CN107395598B - Self-adaptive defense method for inhibiting virus propagation - Google Patents
Self-adaptive defense method for inhibiting virus propagation Download PDFInfo
- Publication number
- CN107395598B CN107395598B CN201710611414.1A CN201710611414A CN107395598B CN 107395598 B CN107395598 B CN 107395598B CN 201710611414 A CN201710611414 A CN 201710611414A CN 107395598 B CN107395598 B CN 107395598B
- Authority
- CN
- China
- Prior art keywords
- node
- infected
- virus
- nodes
- level security
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
- H04L63/145—Countermeasures against malicious traffic the attack involving the propagation of malware through the network, e.g. viruses, trojans or worms
Abstract
The invention relates to a self-adaptive defense method for inhibiting virus propagation, belonging to the technical field of network security. The method comprises the following steps: s1: initializing a network system; s2: viral infection; s3: a node state detection process; s4: an adaptive defense process; s5: and analyzing factors influencing virus propagation in the network system. The invention determines whether the computer with low security level is upgraded to the computer with high security level with a certain probability by setting the threshold value of the virus number. The invention can effectively reduce the number of viruses in the network system and inhibit the spread of the viruses.
Description
Technical Field
The invention belongs to the technical field of network security, and particularly relates to a self-adaptive defense method for inhibiting virus propagation.
Background
With the rapid development of information and communication technologies, the internet has become a necessity in our daily life. The characteristics of openness, interactivity, dispersity and the like of the device well meet the requirements of people on sharing, openness, flexibility, quickness and the like. However, due to these characteristics of the internet, many network security problems are inevitably generated, which seriously affect our lives and even personal safety. Currently, the era of electronic commerce has come, and network security has become a major concern while enjoying the convenience of the internet. It is clear that how to control the spread of computer viruses is a very important and meaningful topic.
At present, antivirus software is still the most effective method for controlling computer virus propagation. However, due to its limitations, especially with respect to the emergence of new viruses, new versions of antivirus software are always developed and applied later, which indicates that antivirus software has a time lag in inhibiting virus propagation. By taking the modeling idea of biological viruses as a reference, students propose a plurality of computer virus propagation dynamic models which are used as an important method for researching virus propagation behaviors from a macroscopic level and well make up the defects of antivirus software.
However, in the previously proposed virus propagation models, the influence of computer security defense capability on virus propagation is not taken into account. It is known that in network systems, computers have differences in security defense capabilities due to different properties and purposes, and the differences directly affect the propagation rate of viruses in the system. Therefore, it is a very meaningful task to utilize epidemic dynamics modeling to study the effect of computer security defense capacity on virus transmission and provide theoretical guidance for inhibiting virus transmission.
Disclosure of Invention
In view of the above, the present invention provides an adaptive defense method for inhibiting virus propagation, which is based on a computer security defense capability level and can inhibit virus propagation, aiming at the problem that the influence of computer security defense capability on virus propagation is not considered in the existing virus propagation model.
In order to achieve the purpose, the invention provides the following technical scheme:
an adaptive defense method for inhibiting viral transmission, comprising the steps of:
s1: initializing a network system: setting node state in network system to low-level security state SLOr high level security state SHOr infected state I; wherein, the low level security state SLAnd high level security state SHThe nodes of (2) can be infected by viruses with different probabilities; the infected node I can infect adjacent nodes and is cured with a certain probability gamma; setting various parameters including probability b of external computer entering system and high-level safety state SHNode transformation into a lower-level security state SLProbability of nodes δ, probability of each node being removed from the system μ;
s2 Virus infection-each infected I node was treated with β1、β2Probability of infecting the low-level security state S adjacent theretoLNode and high level security state SHA node;
s3: and (3) node state detection process: detecting whether each node is infected by the virus and converted into an infected node I, and counting the number of the nodes;
s4: the self-adaptive defense process comprises the following steps: if the number of the infected I nodes is less than a set threshold value, no upgrading measures are taken; if the number of the infected state I nodes is larger than the threshold value, the low-level security state S in the system is enabledLNode rises with a certain probabilityHigh level security state SHThe number of the nodes is increased along with the increase of the number of the infected I nodes, the upgrading probability is larger, the upgrading probability is in linear proportional relation with the number of the I nodes, and the proportionality coefficient is α;
s5: and analyzing factors influencing virus propagation in the network system.
