce network. Bots have all the advantages of worms, but are generally much more versatile in their infection vector, and are often modified within hours of publication of a new exploit [14].

II. MODELING THE SYSTEM
bot master or C&C server first target those interface nodes of that network and turn them to zombie computers with the help of bots and turn them to the part of its botnet. Now those zombies will be controlled by the bot master. The bot master, with the help of those zombies, can infect other computers of that network by transmitting bots throughout the network and can reach and infect the targeted server of that network to make the entire network to crash. This scenario can be represented schematically as shown in the following fig. 1.
Considering the above discussed scenario, we have created a schematic model consisting of two different, but interactive models. Before we proceed with the mathematical modeling of the above mentioned framework, we briefly discuss the basic assumption which will guide our formulation of equation system as follows. Dynamic model for infectious diseases are mostly based on compartment structures that were initially proposed by  and later developed by other mathematicians. To formulate a dynamic model on the transmission of an epidemic disease, the entire population in a given region is often divided into several different groups or compartments. In this paper we apply "S-I-S" model for the population of the external computers which are directly connected to the Internet. Initially all the external nodes which are directly connected to the outside of the network through Internet are placed in "S" class. But, once a node of "S" class is infected by the bots sent from a "C&C server" to turn it into a zombie computer, that node is transferred into the "I" class. As the non-availability of the external node directly affect the services it provides to its client nodes, the nodes in the "I" class of our "S-I-S" model are repaired immediately with the help of antimalware software or any other means of repair and hence it is transferred back to the "S" class to resume its operation. The population of the internal nodes of our e-commerce network is used to form the "S-I-Q-S" model. Initially all the internal nodes of our network are placed into the "S" class. The nodes of that "S" class may be affected by the zombies of the "S-I-S" model. Once, a node from "S" class is infected by the zombies of "S-I-S" model, it is transferred into the "I" class. The nodes of the "I" class are quarantined and transferred into "Q" class. The non-availability of the internal nodes may hamper the communication process within the network and hence the quarantine nodes are repaired immediately and transferred to the "S" class again to resume their operation. The entire population of the computers of our network is divided into the following five compartments: (i) Susceptible-External (S e ): represents the external nodes which are susceptible to direct attack from bots of an existing botnet.
(ii) Infectious-External (I e ): represents the infected external nodes which are infectious and are capable of spreading the bots to other susceptible nodes.
(iii) Susceptible-Internal(S): represents the internal nodes which are susceptible to the attack from the zombie computers of the botnet.
(iv) Infectious-Internal (I): represents the infected internal nodes which are infectious and are capable of spreading the bots to other susceptible nodes.
(v) Quarantine (Q): represents the internal nodes which are infected and separated.
The study of epidemic dynamics is an important theoretic approach to investigate the transmission dynamics of infectious diseases. It formulates mathematical models to describe the mechanism of disease transmissions and dynamics of infectious agents. Different transmission rates which are used to show the dynamism of our model are as follows: b: birth rate as well as death rate of the suspected external nodes; β: transmission rate coefficient; α: quarantine rate coefficient; σ: loss of immunity rate coefficient; µ: death rate of external nodes due to attack. In the above equation (b), S e, and I e represents the fraction of the total nodes from susceptible and infectious categories, respectively, present in the external part of an ecommerce network of an organization. By using the equations (a) and (b), respectively, we may simplify the above mentioned two systems equations, viz.; (1) and (2), into the following system equation: Let U be used to represent the feasible region for the corresponding system (3) for the model given in the fig.1. Hence we may write U as follows:

III. SOLUTION AND BASIC REPRODUCTION NUMBER
In this section, we discuss about the solution of the system developed and find out the basic reproduction number, which helps us to analyze the stability of the system.

A. Solution of the System (Calculation of Equilibrium Points)
To calculate the equilibrium points for the proposed model, we set the right sides of the model equations of system (3) equal to zero, that is, Using the above mentioned three equations, the trivial bots free equilibrium is obtained at point E 1 ≡ (1, 0, 0) and the endemic equilibrium is found at point E 2 ≡ ( S * , I * , I e * ), where,

B. Basic Reproduction Number
The basic reproduction number, also known as threshold number, is defined by the average number of secondary infections produced by one infected node of a network during the mean course of infection in completely susceptible nodes of the network. This is also simply known as reproductive number and is denoted by R 0 . The essential condition for an epidemic to occur is that the number of infected nodes should increase i.e.

IV. STABILITY OF THE SYSTEM
In this section we discuss the local stability at bots free equilibrium as well as at endemic equilibrium. To examine the local stability of the equilibria of system (3), for its Jacobian matrix J E1 , we need to find out its eigenvalue. The characteristic equation for the above matrix (J E1 ) is given as follows:

Theorem 1. The malware free equilibrium E 1 of system (3) is locally asymptotically stable in U if
that, σ and α are always positive, so the second (λ 2 ) and third (λ 3 ) Eigen values are negative. Let us assume that the first Eigen value (λ 1 ) is also negative, i.e. 0 ) , which is equivalent to 1 0 < e R and that can be proved as follows:

Theorem 2.The endemic equilibrium E 2 of system (3) is locally asymptotically stable in U, if
Proof. Following the same way as above Theorem 1, the system (3)

V. SIMULATION AND DISCUSSION
In this section we will show the result of numerical simulations using MATLAB to support the dynamism of our formulated model.

A. Stability at Bots Free Equilibrium
The dynamic behavior of the entire population of system (3) is examined through simulation and the result is displayed in fig.2. The simulation is done for three different initial conditions, (S, I, I e ) ≡ ((0.3,0.5,0.2), (0.5,0.3,0.2), (0.7,0.2,0.1)) and we get the resultant data about the number of computer in different classes for all of the above three conditions as follows, (S, I, I e ) ≡ ((1.000,0.000,0.000), (1.000,0.000,0.000), (1.000,0.000,0.000)), i.e., final states are same for all the conditions and there are no infectious nodes present in the system when R 0e < 1. At this point the system is stable because all the bots are wiped out from the system and hence our proposed model is found to be asymptotically stable at R 0e < 1.

B. Stability at Endemic Equilibrium
The stability of endemic equilibrium point is shown in fig. 3 for three different initial conditions same as fig. 2. Here also, we get the unique final states for all the given conditions as follows: (S, I, I e ) ≡ ((0.0100, 0.2475, 0.9250), (0.0100, 0.2475, 0.9250), (0.0100, 0.2475, 0.9250)). Hence the system is stable at this point, though the bots exists in the system. It is also found from the fig.3 that the system is asymptotically stable at this point when R 0e > 1.  Ie1  S2  I2  Ie2  S3  I3  Ie3   I1,I2,I3 Ie1,Ie2,Ie3 S1,S2,S3 From our resultant data we can say that our proposed system become stable at R0 > 1 due to the increase of quarantine nodes from Q 1 to Q 2 , where Q 2 > Q 1, as β is increased from 0.12 to 0.92. It is also observed from fig.4, that the system is asymptotically stable at R 0 > 1, but bots till exists in the system.   fig. 5. , that the number of bots increases as β increases over time but the system becomes stable after a certain point of time and it proves that the endemic equilibrium is asymptotically stable at R 0e > 1.

E. I VS Q by changing the values of β and α
The dynamisms of I vs. Q while changing the values of β and α to satisfy the following two conditions, i.e. R 0e ≤ 1 and R 0e > 1, are shown in fig. 6 and the resultant data of the simulation are presented in Table 1.  It is found from the following Table 1, that there will be no bots in the system when R 0e ≤ 1, which is a bots free equilibrium state and bots exists when R 0e > 1, i.e.; endemic equilibrium state. Fig. 6 also shows that the bots free equilibrium is asymptotically stable when R 0e ≤ 1 and endemic equilibrium is also asymptotically stable when R 0e > 1.

VI. CONCLUSION
In this paper, we have formulated an epidemic model to study the dynamics of the spread of bots in an e-commerce network through botnet. Categorizing the nodes of the networks based on their interface to the Internet, we have formulated two sub systems to represent the entire system for the propagation of bots. We have observed that if the basic reproduction number is less than unity, then the system is bots free and the bot free equilibrium is locally asymptotically stable. It is also found that when the reproduction number is greater than one, the system is also stable although bots persist in the system. During the analysis of the dynamism of the proposed model it is also found that the Infectious-Internal nodes are increased up to a certain peak over a period of time, but after a certain point of time it stabilizes. And while analyzing the dynamism of Infectious nodes over the Quarantine nodes by increasing the infectivity contact rate, it is found that bots can exists in the system if R 0e > 1, but the system is bots free when R 0e ≤ 1.