A dynamic modeling collaborative optimization control method for malware propagation

By quantifying the neighborhood dominance of nodes using the DomiRank centrality method, constructing a heterogeneous infection rate model, and designing a collaborative optimization control framework, the problem of accurate prediction of malware propagation and efficient resource utilization in the Industrial Internet is solved, achieving optimal control effect and cost minimization.

CN122394850APending Publication Date: 2026-07-14SHENYANG INSTITUTE OF CHEMICAL TECHNOLOGY

Patent Information

Authority / Receiving Office
CN · China
Patent Type
Applications(China)
Current Assignee / Owner
SHENYANG INSTITUTE OF CHEMICAL TECHNOLOGY
Filing Date
2026-04-13
Publication Date
2026-07-14

AI Technical Summary

Technical Problem

Existing malware propagation models and control strategies in the Industrial Internet have not adequately considered node heterogeneity, leading to inaccurate risk assessment and inefficient resource allocation. Furthermore, existing strategies are mostly singular or static, making it difficult to achieve optimal control.

Method used

The DomiRank centrality method is used to quantify the neighborhood dominance of devices in the network, a heterogeneous infection rate model is constructed, and a collaborative optimization control framework is used to dynamically adjust control resources to minimize cost and infection scale by combining remediation and defense strategies.

Benefits of technology

It enables accurate prediction and optimal control of malware propagation, reduces network protection resource consumption, and improves the accuracy of risk assessment and control effectiveness.

✦ Generated by Eureka AI based on patent content.

Smart Images

  • Figure FT_1
    Figure FT_1
  • Figure FT_2
    Figure FT_2
  • Figure FT_3
    Figure FT_3
Patent Text Reader

Abstract

A dynamic modeling collaborative optimization control method for malware propagation relates to an industrial internet network security control method, and the present application is based on the average field theory to couple the network structure and dynamics, and constructs a propagation model for quantifying the heterogeneity of infection rate. Specifically, the variable infection rate beta is introduced by using the DomiRank centrality index, a high-level heterogeneous SIS model is established, and its stability is analyzed. By comparing the heterogeneous propagation models based on Degree, PageRank and DomiRank three centrality indexes, the superiority of DomiRank index is verified. Then, the collaborative optimal control strategy is introduced to hinder the propagation. Experimental verification shows that on different network topologies, the model can reduce the propagation risk, inhibit the propagation scale and quantify the threshold change; the collaborative control strategy realizes the minimization of the propagation scale and the minimum of the cumulative total cost.
Need to check novelty before this filing date? Find Prior Art

Description

Technical Field

[0001] This invention relates to a network security control method for the industrial internet, and more particularly to a dynamic modeling and collaborative optimization control method for the propagation of malware. Background Technology

[0002] As the nation actively promotes the construction of the Industrial Internet, machinery, sensors, and control systems are increasingly connected to the network, transforming production lines from "single-machine operation" to "Internet of Everything." While this brings increased production efficiency and easier maintenance, it also makes network structures more complex and interconnected, allowing hackers or malicious software to exploit vulnerabilities and spread rapidly within factories. The attack surface and the risk of potential malicious code propagation are increasing exponentially. Relevant policy documents (such as the "Industrial Internet Innovation and Development Action Plan") emphasize the need to identify critical equipment, predict propagation risks, and promptly block attacks to ensure production safety and the stable operation of key national infrastructure.

[0003] Propagation models based on homogeneity assumptions, such as the classic SIS / SIR, often overlook the amplifying or inhibiting effects of node heterogeneity on propagation thresholds and dynamics, leading to a lack of specificity in risk assessment and control strategies. The classic SIS model assumes that all nodes have the same infection and recovery capabilities, which is severely inconsistent with the reality of varying node importance and connectivity in real-world networks, resulting in distorted predictions. To overcome these limitations, subsequent research introduced heterogeneity models based on node centrality. However, traditional centrality methods, such as degree centrality, betweenness centrality, and PageRank, rely on single metrics and struggle to accurately pinpoint truly critical propagation nodes. This leads to large errors in threshold and peak predictions, unclear intervention priorities, and misjudgments in large-scale device topologies, failing to reveal the local dominance and neighborhood vulnerability of the entire network. Specifically, while these metrics consider heterogeneity, they focus on the number of connections and global prestige of nodes, failing to capture a node's dominance or control over its local domain. Therefore, they may overlook nodes that, while not the global core, are critical local "Achilles' heel."

[0004] Meanwhile, numerous control strategies have emerged to combat the spread of malware, but these strategies often suffer from problems: they are typically single or static, and therefore not optimal. For example, some strategies use a fixed repair rate to restore infected nodes, failing to adapt adaptively; others neglect early protection of high-risk, vulnerable nodes, lacking synergy. Existing control strategies frequently result in either excessive resource waste due to over-control or ineffective control due to insufficient intervention.

[0005] In summary, for the industrial internet field, there is currently no feasible and effective solution for predicting malware propagation behavior using a realistic propagation model and providing cost-effective optimal control strategies. Summary of the Invention

[0006] The purpose of this invention is to provide a dynamic modeling and collaborative optimization control method for malware propagation. This method utilizes the DomiRank centrality method to quantify the neighborhood dominance of devices in the network structure and dynamically maps heterogeneous infection rates based on this, thereby constructing a SIS propagation dynamics model that can profoundly reflect the characteristics of the network topology. Furthermore, based on this model, a collaborative optimal control framework is established. This framework can coordinate and allocate both remediation and defense control resources, minimizing overall costs while ensuring optimal suppression effects. Therefore, this invention is used to predict the propagation status of malware in industrial control networks and provide decision support for formulating and implementing cost-optimal collaborative control strategies.

[0007] The objective of this invention is achieved through the following technical solution: A dynamic modeling and collaborative optimization control method for malware propagation, the method comprising the following steps: a. DomiRank centrality steady-state value calculation Each node in the network is defined as either susceptible (S) or infected (I); the dominance of each node is determined by the DomiRank centrality metric, i.e., its steady-state value. And map it to the heterogeneous infection rate of nodes. ; The dynamic equation defined by DomiRank:

[0008] A is the adjacency matrix of the network, α represents the degree of competition between adjacent individuals, θ represents the control threshold, and β represents the proportionality constant, where α, θ, β > 0. After iterating until convergence, the DomiRank value of each node is obtained. ;

[0009]

[0010] For subsequent mapping work, it is normalized to:

[0011] b. Mapping of heterogeneous infection rates The relationship between the DomiRank steady-state value and the node infection rate can be expressed as:

[0012] Among them, φ controls the degree of heterogeneity of the model. As a baseline infection rate, The rate of heterogeneous infection; c. Domiran-β heterogeneous SIS model construction Consider a network consisting of N nodes, denoted as an undirected graph G=(V,E), where the set of nodes is V and the set of edges is E. Substituting the node-level nonlinear ordinary differential equations, we obtain the dynamic equations of the DomiRank-β heterogeneous SIS model: ; The infection state of node i at time t. This indicates that the node is infected. This indicates that the node is a susceptible node. The corresponding susceptibility probability is... ; μ: Recovery rate, representing the rate at which an infected node recovers to a susceptible state; The infection rate of node j, which is related to the DomiRank centrality of that node; The adjacency matrix elements of the network indicate whether node i and node j are directly connected; they reflect the network's topology. d. Definition of control variables and cost function Repair: Take remedial measures on the infected node I (such as patching security devices or performing antivirus scans on all nodes); this will increase the recovery rate of infected node I; assuming that at time t, the remedial control on node i results in an additional recovery rate of ; Defense: Take defensive measures against vulnerable node S (such as deploying firewalls and strengthening cybersecurity education for operators); this will reduce the probability of vulnerable node S being infected; assuming that at time t, the defensive control measures on node i reduce its probability of infection by a factor. ; Within the control period [0, T], the goal is to minimize both the total number of infections and the cost of the control strategy. Therefore, individual losses and resource consumption of the control strategy are reduced to the constraint of total cost. All individual losses and control resource consumption are assumed to accumulate over a time period T. The objective function (cumulative total cost) J is defined as: ; in , , As a weighting factor, it reflects the attitude towards the trade-off between the loss of infected nodes and the control costs in the process of controlling the spread of malware; , When the value approaches 0, the cost of resource consumption has almost no impact on the objective function J; at this point, we only care about the scale of infection rather than the control cost, which also means that we may adopt a more stringent control strategy, resulting in higher control costs; if we pay more attention to the consumption of cost resources, we can choose a larger weight coefficient, but this also means that we must accept a relatively larger number of infected nodes. The goal is to find the optimal control. and , making Minimize while satisfying control constraints , ; e. Construction of the controlled-Domirank-β model Introducing repair rate into the Domiran-β heterogeneous SIS model and defense coefficient The nodal-level ordinary differential equations for the controlled-Domirank-β model are obtained as follows: ; The first term (recovery term): μ is the rate of recovery. It's the extra recovery rate brought about by repair and control; Second item (Infection): It is the protective effect brought about by defense and control; f. Optimal Control Analysis 1) Constructing the Hamiltonian function

[0013] Hamiltonian This represents the total energy of the entire system; it combines the infection process, repair control, defense control, and the infection dynamics of each node, telling us how to optimize the control strategy to achieve the optimal state of the system; Hamiltonian function. The formula is as follows: ; : Accompanying variables, which are associated with constraints in optimal control and are used to describe the sensitivity of state variables to total cost; : Represents the cost of node infection and the cost of control strategies; : Indicates the impact of the dynamics of infection transmission; Derivation of the adjoint equation The adjoint equation describes the relationship between system state changes and optimal control, helping to derive the optimal values ​​of the control variables; it is derived using Pontryagin's minimum principle, from: ; The adjoint equation is obtained:

[0014] Solving for optimal control pass and Characterizing optimal control; Depend on ,have to:

[0015] Depend on ,have to:

[0016] Combining the constraints, the expression for optimal control is obtained as follows: .

[0017] The advantages and effects of this invention are: 1. To reflect the actual propagation process of malware in complex networks and its impact on propagation dynamics, this invention proposes a heterogeneous SIS malware propagation model. At the same time, it proposes a cooperative optimal control strategy to address the heterogeneity of the model, aiming to effectively utilize limited resources and prevent the large-scale propagation of malware.

[0018] 2. This invention is the first to introduce DomiRank centrality into a malware propagation model and reflects node heterogeneity in complex networks by adjusting the heterogeneous infection rate of nodes. This mapping relationship, by controlling the infection rate of nodes, can accurately describe the propagation process of malware in complex networks. Furthermore, based on the Pontryagin minimum principle, a collaborative optimal control framework based on remediation strategies (improving recovery rate) and defense strategies (suppressing infection rate) is proposed to minimize the peak of malware propagation and reduce the resource consumption of network protection.

[0019] 3. This invention seamlessly integrates propagation prediction and control decision-making. By innovatively introducing "neighborhood dominance" to quantify node heterogeneity, the model can identify structural pivots that traditional methods would overlook, thus profoundly revealing hidden network risks and providing an accurate basis for formulating defense strategies. It is precisely based on this prediction that the collaborative optimal control strategy designed in this invention can achieve maximum effectiveness. It can dynamically optimize the investment of repair and defense resources according to the propagation situation, achieving the best control effect while minimizing the total cost composed of infection loss and control overhead. Attached Figure Description

[0020] Figure 1 This is the overall flowchart of the present invention; Figure 2 This is a graph showing the propagation curve of malware based on a degree-centrality heterogeneous model on the BA network according to the present invention. Figure 3This is a diagram of heterogeneous propagation curves based on PageRank centrality on the BA network according to the present invention; Figure 4 This is a diagram illustrating the heterogeneous propagation of DomiRank centrality in the BA network according to the present invention. Figure 5 This invention compares the propagation curves of heterogeneous SIS models with different centralities, and presents a predicted infection node diagram for three centrality indicators under each heterogeneity coefficient condition. Figure 6 This is a comparison chart of the infection density between the collaborative control strategy of this invention and other strategies; Figure 7 This is a comparison chart of the total cost of the collaborative control strategy of this invention with other strategies. Detailed Implementation

[0021] The present invention will be further described in detail below with reference to the accompanying drawings and specific embodiments, but this is not intended to limit the technical solutions of the present invention.

[0022] DomiRank centrality steady-state value calculation Each node in the network is defined as either susceptible (S) or infected (I). The dominance of each node is determined by the DomiRank centrality metric, i.e., its steady-state value. And map it to the heterogeneous infection rate of nodes. .

[0023] a. Dynamic equations defined by DomiRank:

[0024] A is the adjacency matrix of the network, α represents the degree of competition between adjacent individuals, θ represents the control threshold, and β represents the proportionality constant, where α, θ, β > 0. After iterating until convergence, the DomiRank value of each node is obtained. ;

[0025] For subsequent mapping work, it is normalized to:

[0026] b. Mapping of heterogeneous infection rates The relationship between the DomiRank steady-state value and the node infection rate can be expressed as:

[0027] Among them, φ controls the degree of heterogeneity of the model. As a baseline infection rate, This represents the heterogeneous infection rate.

[0028] Domirank-β heterogeneous SIS model construction Consider a network consisting of N nodes, denoted as an undirected graph G=(V,E), where V is the set of nodes and E is the set of edges. Substituting the node-level nonlinear ordinary differential equations, we obtain the dynamic equations of the DomiRank-β heterogeneous SIS model: ; The infection state of node i at time t. This indicates that the node is infected. This indicates that the node is a susceptible node. The corresponding susceptibility probability is... ; μ: Recovery rate, representing the rate at which an infected node recovers to a susceptible state; The infection rate of node j, which is related to the DomiRank centrality of that node; The adjacency matrix elements of the network indicate whether node i and node j are directly connected. It reflects the network's topology. d. Definition of control variables and cost function Repair: Take remedial measures on the infected node I (such as patching security vulnerabilities on all nodes, or performing antivirus scans). This will increase the recovery rate of infected node I. Assume that at time t, the remedial control on node i results in an additional recovery rate of... .

[0029] Defense: Take defensive measures against vulnerable node S (such as deploying firewalls and strengthening cybersecurity education for operators). This will reduce the probability of vulnerable node S being infected. Assume that at time t, the defensive controls on node i reduce its probability of infection by a factor. .

[0030] Within the control period [0, T], the goal is to minimize both the total number of infections and the cost of the control strategy. Therefore, individual losses and resource consumption of the control strategy are reduced to constraints on the total cost. All individual losses and control resource consumption are assumed to accumulate over a time period T. The objective function (cumulative total cost) J can be defined as: ; in , , As a weighting factor, it reflects our attitude towards the trade-off between the loss of infected nodes and the cost of control in the process of controlling the spread of malware. , When the value approaches zero, the cost of resource consumption has almost no impact on the objective function J. At this point, we only care about the scale of infection rather than the control cost, which means we may adopt a more stringent control strategy, resulting in higher control costs. If we pay more attention to the cost of resource consumption, we can choose a larger weighting coefficient, but this also means we must accept a correspondingly larger number of infected nodes.

[0031] The goal is to find the optimal control. and , making , Minimize while satisfying control constraints .

[0032] e. Construction of the controlled-Domirank-β model Introducing repair rate into the Domiran-β heterogeneous SIS model and defense coefficient The nodal-level ordinary differential equations for the controlled-Domirank-β model are obtained as follows: ; The first term (recovery term): μ is the rate of recovery. It's the extra recovery rate brought about by repair and control; Second item (Infection): It is the protective effect brought about by defense and control. f. Optimal Control Analysis Constructing the Hamiltonian function H The Hamiltonian H represents the total energy of the entire system. It combines the infection process, repair control, defense control, and the infection dynamics of each node, telling us how to optimize control strategies to achieve the optimal state of the system. The formula for the Hamiltonian function H is as follows:

[0033] : Accompanying variables, which are associated with constraints in optimal control and are used to describe the sensitivity of state variables to total cost; : Represents the cost of node infection and the cost of control strategies; : Indicates the impact of infection transmission dynamics Derivation of the adjoint equation The adjoint equation describes the relationship between system state changes and optimal control, helping to derive the optimal values ​​of the control variables. It is derived using Pontryagin's minimum principle, from: The adjoint equation is obtained:

[0034] Solving for optimal control and Characterize optimal control.

[0035] Depend on have to:

[0036] Depend on ,have to:

[0037] Combining the constraints, the expression for optimal control can be obtained as follows:

[0038] Highly interconnected network environments (such as the Industrial Internet) exacerbate the risk of malware propagation. Existing propagation models often rely on the assumption of homogeneity among nodes, neglecting the differences in propagation influence caused by differences in node location and function. This may lead to distorted risk assessment and inefficient resource allocation.

[0039] To address this issue, this invention proposes a method for modeling and collaboratively controlling the heterogeneous propagation of malware. This method abandons traditional assumptions and constructs a propagation dynamics model that accurately reflects the heterogeneity of network structure by quantifying the "neighborhood dominance" of each node within its local network, significantly improving the accuracy of risk prediction. Based on this model, this invention further designs a set of collaborative optimal intervention strategies, achieving efficient suppression of malware propagation at minimal cost by dynamically balancing control effectiveness and economic costs.

[0040] See Figure 1 The figure shows the overall flowchart of a malware heterogeneous propagation modeling and cooperative optimal control based on node neighborhood dominance provided by the present invention. The following steps are performed according to the flowchart of the present invention: The system first enters the heterogeneous propagation modeling stage. It generates an adjacency matrix by collecting network topology information and then iteratively calculates the DomiRank score of each node to characterize its actual role in the propagation process. The system then assigns a unique infection rate to each node in the network using a mapping function with adjustable heterogeneity coefficients based on the obtained steady-state values. These values ​​are then substituted into the dynamic equations to generate a curve showing the change in the number of infected nodes over a future period, providing intuitive and accurate data support for risk assessment.

[0041] Then, the cooperative optimal control stage begins, introducing two time-varying control methods—a repair strategy for infected nodes and a defense strategy for susceptible nodes—while simultaneously establishing a total cost function J. The Pontryagin minimum principle is applied to solve for the optimal control combination that minimizes the objective function J within the control cycle.

[0042] Finally, the optimal control combination provides security assurance for network security based on the repair strength and defense strength.

[0043] The technical effects of this invention will be verified through numerical analysis experiments below. All experiments were conducted on a BA scale-free network with 1000 nodes, with a baseline infection rate β0 = 0.035 and a recovery rate μ = 0.1.

[0044] To demonstrate the uniqueness and superiority of this invention in terms of model, comparative experiments were conducted.

[0045] Figure 2 Malware propagation curves based on a degree-centrality heterogeneous model are presented on the BA network.

[0046] Figure 3 The graph shows the heterogeneous propagation curve based on PageRank centrality on the BA network.

[0047] Figure 4 A diagram illustrating heterogeneous propagation on the BA network based on the DomiRank centrality mentioned in this invention is provided.

[0048] The model of this invention exhibits different and more insightful dynamic behavior, revealing a stark reality. Observation Figure 4 It can be seen that when the heterogeneity coefficient is 0, the DomiRank-based heterogeneous model predicts that malware propagation will not disappear, but rather form a local equilibrium point. This phenomenon is consistent with... Figure 2 Figure 3 In stark contrast, DomiRank successfully identified a core propagation backbone overlooked by degree and PageRank. Therefore, DomiRank-based model predictions better reflect the persistent presence of viruses in key areas of real-world networks. In other words, classical centrality-based determinations underestimate early risks, while DomiRank provides a more conservative view of reality.

[0049] Figure 5 This is a comparison of the propagation curves of heterogeneous SIS models with different centralities, and the predicted infection nodes under each heterogeneity coefficient condition based on three centrality indicators.

[0050] Depend on Figure 5As can be seen, for all levels of heterogeneity, the model of this invention predicts a higher final steady-state infection scale than the two baseline models, and the propagation speed is faster with a shorter outbreak window. This difference stems from the unique mechanism of DomiRank, which not only identifies central nodes but also identifies "structural pivots" that exert influence by "dominating" their neighborhoods. When the virus's propagation ability is concentrated on these dominant nodes, they can more effectively undermine the resistance of the local network, triggering a wider and more intense cascading propagation, which may be closer to the process of malware propagation across networks in real-world networks.

[0051] Figure 6 This diagram illustrates the effects of suppressing propagation using no control strategy, a single control strategy, and a collaborative control strategy. Specifically, it reduces the number of infected nodes.

[0052] Based on a scenario of rapid malware outbreaks without control strategies, the graph shows that both repair-only control and repair-defense coordinated control can quickly suppress propagation. The difference between the two strategies lies in the fact that repair-only control still leaves residual infected nodes when it reaches a steady state, while repair-defense coordinated control can completely eliminate infected nodes, and the reduction time is shorter than with repair-only control. Defense-only control, unable to eliminate remaining infected nodes, maintains local prevalence in the mid-to-late stages, but its peak infection rate is lower than that under the no-control strategy, indicating that the defense strategy also plays a role.

[0053] Figure 7 The cumulative total cost bar chart reveals the economic effectiveness of the collaborative control strategy of this invention.

[0054] Figure 7 The results show that, under the same containment objective, the cooperative control strategy not only achieves the best control effect, but also has the lowest cumulative cost J among all control strategies. This fully demonstrates that the present invention, through optimized resource allocation, successfully achieves an optimal balance between control effectiveness and economic cost, enabling the best propagation suppression at the lowest cost, and possesses extremely high practical application value.

[0055] It should be noted that the above description is one embodiment provided in conjunction with specific content, and it should not be construed that the specific implementation of the present invention is limited to these descriptions. Any structure or device similar to that of the present invention, or any technical deductions or substitutions made under the premise of the present invention, should be considered within the scope of protection of the present invention.

Claims

1. A dynamic modeling and collaborative optimization control method for malware propagation, characterized in that, The method includes the following procedures: a. DomiRank centrality steady-state value calculation Each node in the network is defined as either susceptible (S) or infected (I); the dominance of each node is determined by the DomiRank centrality metric, i.e., its steady-state value. And map it to the heterogeneous infection rate of nodes. ; The dynamic equation defined by DomiRank: ; A is the adjacency matrix of the network, α represents the degree of competition between adjacent individuals, θ represents the control threshold, and β represents the proportionality constant, where α, θ, β > 0. After iterating until convergence, the DomiRank value of each node is obtained. ; ; For subsequent mapping work, it is normalized to: ; b. Mapping of heterogeneous infection rates The relationship between the DomiRank steady-state value and the node infection rate can be expressed as: ; Among them, φ controls the degree of heterogeneity of the model. As a baseline infection rate, The rate of heterogeneous infection; c. Domiran-β heterogeneous SIS model construction Consider a network consisting of N nodes, denoted as an undirected graph G=(V,E), where the set of nodes is V and the set of edges is E. Substituting the node-level nonlinear ordinary differential equations, we obtain the dynamic equations of the DomiRank-β heterogeneous SIS model: ; The infection state of node i at time t. This indicates that the node is infected. This indicates that the node is a susceptible node. The corresponding susceptibility probability is... ; μ: Recovery rate, representing the rate at which an infected node recovers to a susceptible state; The infection rate of node j, which is related to the DomiRank centrality of that node; The adjacency matrix elements of the network indicate whether node i and node j are directly connected; they reflect the network's topology. d. Definition of control variables and cost function Repair: Take remedial measures for the infected node I, namely, apply security patches and perform antivirus scans on all nodes; this will increase the recovery rate of infected node I; assuming that at time t, the remedial control for node i results in an additional recovery rate of ; Defense: Take defensive measures against vulnerable node S (such as deploying firewalls and strengthening cybersecurity education for operators); this will reduce the probability of vulnerable node S being infected; assuming that at time t, the defensive control measures on node i reduce its probability of infection by a factor. ; Within the control period [0, T], the goal is to minimize both the total number of infections and the cost of the control strategy. Therefore, individual losses and resource consumption of the control strategy are reduced to the constraint of total cost. All individual losses and control resource consumption are assumed to accumulate over a time period T. The objective function (cumulative total cost) J is defined as: ; in , , As a weighting factor, it reflects the attitude towards the trade-off between the loss of infected nodes and the control costs in the process of controlling the spread of malware; , When the value approaches 0, the cost of resource consumption has almost no impact on the objective function J; at this point, we only care about the scale of infection rather than the control cost, which also means that we may adopt a more stringent control strategy, resulting in higher control costs; if we pay more attention to the consumption of cost resources, we can choose a larger weight coefficient, but this also means that we must accept a relatively larger number of infected nodes. The goal is to find the optimal control. and , making , Minimize while satisfying control constraints , ; e. Construction of the controlled-Domirank-β model Introducing repair rate into the Domiran-β heterogeneous SIS model and defense coefficient The nodal-level ordinary differential equations for the controlled-Domirank-β model are obtained as follows: ; The first term, recovery term: μ, is the rate of recovery. The additional recovery rate brought about by repair control; Second infection item: It is the protective effect brought about by defense and control; f. Optimal Control Analysis 7) Construct the Hamiltonian function H The Hamiltonian H represents the total energy of the entire system; it combines the infection process, repair control, defense control, and the infection dynamics of each node, telling us how to optimize the control strategy to achieve the optimal state of the system; the formula for the Hamiltonian function H is as follows: ; : Accompanying variables, which are associated with constraints in optimal control and are used to describe the sensitivity of state variables to total cost; : Represents the cost of node infection and the cost of control strategies; : Indicates the impact of the dynamics of infection transmission; 8) Derive the adjoint equation The adjoint equation describes the relationship between system state changes and optimal control, helping to derive the optimal values ​​of the control variables; it is derived using Pontryagin's minimum principle, from: The adjoint equation is obtained: ; 9) Solving for optimal control pass and Characterizing optimal control; Depend on ,have to: Depend on ,have to: Combining the constraints, the expression for optimal control is obtained as follows: .