Further, in step S2, a low level security state SLThe probability of the node being infected by the virus is higher than the high-level security state SHNodes, i.e. β1>β2。
Further, the step S3 and the step S4 are performed simultaneously; in step S4, a threshold value I of the number of viruses is givenmaxAnd a non-linear function f (I) with respect to I when the number of viruses in the system is less than ImaxWhen f (I) is 0; when the number of viruses in the system is greater than or equal to ImaxWhen f (I) is α I.
Further, the step S5 is executed when b, β1、β2When the amount of the virus in the system is increased and the delta is reduced at α, the number of the virus in the system is increased, the virus transmission is accelerated, and when the delta is reduced, the virus transmission is inhibited.
The invention has the beneficial effects that: aiming at the problem that the existing virus propagation model does not consider the influence of the computer security defense capacity on virus propagation, the method is based on the difference of the security defense capacities among computers and divides the security defense capacity of the computers into two types: a low level and a high level. On the basis, whether the computer with the low security level is upgraded to the computer with the high security level with a certain probability is determined by setting a threshold value of the number of viruses. The invention can effectively reduce the number of viruses in the network system and inhibit the spread of the viruses.
Drawings
In order to make the object, technical scheme and beneficial effect of the invention more clear, the invention provides the following drawings for explanation:
FIG. 1 is a flow chart of the present invention;
FIG. 2 is a state transition diagram of a virus propagation model;
FIG. 3 is a flow chart of an adaptive defense process;
FIG. 4 is a simulation analysis (1);
fig. 5 is a simulation analysis (2).
Detailed Description
Preferred embodiments of the present invention will be described in detail below with reference to the accompanying drawings.
As shown in fig. 1-3, the present invention discloses an adaptive defense method for inhibiting virus transmission, which comprises the following steps:
s1: initializing a network system: setting node state in network system to low-level security state SLOr high level security state SHOr infected state I; wherein, the low level security state SLAnd high level security state SHThe nodes of (2) can be infected by viruses with different probabilities; the infected node I can infect adjacent nodes and is cured with a certain probability gamma; setting various parameters including probability b of external computer entering system and high-level safety state SHNode transformation into a lower-level security state SLProbability of node, δ, low level security state SLUpgrading node to high-level security state SHProbability of nodes α, probability of each node being removed from the system μ;
s2 Virus infection-each infected I node was treated with β1、β2Probability of infecting the low-level security state S adjacent theretoLNode and high level security state SHA node;
s3: and (3) node state detection process: detecting whether each node is infected by the virus and converted into an infected node I, and counting the number of the nodes;
s4: the self-adaptive defense process comprises the following steps: if the number of the infected I nodes is less than a set threshold value, no upgrading measures are taken; if the number of the infected state I nodes is larger than the threshold value, the low-level security state S in the system is enabledLThe node is upgraded to a high-level security state S with a certain probabilityHA node;
s5: and analyzing factors influencing virus propagation in the network system.
In step S2, a low level security state SLThe probability of the node being infected by the virus is higher than the high-level security stateSHNodes, i.e. β1>β2。
The step S3 and the step S4 are performed simultaneously; in step S4, a threshold value I of the number of viruses is givenmaxAnd a non-linear function f (I) with respect to I when the number of viruses in the system is less than ImaxWhen f (I) is 0; when the number of viruses in the system is greater than or equal to ImaxWhen f (I) is α I.
The step S5 is specifically carried out when b, β1、β2When the amount of the virus in the system is increased and the delta is reduced at α, the number of the virus in the system is increased, the virus transmission is accelerated, and when the delta is reduced, the virus transmission is inhibited.
the step S5 is specifically carried out when b, β1、β2When α, gamma is increased and delta is decreased, the number of viruses in the system is decreased, and the virus transmission is inhibited.
Wherein S isL、SHAnd I represents the number of computers in the respective chambers at the present moment, the basic regeneration number
Order SL+SH+I=N*The above equation can be simplified to the following expression:
when 0 is less than or equal to I<ImaxThen, one can obtain:
When I ismaxWhen the ratio is less than or equal to I, the following can be obtained:
the system eventually settles at the toxic equilibrium pointAnd toxic equilibrium pointCompared with toxic equilibrium pointThe number of viruses is obviously reduced.
In the following we will select suitable parameters and prove such results through simulation experiments.
(1) Let parameter b be 0.1, δ be 0.01, β 1 be 0.3, β 2 be 0.1, μ be 0.1, γ be 0.1, Imax=0.4。
As shown in fig. 4, I in this case<ImaxIt can be seen that the system eventually settles at the toxic equilibrium point
(2) Let parameter b be 0.1, α be 0.5, δ be 0.01, β 1 be 0.3, β 2 be 0.1, μ be 0.1, γ be 0.1, Imax=0.1。
As shown in fig. 5, I in this casemax<I, it can be seen that the system eventually stabilizes at the toxic equilibrium point
From the comparison results of the above two simulation experiments, the number of viruses is obviously reduced after the upgrade measures are implemented, which is enough to show that the adaptive defense method for inhibiting virus propagation provided by the invention can effectively control the propagation of the virus in the network system.
Finally, it is noted that the above-mentioned preferred embodiments illustrate rather than limit the invention, and that, although the invention has been described in detail with reference to the above-mentioned preferred embodiments, it will be understood by those skilled in the art that various changes in form and detail may be made therein without departing from the scope of the invention as defined by the appended claims.
Claims (4)
1. An adaptive defense method for inhibiting viral transmission, characterized by: the method comprises the following steps:
s1: initializing a network system: setting node state in network system to low-level security state SLOr high level security state SHOr infected state I; wherein, the low level security state SLAnd high level security state SHThe nodes of (2) can be infected by viruses with different probabilities; the infected node I can infect adjacent nodes and is cured with a certain probability gamma; setting various parameters including probability b of external computer entering system and high-level safety state SHNode transformation into a lower-level security state SLProbability of nodes δ, probability of each node being removed from the system μ;
s2 Virus infection-each infected I node was treated with β1、β2Probability of infecting the low-level security state S adjacent theretoLNode and high level security state SHA node;
s3: and (3) node state detection process: detecting whether each node is infected by the virus and converted into an infected node I, and counting the number of the nodes;
s4: the self-adaptive defense process comprises the following steps: if the number of the infected I nodes is less than the set threshold value, not collectingTaking an upgrading measure; if the number of the infected state I nodes is larger than the threshold value, the low-level security state S in the system is enabledLThe node is upgraded to a high-level security state S with a certain probabilityHThe number of the nodes is increased along with the increase of the number of the infected I nodes, the upgrading probability is larger, the upgrading probability is in linear proportional relation with the number of the I nodes, and the proportionality coefficient is α;
s5: and analyzing factors influencing virus propagation in the network system.
2. An adaptive defence method to inhibit the spread of viruses according to claim 1, characterised in that: in step S2, a low level security state SLThe probability of the node being infected by the virus is higher than the high-level security state SHNodes, i.e. β1>β2。
3. An adaptive defence method to inhibit the spread of viruses according to claim 1, characterised in that: the step S3 and the step S4 are performed simultaneously; in step S4, a threshold value I of the number of viruses is givenmaxAnd a non-linear function f (I) with respect to I when the number of viruses in the system is less than ImaxWhen f (I) is 0; when the number of viruses in the system is greater than or equal to ImaxWhen f (I) is α I;
4. the adaptive defense method for inhibiting virus propagation according to claim 1, wherein the step S5 is specifically defined as b, β1、β2When the amount of the virus in the system is increased and the delta is reduced at α, the number of the virus in the system is increased, the virus transmission is accelerated, and when the delta is reduced, the virus transmission is inhibited.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201710611414.1A CN107395598B (en) | 2017-07-25 | 2017-07-25 | Self-adaptive defense method for inhibiting virus propagation |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201710611414.1A CN107395598B (en) | 2017-07-25 | 2017-07-25 | Self-adaptive defense method for inhibiting virus propagation |
Publications (2)
Publication Number | Publication Date |
---|---|
CN107395598A CN107395598A (en) | 2017-11-24 |
CN107395598B true CN107395598B (en) | 2020-06-19 |
Family
ID=60336840
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201710611414.1A Active CN107395598B (en) | 2017-07-25 | 2017-07-25 | Self-adaptive defense method for inhibiting virus propagation |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN107395598B (en) |
Families Citing this family (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN108121916B (en) * | 2017-12-15 | 2021-07-20 | 重庆邮电大学 | Computer virus propagation defense method under multi-level security protection level |
CN108833429B (en) * | 2018-06-28 | 2020-08-14 | 广东电网有限责任公司 | Method, device and storage medium for acquiring virus immunity strategy of power communication network |
CN113032782A (en) * | 2021-03-09 | 2021-06-25 | 中国人民解放军空军工程大学 | Virus transmission inhibition method |
CN113852607B (en) * | 2021-09-01 | 2023-06-13 | 中国铁道科学研究院集团有限公司 | Method and device for evaluating network security performance |
Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101304321A (en) * | 2008-07-09 | 2008-11-12 | 南京邮电大学 | Method for defending equity network virus based on trust |
US8347394B1 (en) * | 2009-07-15 | 2013-01-01 | Trend Micro, Inc. | Detection of downloaded malware using DNS information |
CN105357200A (en) * | 2015-11-09 | 2016-02-24 | 河海大学 | Network virus transmission behavior modeling method |
WO2016172514A1 (en) * | 2015-04-24 | 2016-10-27 | Siemens Aktiengesellschaft | Improving control system resilience by highly coupling security functions with control |
CN106599691A (en) * | 2016-12-23 | 2017-04-26 | 贾志娟 | Computer virus spreading source tracing method based on complex network |
-
2017
- 2017-07-25 CN CN201710611414.1A patent/CN107395598B/en active Active
Patent Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101304321A (en) * | 2008-07-09 | 2008-11-12 | 南京邮电大学 | Method for defending equity network virus based on trust |
US8347394B1 (en) * | 2009-07-15 | 2013-01-01 | Trend Micro, Inc. | Detection of downloaded malware using DNS information |
WO2016172514A1 (en) * | 2015-04-24 | 2016-10-27 | Siemens Aktiengesellschaft | Improving control system resilience by highly coupling security functions with control |
CN105357200A (en) * | 2015-11-09 | 2016-02-24 | 河海大学 | Network virus transmission behavior modeling method |
CN106599691A (en) * | 2016-12-23 | 2017-04-26 | 贾志娟 | Computer virus spreading source tracing method based on complex network |
Non-Patent Citations (1)
Title |
---|
计算机病毒传播模型及其防御方法研究;孟敬;《软件导刊》;20131130;全文 * |
Also Published As
Publication number | Publication date |
---|---|
CN107395598A (en) | 2017-11-24 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN107395598B (en) | Self-adaptive defense method for inhibiting virus propagation | |
RU2758041C2 (en) | Constant training for intrusion detection | |
US11200318B2 (en) | Methods and apparatus to detect adversarial malware | |
US11882134B2 (en) | Stateful rule generation for behavior based threat detection | |
CN107566387A (en) | Cyber-defence action decision method based on attacking and defending evolutionary Game Analysis | |
EP3270319A1 (en) | Method and apparatus for generating dynamic security module | |
CN110362995B (en) | Malicious software detection and analysis system based on reverse direction and machine learning | |
CN111552971A (en) | Malicious software family classification evasion method based on deep reinforcement learning | |
CN113741309A (en) | Dual-dynamic event trigger controller model design method based on observer | |
Nguyen et al. | Toward a deep learning approach for detecting php webshell | |
US10623426B1 (en) | Building a ground truth dataset for a machine learning-based security application | |
CN111092912B (en) | Security defense method and device | |
CN114169409A (en) | Countermeasure sample generation method and device | |
CN117940936A (en) | Method and apparatus for evaluating robustness against | |
Li et al. | Deep learning algorithms for cyber security applications: A survey | |
Lecuyer et al. | On the connection between differential privacy and adversarial robustness in machine learning | |
Kumar et al. | Stacking ensemble-based HIDS framework for detecting anomalous system processes in windows based operating systems using multiple word embedding | |
CN111881446B (en) | Industrial Internet malicious code identification method and device | |
Lee et al. | Adaptive mitigation of multi-virus propagation: A passivity-based approach | |
CN108121916B (en) | Computer virus propagation defense method under multi-level security protection level | |
Kumar et al. | Detection of malware using deep learning techniques | |
CN112764791B (en) | Incremental update malicious software detection method and system | |
CN110225019B (en) | Network security processing method and device | |
Lu et al. | Stealthy malware detection based on deep neural network | |
CN117441168A (en) | Method and apparatus for resistance attack in deep reinforcement learning |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |