CN108121916B - Computer virus propagation defense method under multi-level security protection level - Google Patents
Computer virus propagation defense method under multi-level security protection level Download PDFInfo
- Publication number
- CN108121916B CN108121916B CN201711352141.XA CN201711352141A CN108121916B CN 108121916 B CN108121916 B CN 108121916B CN 201711352141 A CN201711352141 A CN 201711352141A CN 108121916 B CN108121916 B CN 108121916B
- Authority
- CN
- China
- Prior art keywords
- computer
- level
- security level
- virus
- security
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
- G06F21/577—Assessing vulnerabilities and evaluating computer system security
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/552—Detecting local intrusion or implementing counter-measures involving long-term monitoring or reporting
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/03—Indexing scheme relating to G06F21/50, monitoring users, programs or devices to maintain the integrity of platforms
- G06F2221/034—Test or assess a computer or a system
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- General Engineering & Computer Science (AREA)
- Software Systems (AREA)
- Theoretical Computer Science (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Computing Systems (AREA)
- Measuring Or Testing Involving Enzymes Or Micro-Organisms (AREA)
Abstract
The invention relates to a computer virus propagation defense method under a multilevel security protection level, and belongs to the technical field of network information security. The invention provides a novel multi-security-level virus propagation model on the premise of a standard computer five-level security level, considering that the existing virus propagation model does not relate to the influence of the computer security defense level on virus propagation. The invention sets the threshold value of the virus quantity in the network system, namely the threshold value of when the computer security level needs to be improved, thereby providing a new virus protection scheme, namely, the appropriate threshold value is determined to ensure that the system overhead is small and the virus propagation can be restrained to the maximum extent.
Description
Technical Field
The invention belongs to the technical field of network information security, and relates to a computer virus propagation defense method under a multi-level security protection level.
Background
With the rapid development of information technology, human beings have entered a new internet era. People's daily life, operational environment have also got a great improvement thereupon, and many aspects in human life have all been kept away from the computer. But at the same time computer viruses are generated. Computer viruses can generate dangerous behaviors such as formatting hard disks, rewriting or deleting data, destroying settings, seizing resources, and stealing key information of users more directly. Therefore, how to control the spread of computer viruses becomes a very important and meaningful topic for many researchers and companies to study.
Currently, the research for controlling the spread of computer viruses is mainly divided into microscopic research and macroscopic research.
The microscopic research refers to detecting and removing viruses by analyzing the program structure characteristics and behavior patterns of computer viruses, and antivirus software and firewalls are commonly used in actual life, which is the most main and effective method for searching and killing computer viruses at present. However, microscopic studies have their own limitations, especially since new versions of antivirus software, new patches, etc. always come into existence after new viruses appear, which indicates that microscopic studies are time-delayed.
To compensate for the deficiencies of microscopic studies, the subject of computer virus transmission dynamics has come into force. A series of bin models are also presented. The warehouse model provides the most important method for researching the virus spreading behavior of the computer, but the influence of the difference of the security defense levels of the computer on the virus spreading is ignored for the computers on the Internet. In a network system, computers in the internet are often set to different levels of security defense because of the different nature and use of the services of the terminal computers. According to different defense levels, computers of susceptible groups are divided into different bins, and the influence of external factors on computer virus propagation can be reflected from a practical perspective.
Disclosure of Invention
In view of this, the present invention provides a computer virus propagation defense method under a multi-level security protection level, which is used for researching the influence of different computer security defense levels on virus propagation. A reasonable virus propagation model is described according to the actual situation, mathematical theory analysis and simulation experiment analysis are carried out on the model, the propagation rule is revealed, and theoretical basis and practical guidance are provided for effectively restraining virus propagation.
In order to achieve the purpose, the invention provides the following technical scheme:
a computer virus propagation defense method under a multilevel security protection level comprises the following steps:
s1: firstly, dividing individuals in an S chamber of a susceptible computer in an SIS model into five levels according to the computer safety level standard; the susceptibility calculation under the five safety levels is respectively S1、S2、S3、S4、S5Represents; there are six states of the computer in the entire model: first level security level computer (S)1) Second level security level computer (S)2) Third level security level computer (S)3) Fourth level security level computer (S)4) Fifth level security level computer (S)5) And infected computers (I);
s2: introducing various reasonable parameters and making relatively reasonable assumptions in combination with the actual situation of a computer network;
s3: and (3) node state detection process: detecting whether each node is infected by the virus and converted into an infected node, and counting the number of the nodes;
s4: the computer automatically promotes the defense level process: if the number of the infected nodes of the computer with lower security level is less than the set threshold value, the defense upgrading measures are not taken; if the number of the infected nodes of the computer with the lower security level is larger than a threshold value, upgrading the nodes in the lower security level (Sl) to nodes in the high security level (Sh) with a certain probability (l ═ h-1);
s5: establishing a reasonable mathematical model and drawing a model schematic diagram;
s6: according to the model schematic diagram, listing a mathematical expression of the model, and solving a corresponding balance point, wherein the balance point is used for representing the specific number of nodes in each chamber when the system is balanced;
s7: determining the balance state of the whole model, and verifying the existence and stability of the state of the model;
s8: analyzing and researching the expression of the balance point of the balance state, and finally obtaining a corresponding conclusion;
s9: and according to the conclusion, new virus protection measures are proposed.
The invention has the beneficial effects that:
(1) the invention aims at the problem that the existing virus propagation model does not consider the influence of the difference of the security defense levels of the computers on the virus propagation, considers the difference of the security defense capacities among the computers, and is very consistent with the actual situation of the propagation of computer viruses in the network.
(2) The invention determines whether the computer with lower security level is upgraded to the higher security level by setting the threshold value of the virus number, provides the protection of the computer virus by the threshold value, and provides a new solution for the protection measures of the computer virus.
Drawings
In order to make the object, technical scheme and beneficial effect of the invention more clear, the invention provides the following drawings for explanation:
FIG. 1 is a diagram of an improved SIS model;
FIG. 2 is a flowchart of an upgrade measure;
FIG. 3 shows the data verification result of experiment (1);
FIG. 4 shows the data verification result of experiment (2);
FIG. 5 shows the data verification result of experiment (3);
FIG. 6 shows the data verification result of experiment (4);
fig. 7 shows the data verification result of experiment (5).
Detailed Description
Preferred embodiments of the present invention will be described in detail below with reference to the accompanying drawings.
FIG. 1 is a diagram of an improved SIS model; FIG. 2 is a flowchart of an upgrade measure; the invention implements the computer virus propagation modeling and protective measures under the security level of a middle-level and multi-level computer, and mainly comprises the following steps:
step one, relevant parameters and assumptions are introduced.
(1) Computers entering the modeled system from the outside are all in an uninfected state, assuming entry to S1、S2、S3、S4、S5The average probability per unit time is assumed to be b1、b2、b3、b4、b5。
(2)S1、S2、S3、S4、S5Average hypothesis probability of being infected inside the system to become I per unit time and beta1、β2、β3、β4、β5。
(3) The infected computers in I all have the possibility of being cured, and are supposed to be respectively cured into S within unit time1、S2、S3、S4、S5Has an average probability of gamma1、γ2、γ3、γ4、γ5。
(4) All individuals within the system may die themselves or leave the system for other reasons, assuming an average probability of this occurring is μ.
Step two, expressing the automatic defense level improving process of the computer by a segmentation function:
fn(I) piecewise function of computer upgrade measures representing a security level n, ImaxnIndicates that when the number of I in the system reaches a certain number, the computer chamber S is not infected with virusnThresholds for upgrade measures need to be taken.
Step three, suppose S1(t)、S2(t)、S3(t)、S4(t)、S5(t) and I (t) each represent S1、S2、S3、S4、S5And the number of the models at a certain time t in I, the system of differential equations of the model with respect to the time t can be obtained through the above analysis (wherein S is1(t)、S2(t)、S3(t)、S4(t)、S5(t) are each abbreviated to S1、S2、S3、S4、S5)。
Step four, model and equation set characteristics, the above equation set is written into the following general form:
wherein S islAnd ShRespectively representing a low security level computer and a high security level computer, NlIs represented by the ratio SlNumber of upgrades from computers of low security level, NhRepresenting the number of upgrades of a high security level to a higher level security level, SN represents the number of upgrades by S in the I-binlAnd ShNumber of other chambers entering or exiting, fl(I) The computer representing the low security level adopts the piecewise function of the upgrading measure, and the expression is as follows:
order Sl+ShN represents S in the systeml、ShAnd I, which is a dynamic number, as time t approaches infinity,the above equation set can be further simplified as:
step five, the basic regeneration number is calculated according to the simplified equation setAnd finding the nontoxic balance pointOrder:
C=μ(γl+γh+μ)-βl(bl+Nl)-βh(bh-Nh)=μ(γl+γh+μ)(1-R0) (1)
A1=βlβh
B1=βlβhN*-βlγh-βlμ-βhγl-βhμ (2)
A2=βlβh+αβh
B2=(βlβh+αβh)N*-βlγh-βlμ-βhγl-βhμ-α(γh+γh+μ) (3)
the following 4 sets of toxic equilibrium points were found:
the existence conditions of the equilibrium points are analyzed as follows:
Through the correlation mathematical analysis and the theorem of equations, the existence and stability of the equilibrium point can be summarized in the following table:
table 1 description of the related art
N | Absence of equilibrium point |
E | Equilibrium point is present only but not stable |
EL | With equilibrium points and local progressive stabilisation |
EG | Balance point storage and global gradual stabilization |
TABLE 2 Presence of equilibrium points and stability
And step six, verifying the result of the previous step through experimental data.
As shown in fig. 3, experiment (1): let parameter betal=0.24,βh=0.08,γl=0.146,γh=0.003,bl=0.001,Nl=0.0002,bh=0.0022,Nh=0.0004,μ=0.003,α=0.005,Imaxl0.38. The trajectory of some initial points over time t is shown in (a), and two of these points are plotted against time t in (b) and (c). This experiment validates the conclusions in line 3 of table 2.
As shown in fig. 4, experiment (2): let parameter betal=0.24,βh=0.08,γl=0.146,γh=0.043,bl=0.001,Nl=0.0002,bh=0.0022,Nh=0.0004,μ=0.003,α=0.005,Imaxl0.21. The trajectory of some initial points over time t is shown in (a), and two of these points are plotted against time t in (b) and (c). This experiment validated the row 2 conclusions in table 2.
As shown in fig. 5, experiment (3): let parameter betal=0.24,βh=0.08,γl=0.146,γh=0.003,bl=0.001,Nl=0.0002,bh=0.0022,Nh=0.0004,μ=0.003,α=0.005,Imaxl0.21. The trajectory of some initial points over time t is shown in (a), and two of these points are plotted against time t in (b) and (c). This experiment validates the conclusions on lines 4-5 of Table 2.
As shown in fig. 6, experiment (4): let parameter betal=0.3,βh=0.09,γl=0.056,γh=0.0043,bl=0.001,Nl=0.0002,bh=0.0022,Nh=0.0004,μ=0.003,α=0.06,Imaxl0.38. The trajectory of some initial points over time t is shown in (a), and two of these points are plotted against time t in (b) and (c). This experiment validated the row 6 conclusions in table 2.
As shown in FIG. 7, experiment (5) was conducted with the parameter βl=0.3,βh=0.09,γl=0.056,γh=0.0043,bl=0.001,Nl=0.0002,bh=0.0022,Nh=0.0004,μ=0.003,α=0.06,Imaxl0.2. The trajectory of some initial points over time t is shown in (a), and two of these points are plotted against time t in (b) and (c). This experiment validates the conclusions of the last 1 row in table 2.
Step seven, aiming at the safety upgrading threshold I provided by the scheme of the inventionmaxlAnalytical studies were performed showing that: when the low security level needs to be safely upgraded according to the threshold, the threshold needs to be set to a proper value, if the threshold is too low, the upgrading cost is too high, the resource waste is caused, if the threshold is too high, the upgrading strength is not enough, and the effect of controlling the virus cannot be achieved, and the method is countedCalculating when the threshold value is close to E3 *In (1)3 *The best virus control effect is obtained.
Step eight, controlling the virus under the security level of the multi-level computer, and obtaining a measure for controlling the virus through the analysis and calculation of the previous step, namely setting the value of the threshold value of the security upgrade of the computer to be as stable as possible to infect the computers under the equilibrium state under the higher security level when the threshold value needs to be set, so that the virus control effect in the whole system can be ensured to be optimal. The effectiveness of the inventive solution was also verified by the previous steps.
Finally, it is noted that the above-mentioned preferred embodiments illustrate rather than limit the invention, and that, although the invention has been described in detail with reference to the above-mentioned preferred embodiments, it will be understood by those skilled in the art that various changes in form and detail may be made therein without departing from the scope of the invention as defined by the appended claims.
Claims (1)
1. A computer virus propagation defense method under a multilevel security protection level is characterized in that: the method comprises the following steps:
step one, introducing relevant parameters and assumptions;
(1) the computers entering the modeling system from the outside are all in an uninfected state, and the computer enters S1、S2、S3、S4、S5The average probability per unit time is assumed to be b1、b2、b3、b4、b5;
(2)S1、S2、S3、S4、S5Average hypothesis probability of being infected inside the system to become I per unit time and beta1、β2、β3、β4、β5;
(3) The infected computers in I all have the possibility of being cured, and are supposed to be respectively cured into S within unit time1、S2、S3、S4、S5Average summary ofRate of gamma1、γ2、γ3、γ4、γ5;
(4) All individuals within the system may die themselves or leave the system for other reasons, assuming that the average probability of this occurring is μ;
step two, expressing the automatic defense level improving process of the computer by a segmentation function:
fn(I) piecewise function of computer upgrade measures representing a security level n, ImaxnIndicates that when the number of I in the system reaches a certain number, the computer chamber S is not infected with virusnA threshold at which an upgrade measure needs to be taken;
step three, suppose S1(t)、S2(t)、S3(t)、S4(t)、S5(t) and I (t) each represent S1、S2、S3、S4、S5And the respective number of times t in I, the system of differential equations of the model with respect to time t is obtained as follows, wherein S1(t)、S2(t)、S3(t)、S4(t)、S5(t) are each abbreviated to S1、S2、S3、S4、S5;
Step four, model and equation set characteristics, the above equation set is written into the following form:
wherein S islAnd ShRespectively representing a low security level computer and a high security level computer, NlIs represented by the ratio SlNumber of upgrades from computers of low security level, NhRepresenting the number of upgrades of a high security level to a higher level security level, SN represents the number of upgrades by S in the I-binlAnd ShNumber of other chambers entering or exiting, fl(I) The computer representing the low security level adopts the piecewise function of the upgrading measure, and the expression is as follows:
order Sl+ShN represents S in the systeml、ShAnd I, which is a dynamic number, as time t approaches infinity,the method is simplified as follows:
step five, the basic regeneration number is calculated according to the simplified equation setAnd finding the nontoxic balance pointOrder:
C=μ(γl+γh+μ)-βl(bl+Nl)-βh(bh-Nh)=μ(γl+γh+μ)(1-R0) (1)
the following 4 sets of toxic equilibrium points were found:
the existence conditions of the equilibrium points are analyzed as follows:
Obtaining existence and stability rules of balance points through relevant mathematical analysis and formula theorem;
step six, verifying the result of the step five through experimental data;
step seven, when the low security level needs to be upgraded according to the threshold value, the threshold value is set to be a proper value, and when the threshold value is close to E3 *In (1)3 *The best virus control effect is achieved;
and step eight, controlling the viruses under the security level of the multistage computer, and setting the value of the virus to the stable number of infected computers under the equilibrium state under the higher security level as much as possible when the threshold value for performing security upgrade on the computer needs to be set, so as to ensure that the virus control effect in the whole system reaches the best.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201711352141.XA CN108121916B (en) | 2017-12-15 | 2017-12-15 | Computer virus propagation defense method under multi-level security protection level |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201711352141.XA CN108121916B (en) | 2017-12-15 | 2017-12-15 | Computer virus propagation defense method under multi-level security protection level |
Publications (2)
Publication Number | Publication Date |
---|---|
CN108121916A CN108121916A (en) | 2018-06-05 |
CN108121916B true CN108121916B (en) | 2021-07-20 |
Family
ID=62230062
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201711352141.XA Active CN108121916B (en) | 2017-12-15 | 2017-12-15 | Computer virus propagation defense method under multi-level security protection level |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN108121916B (en) |
Families Citing this family (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN114301700B (en) * | 2021-12-31 | 2023-09-08 | 上海纽盾科技股份有限公司 | Method, device, system and storage medium for adjusting network security defense scheme |
CN114448704B (en) * | 2022-01-28 | 2024-03-15 | 广州大鱼创福科技有限公司 | Method for inhibiting cross-platform virus transmission |
Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN106027513A (en) * | 2016-05-15 | 2016-10-12 | 广东技术师范学院 | Method for analyzing propagation characteristics of computer virus in SDN mobile environment |
CN107395598A (en) * | 2017-07-25 | 2017-11-24 | 重庆邮电大学 | A kind of adaptive defense method for suppressing viral transmission |
Family Cites Families (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20160182544A1 (en) * | 2015-02-28 | 2016-06-23 | Brighterion, Inc. | Method of protecting a network computer system from the malicious acts of hackers and its own system administrators |
-
2017
- 2017-12-15 CN CN201711352141.XA patent/CN108121916B/en active Active
Patent Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN106027513A (en) * | 2016-05-15 | 2016-10-12 | 广东技术师范学院 | Method for analyzing propagation characteristics of computer virus in SDN mobile environment |
CN107395598A (en) * | 2017-07-25 | 2017-11-24 | 重庆邮电大学 | A kind of adaptive defense method for suppressing viral transmission |
Non-Patent Citations (1)
Title |
---|
具有分级感染率的4仓室计算机病毒传播模型;杨茂斌;《重庆大学学报》;20121231;第112-119页 * |
Also Published As
Publication number | Publication date |
---|---|
CN108121916A (en) | 2018-06-05 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
EP3651043B1 (en) | Url attack detection method and apparatus, and electronic device | |
US11188650B2 (en) | Detection of malware using feature hashing | |
JP7405596B2 (en) | System and method for object classification of computer systems | |
Liu et al. | Modeling the spread of malware with the influence of heterogeneous immunization | |
Song et al. | Influence of removable devices on computer worms: dynamic analysis and control strategies | |
Serrano et al. | A novel agent-based rumor spreading model in twitter | |
Gan et al. | Propagation of computer virus under human intervention: a dynamical model | |
Mishra et al. | Differential Epidemic Model of Virus and Worms in Computer Network. | |
CN109698823B (en) | Network threat discovery method | |
CN103746987B (en) | Method and system for detecting DoS attack in semantic Web application | |
Raza et al. | Numerical treatment for stochastic computer virus model | |
CN108121916B (en) | Computer virus propagation defense method under multi-level security protection level | |
Misra et al. | Capturing the interplay between malware and anti-malware in a computer network | |
CN110134876B (en) | Network space population event sensing and detecting method based on crowd sensing sensor | |
US9501742B2 (en) | System and method for assessing categorization rule selectivity | |
CN107395598B (en) | Self-adaptive defense method for inhibiting virus propagation | |
Choi et al. | Metamorphic malicious code behavior detection using probabilistic inference methods | |
CN106599691A (en) | Computer virus spreading source tracing method based on complex network | |
Pan et al. | Edge-based modeling of computer virus contagion on a tripartite graph | |
Muthumanickam et al. | Optimization of rootkit revealing system resources–A game theoretic approach | |
Ren et al. | Stability and bifurcation of a computer virus propagation model with delay and incomplete antivirus ability | |
Ren et al. | Dynamics of a Delay‐Varying Computer Virus Propagation Model | |
Altaher et al. | Application of adaptive neuro-fuzzy inference system for information secuirty | |
Mishra et al. | Two quarantine models on the attack of malicious objects in computer network | |
Liu et al. | A Markov detection tree-based centralized scheme to automatically identify malicious webpages on cloud platforms |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |