DNM-EWS: A DYNAMIC COMPLEX NETWORK FRAMEWORK FOR PROPAGATION MALWARE DETECTION AND EARLY WARNING

(Received: 3-Jan.-2026, Revised: 27-Feb.-2026 , Accepted: 30-Mar.-2026)

Authors Shorouq Al-Eidi,

Keywords #Cybersecurity #Malware propagation #Dynamic networks #Complex network metrics #Early-warning system #Anomaly detections

Abstract Early warning of fast-spreading malware is still a critical challenge in enterprise networks, where traditional signature-based and post-infection behavioral methods provide limited preventive capability. This paper proposes the Dynamic Network Metric Early Warning System (DNM-EWS), which can detect pre-propagation indicators of compromise through continuous analysis of time-evolving communication topologies. DNM-EWS integrates temporal complex-network metrics with adaptive statistical baselines to generate an interpretable composite risk score for real-time anomaly detection. Experimental evaluation on enterprise NetFlow data, heterogeneous simulated attacks and a public intrusion dataset demonstrates pre-propagation detection results with an average detection time of five minutes before the attack propagation, very low false-positive rates of about 1% to 3% and even up to 57% of attack-scale reduction compared to static and volume-based detection approaches. The results highlight effectiveness and potential of dynamic topology analysis in the early warning of malware propagation in the enterprise environment.

References

[1] N. I. Che Mat, N. Jamil, Y. Yusoff and M. L. Mat Kiah, "A Systematic Literature Review on Advanced Persistent Threat Behaviors and Its Detection Strategy," Journal of Cybersecurity, vol. 10, no. 1, DOI: 10.1093/cybsec/tyad023, 2024.

[2] G. Gebrehans et al., "Generative Adversarial Networks for Dynamic Malware Behavior: A Comprehensive Review, Categorization and Analysis," IEEE Transactions on Artificial Intelligence, vol. 6, no. 8, pp. 1955-1976, DOI: 10.1109/tai.2025.3537966, 2025.

[3] W. Guo, W. Du, X. Yang, J. Xue, Y. Wang, W. Han and J. Hu, "MalHAPGNN: An Enhanced Call Graph-based Malware Detection Framework Using Hierarchical Attention Pooling Graph Neural Network," Sensors, vol. 25, no. 2, DOI: 10.3390/s25020374, 2025.

[4] Y. Guo, "A Review of Machine Learning-based Zero-day Attack Detection: Challenges and Future Directions," NIST Technical Series Publication, [Online], Available: https://tsapps.nist.gov/publication/get_pdf. cfm?pub_id=934769, 2023.

[5] D. Javaheri et al., "DeepRadar: A Cyber-defence Interceptor for Early Warning and Defusing," Knowledge-based Systems, vol. 331, p. 114830, 2025.

[6] L. Li, J. Cui, R. Zhang, H. Xia and X. Cheng, "Dynamics of Complex Networks: Malware Propagation Modeling and Analysis in Industrial Internet of Things," IEEE Access, vol. 8, pp. 64184-64192, 2020.

[7] A. A. Mir, M. F. Zuhairi, S. Musa and A. Namoun, "Adaptive Anomaly Detection in Dynamic Graph Networks," Proc. of the 2024 Int. Visualization, Informatics and Technology Conf. (IVIT), pp. 156-161, DOI: 10.1109/IVIT62678.2024.10709088, 2024.

[8] K. Pappu, P. D. Joshi, R. A. Dandekar, R. Dandekar and S. Panat, "Understanding Malware Propagation Dynamics through Scientific Machine Learning," arXiv preprint, arXiv: 2507.07143, 2025.

[9] A. Redhu, P. Choudhary, K. Srinivasan and T. K. Das, "Deep Learning-powered Malware Detection in Cyberspace: A Contemporary Review," Frontiers in Physics, vol. 12, p. 1349463, 2024.

[10] A. Martin-del Rey, "A Novel Model for Malware Propagation on Wireless Sensor Networks," Mathematical Biosciences and Engineering, vol. 21, no. 3, pp. 3967-3998, 2024.

[11] A. Shah and L. Nawaf, "Malware Detection Using Deep Learning Approaches," Preprints.org, DOI: 10.20944/preprints202407.1214.v1, 2024.

[12] I. Sharafaldin, A. H. Lashkari and A. A. Ghorbani, "Toward Generating a New Intrusion Detection Dataset and Intrusion Traffic Characterization," Proc. of the 4th Int. Conf. on Information Systems Security and Privacy (ICISSP), pp. 108-116, DOI: 10.5220/0006639801080116, 2018.

[13] S. Uddin, L. Hossain, S. T. Murshed and J. W. Crawford, cStatic versus Dynamic Topology of Complex Communications Network during Organizational Crisis," Complexity, vol. 16, no. 5, pp. 27-36, 2011.

[14] S. Wang et al., "Heterogeneous Graph Matching Networks for Unknown Malware Detection," Proc. of the 28th Int. Joint Conf. on Artifi. Intelli. (IJCAI), pp. 3762-3770, DOI: 10.24963/ijcai.2019/522, 2019.

[15] P. Xiao, "Network Malware Detection Using Deep Learning Network Analysis," Journal of Cyber Security and Mobility, vol. 13, no. 1, pp. 27-52, 2023.

[16] Z. Zhang, Y. Li, W. Wang, H. Song and H., Dong, "Malware Detection with Dynamic Evolving Graph Convolutional Networks," Int. Journal of Intelligent Systems, vol. 37, no. 10, pp. 7261-7280, 2022.