A queueing model for observation of suspicious data

In this paper we describe a model for detecting, observing and recovering suspicious data packets(customers) arriving to networks. Packets arrive according to a Markovian arrival process to a multi server station. An arriving packet is suspected to be malicious with a probability p or transmitted with the complimentary probability 1 - p: A suspected packet is sent to an observation pool. When a packet reaches the pool, two random clocks starts ticking. One of the random clocks shows Erlang distributed times, this is the duration of observation . The second clock on realization gives the duration for generating the status of being malware affected or not and this clock gives Coxian distributed times. A packet gets transmitted from pool upon realization of the Erlang clock, provided the Coxian clock does not realize until this point of time. If the Coaxian clock realizes rst, then the packet is assumed to be malware infected and it is sent to a multi server station for the recovery and then transmitted after the recovery process. This system is modeled as a continuous time Markov chain and is analyzed using matrix analytic method. The model is illustrated numerically.