CN108121916A - A kind of Computer Virus Spread defence method under multilevel security degree of protection - Google Patents

A kind of Computer Virus Spread defence method under multilevel security degree of protection Download PDF

Info

Publication number
CN108121916A
CN108121916A CN201711352141.XA CN201711352141A CN108121916A CN 108121916 A CN108121916 A CN 108121916A CN 201711352141 A CN201711352141 A CN 201711352141A CN 108121916 A CN108121916 A CN 108121916A
Authority
CN
China
Prior art keywords
computer
security
level
state
infection
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201711352141.XA
Other languages
Chinese (zh)
Other versions
CN108121916B (en
Inventor
罗文俊
岑琛
祝清意
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Chongqing University of Post and Telecommunications
Original Assignee
Chongqing University of Post and Telecommunications
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Chongqing University of Post and Telecommunications filed Critical Chongqing University of Post and Telecommunications
Priority to CN201711352141.XA priority Critical patent/CN108121916B/en
Publication of CN108121916A publication Critical patent/CN108121916A/en
Application granted granted Critical
Publication of CN108121916B publication Critical patent/CN108121916B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/57Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
    • G06F21/577Assessing vulnerabilities and evaluating computer system security
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/552Detecting local intrusion or implementing counter-measures involving long-term monitoring or reporting
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/03Indexing scheme relating to G06F21/50, monitoring users, programs or devices to maintain the integrity of platforms
    • G06F2221/034Test or assess a computer or a system

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Software Systems (AREA)
  • Theoretical Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Computing Systems (AREA)
  • Measuring Or Testing Involving Enzymes Or Micro-Organisms (AREA)

Abstract

The present invention relates to the Computer Virus Spread defence methods under a kind of multilevel security degree of protection, belong to technical field of network information safety.Present invention contemplates that existing viral transmission model is not involved with influence of the computer security defence grade to viral transmission, under the premise of the computer Pyatyi safe class of standard, it is proposed that a kind of new more security level viral transmission models.The threshold value that the present invention passes through setting network system inner virus quantity, when need the threshold value of promotion computer security grade, a kind of new antivirus protection scheme is thus gived, that is, determines suitable threshold value to cause overhead not only small but also can contain the propagation of virus to greatest extent.

