Patching nodes is an effective network defense strategy for malware control at early stages, and its performance is primarily dependent on how accurately the infection propagation is characterized. In this paper, we aim to design a novel patching policy based on the susceptible-infected epidemic network model by incorporating the influence of patching delay--the type of delay that has been largely overlooked in designing patching policies in the literature, while being prevalent in practice. We first identify 'critical edges' that form a boundary to separate the most likely infected nodes from the nodes which would still remain healthy after the patching delay. We next leverage the critical edges to determine which nodes to be patched in light of limited patching resources at early stages. To this end, we formulate a constrained graph partitioning problem and use its solution to identify a set of nodes to patch or vaccinate under the limited resources, to effectively prevent malware propagation from getting through the healthy region. We numerically validate that our patching policy significantly outperforms other baseline policies in protecting the healthy nodes under limited patching resources and in the presence of patching delay.

翻译：节点打补丁是早期恶意软件控制的有效网络防御策略，其性能主要取决于对感染传播特征的准确刻画。本文基于易感-感染流行病网络模型，旨在设计一种新型补丁策略，该策略特别纳入了补丁延迟的影响——这种延迟在现有文献的补丁策略设计中常被忽视，但在实践中却普遍存在。我们首先识别出‘关键边’，这些边构成了一道边界，将最可能被感染的节点与在补丁延迟后仍可能保持健康的节点分离开来。接着，我们利用这些关键边，结合早期阶段有限的补丁资源，确定需要打补丁的节点。为此，我们构建了一个约束图划分问题，并利用其解来识别在资源有限条件下应进行补丁或免疫的节点集合，以有效阻止恶意软件传播侵入健康区域。数值验证表明，在补丁资源有限且存在补丁延迟的情况下，我们的补丁策略在保护健康节点方面显著优于其他基线策略。