https://jjcit.org/paper/288 10.5455/jjcit.71-1767010158 Shorouq Al-Eidi Cybersecurity,Malware propagation,Dynamic networks,Complex network metrics,Early-warning system,Anomaly detections 606 226 3-Jan.-2026 27-Feb.-2026 30-Mar.-2026 Early warning of fast-spreading malware is still a critical challenge in enterprise networks, where traditional signature-based and post-infection behavioral methods provide limited preventive capability. This paper proposes the Dynamic Network Metric Early Warning System (DNM-EWS), which can detect pre-propagation indicators of compromise through continuous analysis of time-evolving communication topologies. DNM-EWS integrates temporal complex-network metrics with adaptive statistical baselines to generate an interpretable composite risk score for real-time anomaly detection. Experimental evaluation on enterprise NetFlow data, heterogeneous simulated attacks and a public intrusion dataset demonstrates pre-propagation detection results with an average detection time of five minutes before the attack propagation, very low false-positive rates of about 1% to 3% and even up to 57% of attack-scale reduction compared to static and volume-based detection approaches. The results highlight effectiveness and potential of dynamic topology analysis in the early warning of malware propagation in the enterprise environment.