CN101719201B - Enhanced index tree-based quick virus immunizing document distribution method - Google Patents

Enhanced index tree-based quick virus immunizing document distribution method Download PDF

Info

Publication number
CN101719201B
CN101719201B CN2009102125123A CN200910212512A CN101719201B CN 101719201 B CN101719201 B CN 101719201B CN 2009102125123 A CN2009102125123 A CN 2009102125123A CN 200910212512 A CN200910212512 A CN 200910212512A CN 101719201 B CN101719201 B CN 101719201B
Authority
CN
China
Prior art keywords
node
virus
index tree
immunizing
descendant
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Expired - Fee Related
Application number
CN2009102125123A
Other languages
Chinese (zh)
Other versions
CN101719201A (en
Inventor
徐小龙
熊婧夷
梅哲滔
姜民明
梁成
程春玲
章韵
陈丹伟
毛建平
张旻
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Nanjing Post and Telecommunication University
Original Assignee
Nanjing Post and Telecommunication University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Nanjing Post and Telecommunication University filed Critical Nanjing Post and Telecommunication University
Priority to CN2009102125123A priority Critical patent/CN101719201B/en
Publication of CN101719201A publication Critical patent/CN101719201A/en
Application granted granted Critical
Publication of CN101719201B publication Critical patent/CN101719201B/en
Expired - Fee Related legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Landscapes

  • Medicines Containing Plant Substances (AREA)
  • Document Processing Apparatus (AREA)

Abstract

In order to solve the more and more serious problems of network virus spreading, network virus infection and network virus attacks, the invention provides an enhanced index tree-based quick virus immunizing document distribution method capable of being adopted to improve the network virus resisting capacity of each host node in an Internet-based open network computing environment. The method comprises the following steps: firstly, according to discovered network viruses, manufacturing virus immunizing documents of which each comprises a patch program and a virus library updating program by an anti-virus central node set by an authoritative antivirus organization; and then quickly distributing the virus immunizing documents based on a new enhanced index tree through resource sharing and communication channels of a network so that each node in the network can quickly acquire the virus immunizing documents to be patched and update a virus library to be immunized as soon as possible, thereby quickly enhancing the new virus resisting capacity of most of the nodes in the network, effectively solving the problems of virus spreading, virus infection and virus attacks in the Internet environment and reducing the degree of the harm of the viruses to a network system.

Description

A kind of based on the quick virus immunizing document distribution method that strengthens index tree
Technical field
The present invention improves the defensive ability/resistance ability of each host node to internet worm in the open network computing environment based on the internet a kind of being used for, and is adoptable a kind of based on the quick virus immunizing document distribution method that strengthens index tree.Present technique belongs to the interleaving techniques application of information security, infosystem, computer network and computer software.
Background technology
Destruction computer function or the clobber that the computeritis toxogen refers in computer program, to insert, influence that computing machine uses and a kind of computer instruction or program code that can self-replacation, be divided into several kinds of virus, worm-type virus and script virus etc. that the virus, the running background that infect executable file carry out malice control and destruction.
The internet has just received users' welcome since being born, every day the whole world all have thousands of netizen through network communicate, exchange resource, shared file.Resource sharing capability that the internet is outstanding and communication function provide natural hotbed for the propagation and the infection of virus.Number of nodes in the internet is very big; Therefore the virus of propagating through internet and application system thereof, involve that scope is big, broad covered area; Just can cause network congestion even paralysis, shared information dropout, confidential information to have things stolen at short notice; Even whole network all controlled by this virus fully, and causes tremendous loss.
Popularizing of network and further developing of network technology unite two into one viral production person and hacker, and they utilize multiple means and approach to carry out transmitted virus; The attacking system leak; Utilize leak to carry out virus disseminating, resident back door and trojan horse program cause systemic breakdown and network blockage.The virus of attacking anti-viral software in recent years is also more and more, and Win32.Yaha.C is a typical virus of attacking anti-viral software; Virus such as KLEZ.H, Chinese hacker can be monitored the process of oneself, and one finds that the process of oneself is killed, and just restarts process immediately.The development of present internet worm constantly proposes new challenge to anti-viral software.
The wide-scale distribution of computer virus; Promoted the development of antivirus techniques, impelled the research and development of different anti-viral softwares, defense mechanism also crosses the virus defense of network level from traditional unit virus defense; Defend the virus killing of fixed point gateway from simple multimachine, the pattern of virus defense grows a lot.The appearance of new antivirus techniques forces computer virus to upgrade its technology more again.
Traditional antivirus software is at first will find and confirm a virus basically, then, takes precautions against again, does not have effective way to tackle the distortion of various viruses, to having merged the virus of hacking technique, can not effectively take precautions against.New theory is based on the characteristic of a large amount of virus, episode process, propagation is changed on the basis of statistics; Set up the control strategy mathematical model; Take method disaggregatedly, effectively solve and use the various viruses that thought of the same race is developed, can greatly improve reaction time new virus.Because this method realizes through suppressing viral design philosophy, therefore, this is in the contest of whole concept aspect between a kind of viral fabricator and the security expert.New anti-viral software is not only according to the viral code in the virus database computing machine to be scanned; But the various processes that computing machine moved, various operation are monitored; There is typical virus characteristic if find certain incident or a certain operation; Or to computing machine existence harm, these incidents or operation will be prevented from so, are able to more effectively protect computing machine not receive the invasion of new virus.
In addition, anti-viral software has existed for a long time as a software product independently; But, because viral fabricator utilizes the leak and the hacking technique of operating system more and more, therefore; Become a kind of inevitable with combining closely of operating system: on the one hand; Can help operating system to reduce leak, on the other hand, also can further improve operational efficiency and softwarecompatible degree.On commercial angle, safety technique can incorporate various application systems, reduces the security breaches of application system self, simultaneously, also can personalized more security service be provided for the user.
Summary of the invention
Technical matters: the present invention improves the defensive ability/resistance ability of each host node to internet worm in the open network computing environment based on the internet a kind of being used for, and is adoptable based on the quick virus immunizing document distribution method that strengthens index tree.Method can be to carrying out the granting of virus immunizing document fast based on a kind of new enhancing index tree; Most nodes are resisted the ability of new virus in the rapid enhancing network; Thereby effectively solve virus disseminating and attack problem in the internet environment, reduce the extent of injury of virus network system.
Technical scheme: the present invention mainly be in order to make each node in the network to obtain virus immunizing document fast in case as early as possible patch installing and upgrading virus base propose to obtain immunity a kind of based on the quick virus immunizing document distribution method that strengthens index tree.
Be that the root node construction strengthens index tree at first with the anti-virus Centroid:
Step 1. makes up 0 initial rank index tree with the anti-virus Centroid;
Step 2. is that root node adds a descendant node with the anti-virus Centroid, generates 1 rank index tree;
Step 3. is at first sought its backup node for this descendant node; Forerunner's node of this descendant node is as empty forerunner's node of backup node; For each node adds a descendant node, this descendant node generates 2 rank thus and strengthens index tree also as the empty descendant node of backup node then;
Step 4. step 3 repeatedly is total to N-1 hyposynchronization, finally obtains the N rank and strengthens index tree;
In the enhancing index tree on N rank, when N=0, promptly have only the anti-virus Centroid, number of nodes is 1;
When N>0, the quantity of node is 2 N+1-2 N-1-1;
According to strengthening index tree, virus immunizing document will be distributed according to following flow process:
The transmission virus immunizing document that step 5. anti-virus Centroid walks abreast is to its descendant node, and transmission virus immunizing document message is given the backup node of anti-virus Centroid immediate successor node;
Each node of step 6. is after obtaining virus immunizing document; After upgrading local local immune system; At once virus immunizing document is walked abreast and be sent to the backup node of this node and the descendant node of this node, and send the backup node that virus immunizing document message is given the descendant node of this node;
Each node of step 7. also must send forerunner's node and the backup node thereof that response message is given this node after upgrading local local immune system;
Repeating step 5, step 6, thereby all nodes in the immunostimulant index tree.
In the step 6, under the situation that failure node occurred, i.e. node 1Lost efficacy, then node 3 is as node 1The timeslice of backup node after obtaining the virus immunizing document message of anti-virus Centroid in do not receive node 1The virus immunizing document of sending, then decision node at once 1Lost efficacy, and with the descendant node that oneself transfers the anti-virus Centroid to, and be original node oneself empty descendant node 1Descendant node transfer descendant node to, seek new backup node then, and the descendant node of oneself and the information of forerunner's node passed to new backup node, simultaneously the information of new backup node is passed to descendant node and the forerunner's node of oneself.
Beneficial effect: a kind of quick virus immunizing document distribution method based on the enhancing index tree that the present invention proposes can be preferential, reaches following effect:
(1) stability of system is able to promote.Owing to adopted back mechanism, realized strengthening the quick reparation of index tree, and avoided all descendant nodes of failure node to lose because of the fracture in path by the chance of immunity.
(2) virus immunizing document distribution efficient is higher.Compare with the index tree of identical exponent number, strengthen index tree and obviously comprised more node number, from the anti-virus Centroid, the longest migration path of virus immunizing document can immune at faster speed most of node than short in index tree.
Description of drawings
Fig. 1 is 3 rank index tree synoptic diagram.
Fig. 2 is that 3 rank strengthen the index tree synoptic diagram.
Embodiment
One, based on the virus immunizing document distribution mechanisms of anti-virus Centroid
Open network computing environment based on the internet is the network system of a height profile formula, self-organization, and each node wherein is a body one by one, and individual connection of all nodes becomes network colony; The internet worm that exists in the network is as with the pathogen in the coenocorrelation.For effective defending against network virus reduces loss, must make each node patch installing and upgrading virus base in the network fast to obtain immunity.Therefore; Desirable solution is to organize the anti-virus Centroid that is provided with to make the virus immunizing document that comprises patch and virus base ROMPaq according to the internet worm of finding by authoritative anti-virus; Resource sharing and communications conduit through network are distributed to each node rapidly with virus immunizing document, and this just forms large-scale active immunity network in network.Virus immunizing document should possess in the remote node strange land and unpacks installation function, is that node is installed patch and upgrading virus base etc.
The effect of anti-virus Centroid is similar to the central immune organ in the Immune System, is that various immunocytes take place, break up and ripe place; The main task of anti-virus Centroid is to be responsible for coming constantly to strengthen whole network virus immunization ability according to the virus differentiation situation in the network, and main means are internet worm defense modules of more new node.
Two, a kind of new enhancing index tree
Key of problem is that virus immunizing document is provided each node in the network fast, if can make each node obtain immunity as early as possible at the internet worm initial stage of propagating, just can effectively block the propagation of internet worm, reduces loss.The present invention proposes a kind of new virus immunizing document distribution method based on the enhancing index tree, specifically describes below.
Method is that root node is built the conventional indexes tree with the anti-virus Centroid at first.
Step 1 makes up 0 initial rank index tree with the anti-virus Centroid;
Step 2 is that root node makes up i rank index tree with the anti-virus Centroid, and for each node adds a descendant node, generates i+1 rank index tree thus;
Step 3 is step 2N hyposynchronization repeatedly, finally obtains N rank index tree, and as shown in Figure 1 is the 3 rank index trees that make N=3.
Obviously, the number of nodes of N rank index tree is 2 NIf the number of nodes in the system is 2 just NIndividual, be start node then with the anti-virus Centroid, in system, do not exist under the situation of failure node, the time delay of distributing virus immunizing document according to index tree is N.If the node number in the system is greater than 2 NAnd less than 2 N+1, then after having made up N rank index tree, then with remaining 2 N+1-2 NIndividual node makes up the descendant node that flow process is added to the index tree upper layer node as far as possible by above-mentioned index tree.
In based on the open network system of internet, make up the stability of the system that influences because of the existence of failure node easily as the index tree of virus immunizing document distribution foundation, promptly all descendant nodes of failure node will lose because of the fracture in path by the chance of immunity.The present invention proposes a kind of new enhancing index tree to strengthen the stability of diffusion tree.
Method is that the root node construction strengthens index tree with the anti-virus Centroid at first still:
Step 1 makes up 0 initial rank index tree with the anti-virus Centroid;
Step 2 is that root node adds a descendant node with the anti-virus Centroid, generates 1 rank index tree;
Step 3 is at first sought its backup node for this descendant node; Forerunner's node of this descendant node is as empty forerunner's node of backup node; For each node adds a descendant node, this descendant node generates 2 rank thus and strengthens index tree also as the empty descendant node of backup node then;
Step 4 step 3 repeatedly is total to N-1 hyposynchronization, finally obtains the N rank and strengthens index tree, and as shown in Figure 2 is to make 3 rank of N=3 strengthen index tree.
Three, based on the virus immunizing document distribution method that strengthens index tree
In the enhancing index tree on N rank, when N=0, promptly have only the anti-virus Centroid, number of nodes is 1; When N>0, the quantity of node is 2 N+1-2 N-1-1.
According to strengthening index tree, virus immunizing document will be distributed according to following flow process:
The transmission virus immunizing document that step 1 anti-virus Centroid walks abreast is to its descendant node, and transmission virus immunizing document message is given the backup node of anti-virus Centroid immediate successor node;
Each node of step 2 is after obtaining virus immunizing document; After upgrading local local immune system; At once virus immunizing document is walked abreast and be sent to its backup node and its descendant node, and send the backup node that virus immunizing document message is given its descendant node;
Each node of step 3 also must send response message and give its forerunner's node and its backup node after upgrading local local immune system.
Repeating step 2, step 3, thereby all nodes in the immunostimulant index tree.
Suppose to have occurred failure node, as in Fig. 2, node 1Lost efficacy, then node 3 is as node 1The timeslice of backup node after obtaining the virus immunizing document message of anti-virus Centroid in do not receive node 1The virus immunizing document of sending, then decision node at once 1Lost efficacy, and with the descendant node that oneself transfers the anti-virus Centroid to, and (be original node oneself empty descendant node 1Descendant node) transfer descendant node to.Seek new backup node then, and the descendant node of oneself and the information of forerunner's node are passed to new backup node, simultaneously the information of new backup node is passed to descendant node and the forerunner's node of oneself, thereby realize strengthening the reparation of index tree.
In addition, compare, strengthen index tree and obviously comprised more node number with the index tree of identical exponent number.If conventional indexes tree is K rank t, is the N rank and strengthen the index tree number, if then 2 N+1-2 N-1-1=2 K, N is so:
N = log 2 ( 2 K + 1 + 2 3 )
Under the situation of same node point number, it is more flat to strengthen index tree.This just means also that from the anti-virus Centroid the longest migration path of virus immunizing document is than short in index tree.
The present invention proposes a kind of new virus immunizing document distribution method based on the enhancing index tree, and embodiment is divided into two parts.
(1) be that the root node construction strengthens index tree with the anti-virus Centroid earlier
Concrete steps are:
Step 1 makes up 0 initial rank index tree with the anti-virus Centroid;
Step 2 is that root node adds a descendant node with the anti-virus Centroid, generates 1 rank index tree;
Step 3 is at first sought its backup node for this descendant node; Forerunner's node of this descendant node is as empty forerunner's node of backup node; For each node adds a descendant node, this descendant node generates 2 rank thus and strengthens index tree also as the empty descendant node of backup node then;
Step 4 step 3 repeatedly is total to N-1 hyposynchronization, finally obtains the N rank and strengthens index tree, and as shown in Figure 2 is to make 3 rank of N=3 strengthen index tree.
(2) based on the virus immunizing document distribution flow that strengthens index tree
In the enhancing index tree on N rank, when N=0, promptly have only the anti-virus Centroid, number of nodes is 1;
When N>0, the quantity of node is 2 N+1-2 N-1-1.
According to strengthening index tree, virus immunizing document will be distributed according to following flow process:
The descendant node of transmission virus immunizing document to this node that step 5 anti-virus Centroid is parallel, and send the backup node that virus immunizing document message is given anti-virus Centroid immediate successor node;
Each node of step 6 is after obtaining virus immunizing document; After upgrading local local immune system; At once virus immunizing document is walked abreast and be sent to the backup node of this node and its descendant node, and send the backup node that virus immunizing document message is given the descendant node of this node;
Each node of step 7 also must send response message and give forerunner's node of this node and its backup node after upgrading local local immune system.
Repeating step 5, step 6, thereby all nodes in the immunostimulant index tree.
Suppose to have occurred failure node, like node 1Lost efficacy, then node 3As node 1The timeslice of backup node after obtaining the virus immunizing document message of anti-virus Centroid in do not receive node 1The virus immunizing document of sending, then decision node at once 1Lost efficacy, and with the descendant node that oneself transfers the anti-virus Centroid to, and (be original node oneself empty descendant node 1Descendant node) transfer descendant node to.Seek new backup node then, and the descendant node of oneself and the information of forerunner's node are passed to new backup node, simultaneously the information of new backup node is passed to descendant node and the forerunner's node of oneself, thereby realize strengthening the reparation of index tree.

Claims (2)

  1. One kind in network node, use based on the quick virus immunizing document distribution method that strengthens index tree, it is characterized in that being that the root node construction strengthens index tree at first with the anti-virus Centroid:
    Step 1. makes up 0 initial rank index tree with the anti-virus Centroid;
    Step 2. is that root node adds a descendant node with the anti-virus Centroid, generates 1 rank index tree;
    Step 3. is at first sought its backup node for this descendant node; Forerunner's node of this descendant node is as empty forerunner's node of backup node; Be that each node except backup node adds a descendant node then; This descendant node also as its empty descendant node of backup node of forerunner's node, generates 2 rank thus and strengthens index tree;
    Step 4. step 3 repeatedly is total to N-1 hyposynchronization, finally obtains the N rank and strengthens index tree;
    In the enhancing index tree on N rank, when N=0, promptly have only the anti-virus Centroid, number of nodes is 1; When N>0, the quantity of node is 2 N+1-2 N-1-1;
    According to strengthening index tree, virus immunizing document will be distributed according to following flow process:
    The transmission virus immunizing document that step 5. anti-virus Centroid walks abreast is to its descendant node, and transmission virus immunizing document message is given the backup node of anti-virus Centroid immediate successor node;
    Each node of step 6. is after obtaining virus immunizing document; After upgrading local local immune system; At once virus immunizing document is walked abreast and be sent to the backup node of this node and the descendant node of this node, and send the backup node that virus immunizing document message is given the descendant node of this node;
    Each node of step 7. also must send forerunner's node and the backup node thereof that response message is given this node after upgrading local local immune system;
    Repeating step 6, step 7, thereby all nodes in the immunostimulant index tree.
  2. 2. according to claim 1ly it is characterized in that in the step 6 based on the quick virus immunizing document distribution method that strengthens index tree, under the situation that failure node occurred, i.e. node 1Lost efficacy, then node 3As node 1The timeslice of backup node after obtaining the virus immunizing document message of anti-virus Centroid in do not receive node 1The virus immunizing document of sending, then decision node at once 1Lost efficacy, and with the descendant node that oneself transfers the anti-virus Centroid to, and be original node oneself empty descendant node 1Descendant node transfer descendant node to, seek new backup node then, and the descendant node of oneself and the information of forerunner's node passed to new backup node, simultaneously the information of new backup node is passed to descendant node and the forerunner's node of oneself.
CN2009102125123A 2009-11-12 2009-11-12 Enhanced index tree-based quick virus immunizing document distribution method Expired - Fee Related CN101719201B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN2009102125123A CN101719201B (en) 2009-11-12 2009-11-12 Enhanced index tree-based quick virus immunizing document distribution method

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN2009102125123A CN101719201B (en) 2009-11-12 2009-11-12 Enhanced index tree-based quick virus immunizing document distribution method

Publications (2)

Publication Number Publication Date
CN101719201A CN101719201A (en) 2010-06-02
CN101719201B true CN101719201B (en) 2012-02-01

Family

ID=42433774

Family Applications (1)

Application Number Title Priority Date Filing Date
CN2009102125123A Expired - Fee Related CN101719201B (en) 2009-11-12 2009-11-12 Enhanced index tree-based quick virus immunizing document distribution method

Country Status (1)

Country Link
CN (1) CN101719201B (en)

Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101331492A (en) * 2005-12-13 2008-12-24 美商内数位科技公司 Method and system for protecting user data in a node

Patent Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101331492A (en) * 2005-12-13 2008-12-24 美商内数位科技公司 Method and system for protecting user data in a node

Also Published As

Publication number Publication date
CN101719201A (en) 2010-06-02

Similar Documents

Publication Publication Date Title
Nikiforakis et al. SessionShield: Lightweight protection against session hijacking
Criscuolo Distributed Denial of Service: Trin 00, Tribe Flood Network, Tribe Flood Network 2000, and Stacheldraht CIAC-2319
Provos et al. Cybercrime 2.0: when the cloud turns dark
Song et al. A privacy-preserved full-text retrieval algorithm over encrypted data for cloud storage applications
CN107276986B (en) Method, device and system for protecting website through machine learning
CN103268438A (en) Android authority management method and system based on calling chain
CN108985566B (en) Electric power information physical fusion system elastic lifting strategy solving method
Liao et al. Feature extraction and construction of application layer DDoS attack based on user behavior
Zhao et al. A review on IoT botnet
CN101719201B (en) Enhanced index tree-based quick virus immunizing document distribution method
CN110032862B (en) Dynamic data protection method and device for preventing database attack
CN102130916B (en) Authority control method and device for page content level
CN115001839A (en) Information security protection system and method based on Internet big data
AU2022201610B2 (en) Dynamic cryptographic polymorphism (DCP) system and method
CN102790799B (en) Resource downloading method based on cloud security service
CN101169747A (en) Computer virus vaccine broadcasting method in distributed environment
CN108595479A (en) Web request processing method based on unified Web entrances
CN111563274B (en) Security guarantee system based on government affair big data
CN114006713A (en) Trust architecture for node diversity
Yu et al. A New Correlation Model of IoT Attack Based on Attack Tree
Bailey Malware resistant networking using system diversity
Tao et al. Trusted security immune model of power monitoring system
CN115051825B (en) Malicious software propagation defense method for heterogeneous equipment of Internet of things
Banerjee et al. Deceptive Ascent: How Attackers Poison Search Results
Liu et al. Background knowledge-resistant traffic padding for preserving user privacy in web-based applications

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C14 Grant of patent or utility model
GR01 Patent grant
CF01 Termination of patent right due to non-payment of annual fee

Granted publication date: 20120201

Termination date: 20141112

EXPY Termination of patent right or utility model