CN107395598B - Self-adaptive defense method for inhibiting virus propagation - Google Patents

Self-adaptive defense method for inhibiting virus propagation Download PDF

Info

Publication number
CN107395598B
CN107395598B CN201710611414.1A CN201710611414A CN107395598B CN 107395598 B CN107395598 B CN 107395598B CN 201710611414 A CN201710611414 A CN 201710611414A CN 107395598 B CN107395598 B CN 107395598B
Authority
CN
China
Prior art keywords
node
infected
virus
nodes
level security
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201710611414.1A
Other languages
Chinese (zh)
Other versions
CN107395598A (en
Inventor
罗文俊
李龙起
祝清意
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Chongqing University of Post and Telecommunications
Original Assignee
Chongqing University of Post and Telecommunications
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Chongqing University of Post and Telecommunications filed Critical Chongqing University of Post and Telecommunications
Priority to CN201710611414.1A priority Critical patent/CN107395598B/en
Publication of CN107395598A publication Critical patent/CN107395598A/en
Application granted granted Critical
Publication of CN107395598B publication Critical patent/CN107395598B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • H04L63/145Countermeasures against malicious traffic the attack involving the propagation of malware through the network, e.g. viruses, trojans or worms

Abstract

The invention relates to a self-adaptive defense method for inhibiting virus propagation, belonging to the technical field of network security. The method comprises the following steps: s1: initializing a network system; s2: viral infection; s3: a node state detection process; s4: an adaptive defense process; s5: and analyzing factors influencing virus propagation in the network system. The invention determines whether the computer with low security level is upgraded to the computer with high security level with a certain probability by setting the threshold value of the virus number. The invention can effectively reduce the number of viruses in the network system and inhibit the spread of the viruses.

Description

Self-adaptive defense method for inhibiting virus propagation
Technical Field
The invention belongs to the technical field of network security, and particularly relates to a self-adaptive defense method for inhibiting virus propagation.
Background
With the rapid development of information and communication technologies, the internet has become a necessity in our daily life. The characteristics of openness, interactivity, dispersity and the like of the device well meet the requirements of people on sharing, openness, flexibility, quickness and the like. However, due to these characteristics of the internet, many network security problems are inevitably generated, which seriously affect our lives and even personal safety. Currently, the era of electronic commerce has come, and network security has become a major concern while enjoying the convenience of the internet. It is clear that how to control the spread of computer viruses is a very important and meaningful topic.
At present, antivirus software is still the most effective method for controlling computer virus propagation. However, due to its limitations, especially with respect to the emergence of new viruses, new versions of antivirus software are always developed and applied later, which indicates that antivirus software has a time lag in inhibiting virus propagation. By taking the modeling idea of biological viruses as a reference, students propose a plurality of computer virus propagation dynamic models which are used as an important method for researching virus propagation behaviors from a macroscopic level and well make up the defects of antivirus software.
However, in the previously proposed virus propagation models, the influence of computer security defense capability on virus propagation is not taken into account. It is known that in network systems, computers have differences in security defense capabilities due to different properties and purposes, and the differences directly affect the propagation rate of viruses in the system. Therefore, it is a very meaningful task to utilize epidemic dynamics modeling to study the effect of computer security defense capacity on virus transmission and provide theoretical guidance for inhibiting virus transmission.
Disclosure of Invention
In view of the above, the present invention provides an adaptive defense method for inhibiting virus propagation, which is based on a computer security defense capability level and can inhibit virus propagation, aiming at the problem that the influence of computer security defense capability on virus propagation is not considered in the existing virus propagation model.
In order to achieve the purpose, the invention provides the following technical scheme:
an adaptive defense method for inhibiting viral transmission, comprising the steps of:
s1: initializing a network system: setting node state in network system to low-level security state SLOr high level security state SHOr infected state I; wherein, the low level security state SLAnd high level security state SHThe nodes of (2) can be infected by viruses with different probabilities; the infected node I can infect adjacent nodes and is cured with a certain probability gamma; setting various parameters including probability b of external computer entering system and high-level safety state SHNode transformation into a lower-level security state SLProbability of nodes δ, probability of each node being removed from the system μ;
s2 Virus infection-each infected I node was treated with β1、β2Probability of infecting the low-level security state S adjacent theretoLNode and high level security state SHA node;
s3: and (3) node state detection process: detecting whether each node is infected by the virus and converted into an infected node I, and counting the number of the nodes;
s4: the self-adaptive defense process comprises the following steps: if the number of the infected I nodes is less than a set threshold value, no upgrading measures are taken; if the number of the infected state I nodes is larger than the threshold value, the low-level security state S in the system is enabledLNode rises with a certain probabilityHigh level security state SHThe number of the nodes is increased along with the increase of the number of the infected I nodes, the upgrading probability is larger, the upgrading probability is in linear proportional relation with the number of the I nodes, and the proportionality coefficient is α;
s5: and analyzing factors influencing virus propagation in the network system.
Further, in step S2, a low level security state SLThe probability of the node being infected by the virus is higher than the high-level security state SHNodes, i.e. β12
Further, the step S3 and the step S4 are performed simultaneously; in step S4, a threshold value I of the number of viruses is givenmaxAnd a non-linear function f (I) with respect to I when the number of viruses in the system is less than ImaxWhen f (I) is 0; when the number of viruses in the system is greater than or equal to ImaxWhen f (I) is α I.
Further, the step S5 is executed when b, β1、β2When the amount of the virus in the system is increased and the delta is reduced at α, the number of the virus in the system is increased, the virus transmission is accelerated, and when the delta is reduced, the virus transmission is inhibited.
The invention has the beneficial effects that: aiming at the problem that the existing virus propagation model does not consider the influence of the computer security defense capacity on virus propagation, the method is based on the difference of the security defense capacities among computers and divides the security defense capacity of the computers into two types: a low level and a high level. On the basis, whether the computer with the low security level is upgraded to the computer with the high security level with a certain probability is determined by setting a threshold value of the number of viruses. The invention can effectively reduce the number of viruses in the network system and inhibit the spread of the viruses.
Drawings
In order to make the object, technical scheme and beneficial effect of the invention more clear, the invention provides the following drawings for explanation:
FIG. 1 is a flow chart of the present invention;
FIG. 2 is a state transition diagram of a virus propagation model;
FIG. 3 is a flow chart of an adaptive defense process;
FIG. 4 is a simulation analysis (1);
fig. 5 is a simulation analysis (2).
Detailed Description
Preferred embodiments of the present invention will be described in detail below with reference to the accompanying drawings.
As shown in fig. 1-3, the present invention discloses an adaptive defense method for inhibiting virus transmission, which comprises the following steps:
s1: initializing a network system: setting node state in network system to low-level security state SLOr high level security state SHOr infected state I; wherein, the low level security state SLAnd high level security state SHThe nodes of (2) can be infected by viruses with different probabilities; the infected node I can infect adjacent nodes and is cured with a certain probability gamma; setting various parameters including probability b of external computer entering system and high-level safety state SHNode transformation into a lower-level security state SLProbability of node, δ, low level security state SLUpgrading node to high-level security state SHProbability of nodes α, probability of each node being removed from the system μ;
s2 Virus infection-each infected I node was treated with β1、β2Probability of infecting the low-level security state S adjacent theretoLNode and high level security state SHA node;
s3: and (3) node state detection process: detecting whether each node is infected by the virus and converted into an infected node I, and counting the number of the nodes;
s4: the self-adaptive defense process comprises the following steps: if the number of the infected I nodes is less than a set threshold value, no upgrading measures are taken; if the number of the infected state I nodes is larger than the threshold value, the low-level security state S in the system is enabledLThe node is upgraded to a high-level security state S with a certain probabilityHA node;
s5: and analyzing factors influencing virus propagation in the network system.
In step S2, a low level security state SLThe probability of the node being infected by the virus is higher than the high-level security stateSHNodes, i.e. β12
The step S3 and the step S4 are performed simultaneously; in step S4, a threshold value I of the number of viruses is givenmaxAnd a non-linear function f (I) with respect to I when the number of viruses in the system is less than ImaxWhen f (I) is 0; when the number of viruses in the system is greater than or equal to ImaxWhen f (I) is α I.
The step S5 is specifically carried out when b, β1、β2When the amount of the virus in the system is increased and the delta is reduced at α, the number of the virus in the system is increased, the virus transmission is accelerated, and when the delta is reduced, the virus transmission is inhibited.
The expression of f (I) is:
Figure BDA0001359608390000031
the step S5 is specifically carried out when b, β1、β2When α, gamma is increased and delta is decreased, the number of viruses in the system is decreased, and the virus transmission is inhibited.
Figure BDA0001359608390000041
Wherein S isL、SHAnd I represents the number of computers in the respective chambers at the present moment, the basic regeneration number
Figure BDA0001359608390000042
Order SL+SH+I=N*The above equation can be simplified to the following expression:
Figure BDA0001359608390000043
when 0 is less than or equal to I<ImaxThen, one can obtain:
Figure BDA0001359608390000044
the system eventually settles at the toxic equilibrium point
Figure BDA0001359608390000045
Wherein
Figure BDA0001359608390000046
When I ismaxWhen the ratio is less than or equal to I, the following can be obtained:
Figure BDA0001359608390000047
the system eventually settles at the toxic equilibrium point
Figure BDA0001359608390000048
And toxic equilibrium point
Figure BDA0001359608390000049
Compared with toxic equilibrium point
Figure BDA00013596083900000410
The number of viruses is obviously reduced.
In the following we will select suitable parameters and prove such results through simulation experiments.
(1) Let parameter b be 0.1, δ be 0.01, β 1 be 0.3, β 2 be 0.1, μ be 0.1, γ be 0.1, Imax=0.4。
As shown in fig. 4, I in this case<ImaxIt can be seen that the system eventually settles at the toxic equilibrium point
Figure BDA00013596083900000411
(2) Let parameter b be 0.1, α be 0.5, δ be 0.01, β 1 be 0.3, β 2 be 0.1, μ be 0.1, γ be 0.1, Imax=0.1。
As shown in fig. 5, I in this casemax<I, it can be seen that the system eventually stabilizes at the toxic equilibrium point
Figure BDA0001359608390000051
From the comparison results of the above two simulation experiments, the number of viruses is obviously reduced after the upgrade measures are implemented, which is enough to show that the adaptive defense method for inhibiting virus propagation provided by the invention can effectively control the propagation of the virus in the network system.
Finally, it is noted that the above-mentioned preferred embodiments illustrate rather than limit the invention, and that, although the invention has been described in detail with reference to the above-mentioned preferred embodiments, it will be understood by those skilled in the art that various changes in form and detail may be made therein without departing from the scope of the invention as defined by the appended claims.

Claims (4)

1. An adaptive defense method for inhibiting viral transmission, characterized by: the method comprises the following steps:
s1: initializing a network system: setting node state in network system to low-level security state SLOr high level security state SHOr infected state I; wherein, the low level security state SLAnd high level security state SHThe nodes of (2) can be infected by viruses with different probabilities; the infected node I can infect adjacent nodes and is cured with a certain probability gamma; setting various parameters including probability b of external computer entering system and high-level safety state SHNode transformation into a lower-level security state SLProbability of nodes δ, probability of each node being removed from the system μ;
s2 Virus infection-each infected I node was treated with β1、β2Probability of infecting the low-level security state S adjacent theretoLNode and high level security state SHA node;
s3: and (3) node state detection process: detecting whether each node is infected by the virus and converted into an infected node I, and counting the number of the nodes;
s4: the self-adaptive defense process comprises the following steps: if the number of the infected I nodes is less than the set threshold value, not collectingTaking an upgrading measure; if the number of the infected state I nodes is larger than the threshold value, the low-level security state S in the system is enabledLThe node is upgraded to a high-level security state S with a certain probabilityHThe number of the nodes is increased along with the increase of the number of the infected I nodes, the upgrading probability is larger, the upgrading probability is in linear proportional relation with the number of the I nodes, and the proportionality coefficient is α;
s5: and analyzing factors influencing virus propagation in the network system.
2. An adaptive defence method to inhibit the spread of viruses according to claim 1, characterised in that: in step S2, a low level security state SLThe probability of the node being infected by the virus is higher than the high-level security state SHNodes, i.e. β12
3. An adaptive defence method to inhibit the spread of viruses according to claim 1, characterised in that: the step S3 and the step S4 are performed simultaneously; in step S4, a threshold value I of the number of viruses is givenmaxAnd a non-linear function f (I) with respect to I when the number of viruses in the system is less than ImaxWhen f (I) is 0; when the number of viruses in the system is greater than or equal to ImaxWhen f (I) is α I;
the expression of f (I) is:
Figure FDA0002402477540000011
4. the adaptive defense method for inhibiting virus propagation according to claim 1, wherein the step S5 is specifically defined as b, β1、β2When the amount of the virus in the system is increased and the delta is reduced at α, the number of the virus in the system is increased, the virus transmission is accelerated, and when the delta is reduced, the virus transmission is inhibited.
CN201710611414.1A 2017-07-25 2017-07-25 Self-adaptive defense method for inhibiting virus propagation Active CN107395598B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201710611414.1A CN107395598B (en) 2017-07-25 2017-07-25 Self-adaptive defense method for inhibiting virus propagation

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201710611414.1A CN107395598B (en) 2017-07-25 2017-07-25 Self-adaptive defense method for inhibiting virus propagation

Publications (2)

Publication Number Publication Date
CN107395598A CN107395598A (en) 2017-11-24
CN107395598B true CN107395598B (en) 2020-06-19

Family

ID=60336840

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201710611414.1A Active CN107395598B (en) 2017-07-25 2017-07-25 Self-adaptive defense method for inhibiting virus propagation

Country Status (1)

Country Link
CN (1) CN107395598B (en)

Families Citing this family (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108121916B (en) * 2017-12-15 2021-07-20 重庆邮电大学 Computer virus propagation defense method under multi-level security protection level
CN108833429B (en) * 2018-06-28 2020-08-14 广东电网有限责任公司 Method, device and storage medium for acquiring virus immunity strategy of power communication network
CN113032782A (en) * 2021-03-09 2021-06-25 中国人民解放军空军工程大学 Virus transmission inhibition method
CN113852607B (en) * 2021-09-01 2023-06-13 中国铁道科学研究院集团有限公司 Method and device for evaluating network security performance

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101304321A (en) * 2008-07-09 2008-11-12 南京邮电大学 Method for defending equity network virus based on trust
US8347394B1 (en) * 2009-07-15 2013-01-01 Trend Micro, Inc. Detection of downloaded malware using DNS information
CN105357200A (en) * 2015-11-09 2016-02-24 河海大学 Network virus transmission behavior modeling method
WO2016172514A1 (en) * 2015-04-24 2016-10-27 Siemens Aktiengesellschaft Improving control system resilience by highly coupling security functions with control
CN106599691A (en) * 2016-12-23 2017-04-26 贾志娟 Computer virus spreading source tracing method based on complex network

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101304321A (en) * 2008-07-09 2008-11-12 南京邮电大学 Method for defending equity network virus based on trust
US8347394B1 (en) * 2009-07-15 2013-01-01 Trend Micro, Inc. Detection of downloaded malware using DNS information
WO2016172514A1 (en) * 2015-04-24 2016-10-27 Siemens Aktiengesellschaft Improving control system resilience by highly coupling security functions with control
CN105357200A (en) * 2015-11-09 2016-02-24 河海大学 Network virus transmission behavior modeling method
CN106599691A (en) * 2016-12-23 2017-04-26 贾志娟 Computer virus spreading source tracing method based on complex network

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
计算机病毒传播模型及其防御方法研究;孟敬;《软件导刊》;20131130;全文 *

Also Published As

Publication number Publication date
CN107395598A (en) 2017-11-24

Similar Documents

Publication Publication Date Title
CN107395598B (en) Self-adaptive defense method for inhibiting virus propagation
RU2758041C2 (en) Constant training for intrusion detection
US11200318B2 (en) Methods and apparatus to detect adversarial malware
US11882134B2 (en) Stateful rule generation for behavior based threat detection
CN107566387A (en) Cyber-defence action decision method based on attacking and defending evolutionary Game Analysis
EP3270319A1 (en) Method and apparatus for generating dynamic security module
CN110362995B (en) Malicious software detection and analysis system based on reverse direction and machine learning
CN111552971A (en) Malicious software family classification evasion method based on deep reinforcement learning
CN113741309A (en) Dual-dynamic event trigger controller model design method based on observer
Nguyen et al. Toward a deep learning approach for detecting php webshell
US10623426B1 (en) Building a ground truth dataset for a machine learning-based security application
CN111092912B (en) Security defense method and device
CN114169409A (en) Countermeasure sample generation method and device
CN117940936A (en) Method and apparatus for evaluating robustness against
Li et al. Deep learning algorithms for cyber security applications: A survey
Lecuyer et al. On the connection between differential privacy and adversarial robustness in machine learning
Kumar et al. Stacking ensemble-based HIDS framework for detecting anomalous system processes in windows based operating systems using multiple word embedding
CN111881446B (en) Industrial Internet malicious code identification method and device
Lee et al. Adaptive mitigation of multi-virus propagation: A passivity-based approach
CN108121916B (en) Computer virus propagation defense method under multi-level security protection level
Kumar et al. Detection of malware using deep learning techniques
CN112764791B (en) Incremental update malicious software detection method and system
CN110225019B (en) Network security processing method and device
Lu et al. Stealthy malware detection based on deep neural network
CN117441168A (en) Method and apparatus for resistance attack in deep reinforcement learning

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant