Eradication and recovery in Cybersecurity - Time & Space Complexity

When dealing with eradication and recovery in cybersecurity, it's important to understand how the time needed grows as the size of the affected system or data increases.

We want to know how the effort to remove threats and restore systems changes when more files or devices are involved.

Analyze the time complexity of the following simplified eradication and recovery process.

for infected_file in infected_files:
    scan infected_file for malware
    remove malware from infected_file
    restore infected_file from backup

verify system integrity after all files processed
    

This code scans each infected file, removes malware, restores it, and then checks the system once at the end.

Look for repeated steps that take most of the time.

• Primary operation: Loop over each infected file to scan, clean, and restore.
• How many times: Once for every infected file, so the number of infected files determines the repeats.

As the number of infected files grows, the total work grows too.

Input Size (n)	Approx. Operations
10	About 10 scans, removals, and restores
100	About 100 scans, removals, and restores
1000	About 1000 scans, removals, and restores

Pattern observation: The work grows directly with the number of infected files. Double the files, double the work.

Time Complexity: O(n)

This means the time to eradicate and recover grows in a straight line with the number of infected files.

[X] Wrong: "The verification step after all files is as costly as scanning each file."

[OK] Correct: The verification runs once after all files, so its cost does not grow with the number of files and is much smaller compared to the repeated scanning and cleaning.

Understanding how eradication and recovery scale helps you explain how to handle incidents efficiently and plan resources well in real situations.

What if we added a nested scan inside each file that checks every byte twice? How would the time complexity change?