Description

A kind of Computer Virus Spread defence method under multilevel security degree of protection
Technical field
The invention belongs to technical field of network information safety, the computer virus being related under a kind of multilevel security degree of protection Propagate defence method.
Background technology
With the fast development of information technology, the mankind enter new Internet era.Daily life, building ring Border is also all greatly improved therewith, and many aspects in human lives have all be unable to do without computer.But it at the same time produces Computer virus is given birth to.Computer virus, which can generate, to be formatted hard disk, rewriting or deletes data, destroy setting, seize money Source and more directly steal the hazardous acts such as user's key message.Then, how the propagation of control computer virus becomes Many scholars and particularly significant and significant problem of company's research.
At present, the research of control computer viral transmission is broadly divided into microexamination and macro -examination.
Microexamination refers to program structure feature by analyzing computer virus and behavior pattern to detect and remove disease Poison, common in real life to have antivirus software and fire wall, this is also that current killing computer virus is main, effective side Method.But microexamination has antivirus software, new patch of the limitation of its own, especially new version etc. always in new disease Poison can just be born after occurring, this illustrates that microexamination has time-lag effect.
In order to make up the deficiency in terms of microexamination, this subject of Computer Virus Spread dynamics just comes into being. Propose a series of compartment model.Compartment model provides most important method for research Computer Virus Spread behavior, but The difference of computer security defence grade has been ignored as the computer " making no exception " on internet caused by viral transmission It influences.It, can be the meter in internet often because the servicing property of terminal computer is different with use in a network system Calculation machine is arranged to different Prevention-Security ranks.According to the difference of defence grade, the computer of easy infection group is divided into not Same warehouse from the angle of reality, just can more embody influence of the extraneous factor to Computer Virus Spread.
The content of the invention
In view of this, it is an object of the invention to provide the Computer Virus Spreads under a kind of multilevel security degree of protection to prevent Imperial method, for studying difference influence caused by viral transmission of computer security defence grade.It is portrayed according to actual conditions Rational viral transmission model, and mathematical theory analysis, analysis of simulation experiment are carried out to model, its propagation law is disclosed, to have Effect containment viral transmission provides theoretical foundation and practical advice.
In order to achieve the above objectives, the present invention provides following technical solution:
A kind of Computer Virus Spread defence method under multilevel security degree of protection, comprises the following steps:
S1:The individual in easy infection computer S warehouses in SIS models is divided according to computer security classification standard first For five ranks;S is used in easy infection calculating under this five kinds of security levels respectively1、S2、S3、S4、S5It represents;Exist in entire model The computer of six kinds of states:First order security level computer (S1), second level security level computer (S2), the third level safety Level calculation machine (S3), fourth stage security level computer (S4), level V security level computer (S5) and infection computer (I);
S2:With reference to the actual conditions of computer network, introduce various more rational parameters and make relatively reasonable vacation If;
S3:Node state detection process:Detect whether each node is subject to the infection of virus to be transformed into and infected state node, and Count its quantity;
S4:Computer automatic lifting defends level procedure:If the infection state node of the computer of relatively low lower security grade Quantity be less than setting threshold value, do not take defence upgrading measure;If the infection state node of the computer of relatively low safe class Quantity is more than threshold value, and relatively low level security state (Sl) node in system is made to upgrade to high-level safe state (Sh) section with certain probability Point (l=h-1);
S5:Rational mathematical model is established, draws model schematic;
S6:According to model schematic, the mathematic(al) representation of model is listed, corresponding equalization point is obtained, this equalization point is used When system balancing is determined, specific node number inside each warehouse is represented;
S7:It determines the equilibrium state of entire model, verifies the existence and stability of its state;
S8:It analyzes and researches to the expression formula of equilibrium state equalization point, finally draws corresponding conclusion;
S9:New antivirus protection measure is proposed according to conclusion.
The beneficial effects of the present invention are:
(1) present invention does not account for computer security for existing viral transmission model and defends grade difference to virus The influence of propagation, it is contemplated that the otherness of Prevention-Security ability between computer meets computer virus and passes in a network very much The actual conditions broadcast.
(2) present invention determines whether upgrade the other computer of relatively low low level security by setting the threshold value of viral load It is other for higher security level, it proposes to be the protection for effectively carrying out computer virus by this threshold value, is computer virus Safeguard procedures provide a kind of new resolving ideas again.
Description of the drawings
In order to make the purpose of the present invention, technical solution and advantageous effect clearer, the present invention provides drawings described below and carries out Explanation:
Fig. 1 is improved SIS illustratons of model;
Fig. 2 is upgrading measure flow chart;
Fig. 3 is the data verification result of experiment (1);
Fig. 4 is the data verification result of experiment (2);
Fig. 5 is the data verification result of experiment (3);
Fig. 6 is the data verification result of experiment (4);
Fig. 7 is the data verification result of experiment (5).
Specific embodiment
Below in conjunction with attached drawing, the preferred embodiment of the present invention is described in detail.
Fig. 1 is improved SIS illustratons of model;Fig. 2 is upgrading measure flow chart;What the present invention was implemented is middle multi-level computer peace Computer Virus Spread under congruent grade models and proposes safeguard procedures, mainly there is following steps:
Step 1: introduce relevant parameter and hypothesis.
(1) computer being externally entering in the system of modeling is all to be uninfected by state, it is assumed that enters S1、S2、S3、 S4、S5The average probability of unit interval assumes to be respectively b1、b2、b3、b4、b5
(2)S1、S2、S3、S4、S5The infected average hypothesis probability for becoming I is respectively and β inside unit interval built-in system1、 β2、β3、β4、β5
(3) the infection computer in I has the possibility being cured, it is assumed that is cured into S in the unit interval respectively1、S2、S3、 S4、S5Average probability be γ1、γ2、γ3、γ4、γ5
(4) all individuals of internal system are likely to because the dead w of other reasons itself dies or leave the system, it is assumed that The average probability that such case occurs is μ.
Step 2: computer automatic lifting defence level procedure is represented with a piecewise function:
S1Upgrade into S2Piecewise function:
S2Upgrade into S3Piecewise function:
S3Upgrade into S4Piecewise function:
S4Upgrade into S5Piecewise function:
fn(I) piecewise function of the upgrading computer measure of safe class n, I are representedmaxnIt represents when the number of the I in system Reach certain number, the computer cabin S of uninfecting virusnNeed to take the threshold value of upgrading measure.
Step 3: assume S1(t)、S2(t)、S3(t)、S4(t)、S5(t) and I (t) represents S respectively1、S2、S3、S4、S5In I Certain moment t respective number, by analyzing above, to can be obtained by the model following (wherein on the differential equation group of time t S1(t)、S2(t)、S3(t)、S4(t)、S5(t) S is abbreviated as respectively1、S2、S3、S4、S5)。
Step 4: above equation group, is write as following general type by model and equation group characteristic:
Wherein, SlAnd ShLower security rating calculation machine and high safety grade computer, N are represented respectivelylIt represents by than SlLow The upgrading computer of security level and come number, NhRepresent what high security level was upgraded to the safe class of higher level Number, SN are represented in I warehouses by SlAnd ShOutside warehouse enter or the number gone out, fl(I) the other calculating of low level security is represented Machine takes the piecewise function of upgrading measure, and expression formula is as follows:
Make Sl+ShS in+I=N, N expression systeml、ShWith I these three warehouses always, it is a dynamic number, when When time t tends to infinity,Above-mentioned equation group can be further simplified as:
Step 5: the basic reproduction number being obtained according to the equation group after simplification And acquire nontoxic equalization pointOrder:
C=μ (γlh+μ)-βl(bl+Nl)-βh(bh-Nh)=μ (γlh+μ)(1-R0) (1)
Acquire following 4 groups of toxic equalization points:
By analysis, the existence condition being balanced a little is as follows:
R0< 1
(1) B is worked as1> 0, Δ1> 0 (or B2> 0, Δ2> 0) when, only exist two toxic equalization points
(or)
(or) and(or)。
R0< 1
(2) B is worked as1> 0, Δ1> 0 and B2> 0, Δ2During > 0, three toxic equalization points are only existed
With
(3) whenWhen, only exist a toxic equalization point(or)
Step 5: by related mathematical analysis and formula theorem, the existence and stability of equalization point can be to Lower form makees a summary:
1 related description of table
N Equalization point is not present
E Equalization point only exists but unstable
EL Equalization point exists and locally asymptotic stability
EG Equalization point exists and Globally asymptotic
2 existence of equilibrium of table and stability
Step 6: the result of previous step is verified by experimental data.
As shown in figure 3, experiment (1):Make parameter betal=0.24, βh=0.08, γl=0.146, γh=0.003, bl= 0.001, Nl=0.0002, bh=0.0022, Nh=0.0004, μ=0.003, α=0.005, Imaxl=0.38.Some initial points The track developed with time t is such as shown in (a), and the coordinate diagram of two of which point and time t are such as shown in (b) and (c) in these points. The 3rd row conclusion in this experimental verification table 2.
As shown in figure 4, experiment (2):Make parameter betal=0.24, βh=0.08, γl=0.146, γh=0.043, bl= 0.001, Nl=0.0002, bh=0.0022, Nh=0.0004, μ=0.003, α=0.005, Imaxl=0.21.Some initial points The track developed with time t is such as shown in (a), and the coordinate diagram of two of which point and time t are such as shown in (b) and (c) in these points. The 2nd row conclusion in this experimental verification table 2.
As shown in figure 5, experiment (3):Make parameter betal=0.24, βh=0.08, γl=0.146, γh=0.003, bl= 0.001, Nl=0.0002, bh=0.0022, Nh=0.0004, μ=0.003, α=0.005, Imaxl=0.21.Some initial points The track developed with time t is such as shown in (a), and the coordinate diagram of two of which point and time t are such as shown in (b) and (c) in these points. 4-5 row conclusions in this experimental verification table 2.
As shown in fig. 6, experiment (4):Make parameter betal=0.3, βh=0.09, γl=0.056, γh=0.0043, bl= 0.001, Nl=0.0002, bh=0.0022, Nh=0.0004, μ=0.003, α=0.06, Imaxl=0.38.Some initial points The track developed with time t is such as shown in (a), and the coordinate diagram of two of which point and time t are such as shown in (b) and (c) in these points. The 6th row conclusion in this experimental verification table 2.
As shown in fig. 7, experiment (5):Make parameter betal=0.3, βh=0.09, γl=0.056, γh=0.0043, bl= 0.001, Nl=0.0002, bh=0.0022, Nh=0.0004, μ=0.003, α=0.06, Imaxl=0.2.Some initial points with The track of time t differentiation such as shown in (a), the coordinate diagram of two of which point and time t are such as shown in (b) and (c) in these points.This The conclusion of last 1 row in one experimental verification table 2.
Step 7: the safety upgrade threshold value I proposed for the present invention programmaxlAnalysis and research are carried out to show:It is low whenever having When safe class needs to carry out safety upgrade by threshold value, a more suitable value need to be set the threshold to, it is too low to cause to rise Grade cost is excessive and the wasting of resources, Tai Gao can cause upgrading dynamics not enough and the effect of control virus are not achieved, be computed again It learns and works as threshold value close to E3 *In I3 *When, virus control effect is best.
Step 8: controlling virus under multi-level computer safe class, calculated by the analysis of preceding step, obtained one kind The measure of virus is controlled, i.e., when setting computer is needed to carry out the threshold value of safety upgrade, its value is set to compared with Gao An as far as possible The number that computer is stablized is infected under congruent grade under equilibrium state, can so ensure that the virus control effect in whole system arrives Up to optimal.The validity of the present invention program is verified also by the step of front.
Finally illustrate, preferred embodiment above is merely illustrative of the technical solution of the present invention and unrestricted, although logical It crosses above preferred embodiment the present invention is described in detail, however, those skilled in the art should understand that, can be Various changes are made to it in form and in details, without departing from claims of the present invention limited range.

Claims (1)

1. a kind of Computer Virus Spread defence method under multilevel security degree of protection, it is characterised in that:This method include with Lower step:
S1:The individual in easy infection computer S warehouses in SIS models is divided into five according to computer security classification standard first A rank;S is used in easy infection calculating under this five kinds of security levels respectively1、S2、S3、S4、S5It represents;There are six kinds in entire model The computer of state:First order security level computer S1, second level security level computer S2, third level security level calculate Machine
S3, fourth stage security level computer S4, level V security level computer S5With the computer I of infection;
S2:With reference to the actual conditions of computer network, introduce various more rational parameters and make relatively reasonable hypothesis;
S3:Node state detection process:It detects whether each node is subject to the infection of virus to be transformed into and infected state node, and counts Its quantity;
S4:Computer automatic lifting defends level procedure:If the number of the infection state node of the computer of relatively low lower security grade Amount does not take defence upgrading measure less than the threshold value of setting;If the quantity of the infection state node of the computer of relatively low safe class More than threshold value, relatively low level security state Sl nodes in system is made to upgrade to high-level safe state Sh nodes l=h- with certain probability 1;
S5:Rational mathematical model is established, draws model schematic;
S6:According to model schematic, the mathematic(al) representation of model is listed, corresponding equalization point is obtained, this equalization point is for true When determining system balancing, specific node number inside each warehouse is represented;
S7:It determines the equilibrium state of entire model, verifies the existence and stability of its state;
S8:It analyzes and researches to the expression formula of equilibrium state equalization point, finally draws corresponding conclusion;
S9:New antivirus protection measure is proposed according to conclusion.
CN201711352141.XA 2017-12-15 2017-12-15 Computer virus propagation defense method under multi-level security protection level Active CN108121916B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201711352141.XA CN108121916B (en) 2017-12-15 2017-12-15 Computer virus propagation defense method under multi-level security protection level

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201711352141.XA CN108121916B (en) 2017-12-15 2017-12-15 Computer virus propagation defense method under multi-level security protection level

Publications (2)

Publication Number Publication Date
CN108121916A true CN108121916A (en) 2018-06-05
CN108121916B CN108121916B (en) 2021-07-20

Family

ID=62230062

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201711352141.XA Active CN108121916B (en) 2017-12-15 2017-12-15 Computer virus propagation defense method under multi-level security protection level

Country Status (1)

Country Link
CN (1) CN108121916B (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114301700A (en) * 2021-12-31 2022-04-08 上海纽盾科技股份有限公司 Method, device, system and storage medium for adjusting network security defense scheme
CN114448704A (en) * 2022-01-28 2022-05-06 重庆邮电大学 Method for inhibiting cross-platform virus propagation

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20160182544A1 (en) * 2015-02-28 2016-06-23 Brighterion, Inc. Method of protecting a network computer system from the malicious acts of hackers and its own system administrators
CN106027513A (en) * 2016-05-15 2016-10-12 广东技术师范学院 Method for analyzing propagation characteristics of computer virus in SDN mobile environment
CN107395598A (en) * 2017-07-25 2017-11-24 重庆邮电大学 A kind of adaptive defense method for suppressing viral transmission

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20160182544A1 (en) * 2015-02-28 2016-06-23 Brighterion, Inc. Method of protecting a network computer system from the malicious acts of hackers and its own system administrators
CN106027513A (en) * 2016-05-15 2016-10-12 广东技术师范学院 Method for analyzing propagation characteristics of computer virus in SDN mobile environment
CN107395598A (en) * 2017-07-25 2017-11-24 重庆邮电大学 A kind of adaptive defense method for suppressing viral transmission

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
杨茂斌: "具有分级感染率的4仓室计算机病毒传播模型", 《重庆大学学报》 *

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114301700A (en) * 2021-12-31 2022-04-08 上海纽盾科技股份有限公司 Method, device, system and storage medium for adjusting network security defense scheme
CN114448704A (en) * 2022-01-28 2022-05-06 重庆邮电大学 Method for inhibiting cross-platform virus propagation
CN114448704B (en) * 2022-01-28 2024-03-15 广州大鱼创福科技有限公司 Method for inhibiting cross-platform virus transmission

Also Published As

Publication number Publication date
CN108121916B (en) 2021-07-20

Similar Documents

Publication Publication Date Title
Tian et al. Rumor spreading model with considering debunking behavior in emergencies
Zarei et al. Fuzzy modeling and control of HIV infection
Funk et al. Endemic disease, awareness, and local behavioural response
CN108121916A (en) A kind of Computer Virus Spread defence method under multilevel security degree of protection
CN110378124A (en) A kind of network security threats analysis method and system based on LDA machine learning
Raza et al. A structure preserving numerical method for solution of stochastic epidemic model of smoking dynamics
Fatima et al. Modeling the epidemic trend of middle eastern respiratory syndrome coronavirus with optimal control
Pellis et al. Threshold parameters for a model of epidemic spread among households and workplaces
Lee et al. Social clustering in epidemic spread on coevolving networks
Xu et al. Propagation effect of a virus outbreak on a network with limited anti-virus ability
Fatmawati et al. An Optimal Treatment Control of TB‐HIV Coinfection
CN107395598B (en) Self-adaptive defense method for inhibiting virus propagation
Wu et al. SQEIR: An epidemic virus spread analysis and prediction model
Ion et al. A self-organizing criticality mathematical model for contamination and epidemic spreading
Ren et al. Dynamics of a Delay‐Varying Computer Virus Propagation Model
Lu et al. Backward bifurcation and local dynamics of epidemic model on adaptive networks with treatment
WO2024109331A1 (en) Method and system for predicting number of people suffering from infectious disease, and electronic device and readable storage medium
CN107425999A (en) A kind of safety detection node dynamic deployment method of low overhead
Nguyen et al. Asymptotic behavior for a stochastic behavioral change SIR model
Whitman et al. Stochastic modeling of influenza spread dynamics with recurrences
JP2020135659A (en) Parameter determination method, parameter determination device, and program
Xiao et al. SAIDR: A new dynamic model for SMS-based worm propagation in mobile networks
Safi et al. Mathematical analysis of an age-structured HSV-2 model
Tian et al. Asymptotic properties of a hepatitis B virus infection model with time delay
Yang et al. Dynamical analysis of a fractional order HCV infection model with acute and chronic and general incidence rate

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant