CN108667833B - Communication system malicious software propagation modeling and optimal control method based on coupling - Google Patents

Communication system malicious software propagation modeling and optimal control method based on coupling Download PDF

Info

Publication number
CN108667833B
CN108667833B CN201810404836.6A CN201810404836A CN108667833B CN 108667833 B CN108667833 B CN 108667833B CN 201810404836 A CN201810404836 A CN 201810404836A CN 108667833 B CN108667833 B CN 108667833B
Authority
CN
China
Prior art keywords
malware
malicious software
coupling
propagation
representing
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201810404836.6A
Other languages
Chinese (zh)
Other versions
CN108667833A (en
Inventor
苑超
马帅
冯希军
刘志永
徐晓寅
赵子齐
吕志勇
唐杰
刘晓帆
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
State Grid Corp of China SGCC
Wuhan University WHU
Laiwu Power Supply Co of State Grid Shandong Electric Power Co Ltd
Original Assignee
State Grid Corp of China SGCC
Wuhan University WHU
Laiwu Power Supply Co of State Grid Shandong Electric Power Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by State Grid Corp of China SGCC, Wuhan University WHU, Laiwu Power Supply Co of State Grid Shandong Electric Power Co Ltd filed Critical State Grid Corp of China SGCC
Priority to CN201810404836.6A priority Critical patent/CN108667833B/en
Publication of CN108667833A publication Critical patent/CN108667833A/en
Application granted granted Critical
Publication of CN108667833B publication Critical patent/CN108667833B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • H04L63/145Countermeasures against malicious traffic the attack involving the propagation of malware through the network, e.g. viruses, trojans or worms
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/56Computer malware detection or handling, e.g. anti-virus arrangements
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/14Network analysis or design
    • H04L41/142Network analysis or design using statistical or mathematical methods
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/14Network analysis or design
    • H04L41/145Network analysis or design involving simulating, designing, planning or modelling of a network

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • General Engineering & Computer Science (AREA)
  • Signal Processing (AREA)
  • Physics & Mathematics (AREA)
  • General Health & Medical Sciences (AREA)
  • General Physics & Mathematics (AREA)
  • Theoretical Computer Science (AREA)
  • Software Systems (AREA)
  • Health & Medical Sciences (AREA)
  • Virology (AREA)
  • Mathematical Physics (AREA)
  • Algebra (AREA)
  • Mathematical Analysis (AREA)
  • Computing Systems (AREA)
  • Mathematical Optimization (AREA)
  • Pure & Applied Mathematics (AREA)
  • Probability & Statistics with Applications (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)

Abstract

The invention discloses a coupling effect-based malware propagation modeling and optimal control method, which at least comprises the following steps: s1, considering the one-way coupling between two malicious software A and B which are simultaneously propagated in a computer network, respectively establishing respective propagation dynamics models of the malicious software A and the malicious software B by utilizing an SIS model; s2, constructing a target functional by taking the manual removal rate as a control variable, and taking respective propagation dynamics models of the malicious software A and B as constraint functions; s3 solves for optimal control variables within a given control set in conjunction with the target functional and constraint functions. Through simulation verification, the method can inhibit the spread of the malicious software and simultaneously can keep the control cost at a lower level.

Description

Communication system malicious software propagation modeling and optimal control method based on coupling
Technical Field
The invention relates to the field of communication and information system and network control system modeling, in particular to a coupling-based communication system malicious software propagation modeling and optimal control method.
Background
Malicious software (Malware) in a communication system is propagated through a network, which brings huge losses to human beings. In order to better understand the propagation mechanism of the malware, a suitable method is found to inhibit the propagation of the malware, in recent years, researchers build propagation models of the malware aiming at different propagation types and at different perspectives, and deeply analyze the propagation types and the propagation characteristics on the basis of the propagation models.
In research, one of the most representative methods is to study the spread of computer malware through an epidemic spread warehouse model. Epidemic compartment models have originated from the analysis of the transmission of a disease with transmission. Common chamber models are SI (separable-fed), SIS (separable-fed-separable), and SIR (separable-fed-removed). If an individual is in S-chamber, it is indicated to be in a healthy state. And I and R represent infection status and removal status, respectively. The warehouse model and the analysis method thereof are completely suitable for researching the spreading research of malicious software on a computer network. At present, a great deal of research at home and abroad is developed on the basis of the three classical warehouse models, and a reasonable mathematical model is established and analyzed by considering different factors influencing propagation.
Past research has mainly been directed to the analysis of the spread of certain malware. In fact, a plurality of kinds of malicious software spread widely on the internet at the same time, for example, while a macro virus breaks down in a computer, a trojan virus also already hides some illegal operations in the computer. It is clear that when there are multiple malware propagating simultaneously, it is a simpler way to separate the propagation of two malware, considering their propagation processes to be independent of each other. This assumption simplifies the analysis, but the results often do not reflect the reality of multiple malware spreading simultaneously.
In recent years, there have been some epidemic transmission problems for various contagious diseases, and research has been conducted mainly on transmission of two or more biological viruses. The results of these studies can obviously be generalized to the analysis of computer malware propagation, however, the current studies are only developed for a certain coupling relationship, which makes the model less general. Generally, the coupling relationship between various malware may be mutual promotion, mutual inhibition of propagation caused by mutual competition of resources, or possible inhibition from initial promotion to later promotion.
In combination with the concept, the invention provides a nonlinear function to describe all coupling effects in the propagation process of two kinds of malicious software, and provides a unified research framework for modeling and analyzing the propagation process of two kinds of malicious software and multiple kinds of malicious software.
Disclosure of Invention
The invention aims to provide a coupling-based communication system malware propagation modeling and optimal control method.
The invention provides a coupling effect-based malware propagation modeling and optimal control method, which at least comprises the following steps:
s1, considering the one-way coupling between two malicious software A and B which are simultaneously propagated in a computer network, respectively establishing respective propagation dynamics models of the malicious software A and the malicious software B by utilizing an SIS model; determining feasible domains of the malicious software A and B according to the condition that the number of the nodes which are not infected with the malicious software and the infection density caused by the malicious software meet the normalization condition;
s2 removing rate by manpower1(t) and2(t) as a control variable, with SA(t)、IA(t)、SB(t)、IB(t) as a state variable, constructing a target functional
Figure BDA0001646603180000021
And the respective propagation dynamics models of the malicious software A and B are used as constraint functions;
where T denotes the time T ∈ [0, T],[0,T]For a given time frame; sA(t) and SB(t) respectively representing the number of the individual nodes which are not infected with the malicious software A and B at the moment t; i isA(t) and IB(t) represents the infection density caused by the malware A and B at the time t respectively;1(t) and2(t) represents the manual removal rate of malware A and B at time t, respectively; c. C1And c2Weights representing revenue and consumption, respectively;
s3 solves for optimal control variables within a given control set in conjunction with the target functional and constraint functions.
Further, in step S1, the propagation dynamics model of the malware a is established as follows:
Figure BDA0001646603180000022
the established propagation dynamics model of the malicious software B is as follows:
Figure BDA0001646603180000023
wherein: t represents a time; sA(t) and SB(t) respectively representing the number of the individual nodes which are not infected with the malicious software A and B at the moment t; i isA(t) and IB(t) represents the infection density caused by the malware A and B at the time t respectively;<k>representing an average of the computer network; gamma ray1And gamma2Representing the natural recovery rate of the node;1(t) and2(t) indicates the manual removal rates of malware A and B at time t, β1(t) and β2(t) each representsTime varying infection rates of malware A and B, β1(t)∈(0,1],β2(t)∈(0,1];
The time-varying infection rate is defined as:
Figure BDA0001646603180000031
wherein:
Figure BDA0001646603180000032
and
Figure BDA0001646603180000033
respectively represent the infection rates of the malware a and B in the respective propagation processes without considering the mutual influence of the malware a and B,
Figure BDA0001646603180000034
and
Figure BDA0001646603180000035
is an empirical value;
α1(t) and α2(t) represents the coupling term(s),
Figure BDA0001646603180000036
α2(t)=1;
Figure BDA0001646603180000037
Figure BDA0001646603180000038
is a critical value describing the coupling between malware B and a, is an empirical value, and is determined through multiple experiments.
Further, in step S1, the feasible domains Ω of the malware a and B are:
Figure BDA0001646603180000039
wherein S isA(t) and SB(t) respectively representing the number of the individual nodes which are not infected with the malicious software A and B at the moment t; i isA(t) and IB(t) represents the infection density caused by the malware A and B at the time t respectively;
Figure BDA00016466031800000310
representing a 2-dimensional positive real number domain.
Further, in step S2, the constraint function is as follows:
Figure BDA00016466031800000311
wherein: t represents a time; sA(t) and SB(t) respectively representing the number of the individual nodes which are not infected with the malicious software A and B at the moment t; i isA(t) and IB(t) represents the infection density caused by the malware A and B at the time t respectively;<k>representing an average of the computer network; gamma ray1And gamma2Respectively representing the natural recovery rate of the nodes in the propagation dynamics models of the malicious software A and B;1(t) and2(t) represents the manual removal rate of malware A and B at time t, respectively;
Figure BDA0001646603180000041
and
Figure BDA0001646603180000042
respectively represent the infection rates of the malware a and B in the respective propagation processes without considering the mutual influence of the malware a and B,
Figure BDA0001646603180000043
and
Figure BDA0001646603180000044
is an empirical value;
Figure BDA0001646603180000045
Figure BDA0001646603180000046
is a critical value describing the coupling between malware B and a, is an empirical value, and is determined through multiple experiments.
Further, step S3 further includes:
310 construct the lagrangian function of the optimal control problem
Figure BDA0001646603180000047
320 constructs a function H according to the lagrangian function L:
Figure BDA0001646603180000048
330 analyzes the optimal control problem by Pontryagin maximum value principle to obtain the accompanying variable lambda1(t)、λ2(t)、λ3(t)、λ4(t) should satisfy:
Figure BDA0001646603180000049
340 in combination with a cross-sectional condition lambda1(T)=λ2(T)=λ3(T)=λ4(T) ═ 0, the optimum control variables were calculated as follows:
Figure BDA00016466031800000410
wherein:
IA(t) and IB(t) represents the infection density caused by the malware A and B at the time t respectively;1(t) and2(t) represents the manual removal rate of malware A and B at time t, respectively; c. C1And c2Weights representing revenue and consumption, respectively;<k represents the average of the computer network; gamma ray1And gamma2Representing the natural recovery rate of the node; sA(t) and SB(t) respectively representing the number of the individual nodes which are not infected with the malicious software A and B at the moment t; lambda [ alpha ]1(t)、λ2(t)、λ3(t)、λ4(t) represents an accompanying variable at time t;
Figure BDA0001646603180000051
and
Figure BDA0001646603180000052
respectively represent the infection rates of the malware a and B in the respective propagation processes without considering the mutual influence of the malware a and B,
Figure BDA0001646603180000053
and
Figure BDA0001646603180000054
is an empirical value;
Figure BDA0001646603180000055
Figure BDA0001646603180000056
is a critical value describing the coupling effect between the malicious software B and the malicious software A, is an empirical value, and is determined through a plurality of tests; t represents a specific time constant when the lagrange multiplier is 0;
Figure BDA0001646603180000057
represents the optimal state variable SA(t)、IA(t)、SB(t)、IB(t);
Figure BDA0001646603180000058
And
Figure BDA0001646603180000059
is [0,1 ]]Medium arbitrary constant, represents the upper bound of the controlled variable.
Compared with the prior art, the invention has the following advantages and beneficial effects:
(1) the research on the one-way coupling effect between two types of malicious software which are simultaneously propagated is carried out, and a unified framework is provided for the simultaneous propagation process of the two types of malicious software.
(2) Considering the one-way coupling between two malicious software A and B which are simultaneously transmitted in a computer network, a transmission dynamics model is constructed, and an optimal control problem based on the transmission dynamics model is provided; through simulation verification, the optimal control method can also obviously reduce the control cost on the premise of ensuring that the number of infected nodes is as small as possible.
(3) The method is suitable for rumor propagation, biological virus propagation and fault propagation on a power system, and has strong universality.
Drawings
FIG. 1 is a graph of infection density trends of infected malware A under different control strategies;
FIG. 2 is a graph of infection density trends of infected malware B under different control strategies;
FIG. 3 is an optimum control variable
Figure BDA00016466031800000510
And
Figure BDA00016466031800000511
and (5) corresponding infected node proportion change trend graphs.
Detailed Description
In order to more clearly illustrate the present invention and/or the technical solutions in the prior art, the following will describe embodiments of the present invention with reference to the accompanying drawings. It is obvious that the drawings in the following description are only some examples of the invention, and that for a person skilled in the art, other drawings and embodiments can be derived from them without inventive effort.
It should be understood that the specific embodiments described herein are merely illustrative of the invention and are not intended to limit the invention. In addition, the technical features involved in the embodiments of the present invention described below may be combined with each other as long as they do not conflict with each other.
The following description of the embodiments of the present invention will be made with reference to the accompanying drawings.
The invention relates to a communication system malicious software propagation modeling and optimal control method based on coupling, which comprises the following specific steps:
s1, considering the one-way coupling between two malicious software A and B which are simultaneously propagated in a computer network, respectively establishing respective propagation dynamics models of the malicious software A and the malicious software B by utilizing an SIS model; and determining feasible domains of the malicious software A and B according to the condition that the number of the nodes which are not infected by the malicious software and the infection density caused by the malicious software meet the normalization condition.
The following will provide a specific implementation of this step.
Considering that two malicious software A and B are spread simultaneously in a certain computer network, assuming that the average degree of the network is < k >, under the framework of an average field, a spreading dynamics model of the malicious software A and B is established as follows:
Figure BDA0001646603180000061
Figure BDA0001646603180000062
equation (1) is a propagation dynamics model of the malware a, and equation (2) is a propagation dynamics model of the malware B. In formulae (1) to (2):
t represents a time;
SA(t) represents the number of individual nodes which are not infected with the malicious software A at the time t;
SB(t) represents the number of individual nodes not infected with the malware B at the time t;
IA(t) and IB(t) represents the infection density caused by the malware A and B at the time t respectively; the infection density refers to the proportion of the number of the nodes infected with the malicious software in the computer network to the number of all the nodes;
γ1and gamma2Respectively representing the natural recovery rate of the nodes in the propagation dynamics models of the malicious software A and B;
1(t) and2(t) represents the manual removal rate of malware A and B at time t, respectively;
β1(t) and β2(t) represents the time-varying infection rates of malware A and B, respectively, wherein β1(t)∈(0,1],β2(t)∈(0,1]。
The time-varying infection rate was calculated as follows:
Figure BDA0001646603180000071
wherein the content of the first and second substances,
Figure BDA0001646603180000072
and
Figure BDA0001646603180000073
respectively represent the infection rates of the malware a and B in the respective propagation processes without considering the mutual influence of the malware a and B,
Figure BDA0001646603180000074
and
Figure BDA0001646603180000075
determined by a number of tests, α1(t) and α2And (t) is a coupling term used for describing the coupling action between the malicious software A and B and between the malicious software B and A respectively.
For ease of analysis, the present invention contemplates a one-way coupling between malware A and B, i.e., α2(t)=1。
Let α1(t) is defined as follows:
Figure BDA0001646603180000076
in the formula (3), the reaction mixture is,
Figure BDA0001646603180000077
Figure BDA0001646603180000078
is a critical value for the infection density describing the coupling between malware B and a, which is an empirical value and is determined through a number of experiments.
α as described above1(t) is defined based on the following considerations, when IBWhen t is 0, there is no coupling between malware B and A, so α1(t)=1。
On the other hand, consider β1(t)∈(0,1]Therefore α1(t) hasBoundary of China
Figure BDA0001646603180000079
When in use
Figure BDA00016466031800000710
α1(t) this upper bound will not be reached if IB(t) ≠ 0, and coupled terms can be written as
Figure BDA00016466031800000711
It is clear that the definition of the coupling term includes all unidirectional coupling between B and a.
Suppose SA(t)、IA(t)、SB(t)、IB(t) satisfies the normalization condition, i.e. SA(t)+IA(t)=SB(t)+IB(t) ═ 1, then the feasible domains Ω for malware a and B in the computer network are:
Figure BDA00016466031800000712
in the formula (4), the reaction mixture is,
Figure BDA00016466031800000713
representing a 2-dimensional positive real number domain.
Will be pointed out next to
Figure BDA0001646603180000081
The case (2) provides a concrete implementation procedure of steps S2 to S4, wherein the \ representation is not included.
S2 human removal rate of malicious software A and B1(t) and2and (t) as a control variable, constructing a target functional, and taking respective propagation dynamics models of the malicious software A and B as constraint functions.
Artificial removal rate in a model of propagation dynamics of malware1(t) and2(t) as the only control variable, the following set of artificial removal rates is given as the control set:
Figure BDA0001646603180000082
in the formula (5), t represents time; t > 0 is a given time constant, L2(0, T) represents the integral in two dimensions;
Figure BDA0001646603180000083
and
Figure BDA0001646603180000084
is a group of [0,1]Represents the upper bound of the control variable.
In order to minimize the number of infected nodes by control and minimize the consumption of the communication system, the following target functional J, constraint function and initial condition are considered, target functional formula (6), constraint function formula (7) and initial condition formula (8):
Figure BDA0001646603180000085
Figure BDA0001646603180000086
Figure BDA0001646603180000087
in formulae (6) to (8):
IA(t) and IB(t) respectively representing the infection densities caused by the malware a and B in the computer network at time t;
1(t) and2(t) is expressed as decrease IA(t) and IB(t) the cost of manual removal of malware a and B, such as the cost of removing malware a and B;
c1and c2Respectively representing the weights of income and consumption, and giving values to the system;
s (0) and I (0) represent initial states;
S0representing the number of nodes which are not infected with the malicious software at 0 moment;
I0representing the amount of infection density caused by the malware at time 0.
The constraint function (7) may be rewritten as:
Figure BDA0001646603180000091
in formula (9):
phi denotes by SA(t)、IA(t)、SB(t)、IB(t) the vector of the component(s),
Figure BDA0001646603180000092
b is a coefficient matrix, and B is a coefficient matrix,
Figure BDA0001646603180000093
Figure BDA0001646603180000094
therefore, there are:
Figure BDA0001646603180000095
wherein phi is1And phi2Representing two different sets of state vectors, the prime notation of "'" indicates φ1Corresponding parameters, denoted φ with a prime symbol2The corresponding parameters.
Then:
Figure BDA0001646603180000101
wherein
Figure BDA0001646603180000102
It follows therefore that:
Figure BDA0001646603180000103
so the constant V ═ max { M, | | B | } < ∞, | | | | | | | represents the matrix norm.
The function D (phi) satisfies the Ripritz continuous condition, from the definition of the control variables and to the state variable SA(t)、IA(t)、SB(t)、IB(t) it can be concluded that a solution to the constraint function exists.
The ultimate goal of the target functional is to obtain the optimal control variables
Figure BDA0001646603180000104
Make it satisfy
Figure BDA0001646603180000105
S3 according to the existence of optimal control variable
Figure BDA0001646603180000106
And (3) enabling the target functional to be established, and obtaining the optimal control condition by combining a given control set according to the optimal control system, the corresponding constraint function and the optimal state solution under the initial condition if the accompanying variable meets the condition.
Lagrangian function L giving the optimal control problem:
Figure BDA0001646603180000107
in the formula (14), IA(t) and IB(t) represents the infection density of the computer network due to malware a and B, respectively;1(t) and2(t) for reducing IA(t) and IB(t) cost paid; c. C1And c2Weights representing revenue and consumption, respectively, are given to the system.
Define the Hamiltonian (Hamiltonian) function H:
Figure BDA0001646603180000111
in formula (15), λ1(t)、λ2(t)、λ3(t)、λ4(t) represents an accompanying variable at time t.
There is an optimum control variable
Figure BDA0001646603180000112
Equation (13) is satisfied, and the constraint function (see equation (7)) and the initial condition (see equation (8)) are satisfied.
The Pontryagin maximum value principle is adopted to analyze the optimal control problem, and the Pontryagin maximum value principle provides the optimal control variable system
Figure BDA0001646603180000113
And constraint function, optimal state variable of initial condition
Figure BDA0001646603180000114
Then, there is an accompanying variable λ1(t)、λ2(t)、λ3(t)、λ4(t) should satisfy:
Figure BDA0001646603180000115
the cross-section conditions are as follows:
Figure BDA0001646603180000116
in equation (17), T represents a specific time constant when the lagrangian multiplier is 0.
Further, there are:
Figure BDA0001646603180000117
in the formula (18), the reaction mixture,
Figure BDA0001646603180000121
and
Figure BDA0001646603180000122
is [0,1 ]]Any one of the number of the constants is,representing the upper bound of the controlled variable.
S4 was verified using MATLAB for numerical simulation.
And selecting appropriate parameters to establish a malware propagation model based on coupling by using an MATLAB platform, and comparing the variation trends of infected nodes under different conditions to verify the superiority of the optimal control method.
In the numerical simulation, the optimal control variable system can carry out numerical solution by using an Euler method. Consider a random computer network with a number of nodes N of 1000, the average of the network<k>Given an initial condition of I ═ 6A(0)=0.05,IB(0) 0.05; through a plurality of tests, other parameters are selected:
Figure BDA0001646603180000123
γ1=0.01,γ2=0.02,c1=2,c2=1,
Figure BDA0001646603180000124
Figure BDA0001646603180000125
and selecting the time T of the optimal control as 300.
Fig. 1 and 2 show the trend of the malware a and B infecting nodes without control, constant control, feedback control, and optimal control (i.e., the method of the present invention), respectively. For the case of no control, there is inevitably an outbreak of endemic disease, i.e. malware spreading throughout the network, under the above-mentioned set parameters. And the other three control strategies can effectively control the propagation of related objects, and the number of nodes infected with the malicious software can be reduced to 0 by both constant control and optimal control.
In order to better illustrate the superiority of the method of the present invention, the total cost of the four control strategies at different terminal time points is calculated respectively, and the relevant data are shown in table 1. It can be seen from the table that the total cost of using the optimal control strategy is lowest. Both optimal and constant control can reduce the number of infected nodes to 0 at set parameters, but it is clear that the total cost is
Figure BDA0001646603180000126
TABLE 1 Total cost Table of four control strategies at different terminal times
Figure BDA0001646603180000127
The optimal control strategy achieves the aim of controlling the spread of the malicious software by controlling the number of infected nodes, when the spread is controlled to a certain extent, the number of the nodes needing to be controlled is gradually reduced, and the optimal control variable is
Figure BDA0001646603180000128
And
Figure BDA0001646603180000129
is shown in fig. 3.
The present embodiment is mainly demonstrated for the one-way coupling effect between two kinds of malware, and the proposed propagation model for the propagation process of two objects is also applicable to propagation of rumors, propagation of biological viruses, and fault propagation on power systems.
The specific embodiments described herein are merely illustrative of the patent spirit of the invention. Various modifications or additions may be made or substituted in a similar manner to the specific embodiments described herein by those skilled in the art without departing from the spirit of the invention or exceeding the scope thereof as defined in the appended claims.

Claims (5)

1. The malware propagation modeling and optimal control method based on the coupling effect is characterized by at least comprising the following steps:
s1, considering the one-way coupling between two malicious software A and B which are simultaneously propagated in a computer network, respectively establishing respective propagation dynamic models of A and B by utilizing an SIS model; determining feasible domains of A and B according to the fact that the number of the nodes which are not infected with a piece of malicious software and the infection density caused by the piece of malicious software meet normalization conditions;
s2 removing rate by manpower1(t) and2(t) as a control variable, with SA(t)、IA(t)、SB(t)、IB(t) as a state variable, constructing a target functional
Figure FDA0002563832940000011
And the respective propagation dynamics models of the malicious software A and B are used as constraint functions;
where T denotes the time T ∈ [0, T],[0,T]For a given time frame; sA(t) and SB(t) respectively representing the number of the individual nodes which are not infected with the malicious software A and B at the moment t; i isA(t) and IB(t) represents the infection density caused by the malware A and B at the time t respectively;1(t) and2(t) represents the manual removal rate of malware A and B at time t, respectively; c. C1And c2Weights representing revenue and consumption, respectively;
s3, solving an optimal control variable in a given control set by combining a target functional and a constraint function;
rate of manual removal1(t) and2(t) As a unique control variable, the following set of artificial removal rates is given as the control setAB
Figure FDA0002563832940000012
Wherein t represents time; t > 0 is a given time constant, L2(0, T) represents the integral in two dimensions;
Figure FDA0002563832940000013
and
Figure FDA0002563832940000014
is a group of [0,1]Represents the upper bound of the control variable.
2. The coupling-based malware propagation modeling and optimal control method of claim 1, wherein:
in step S1, the established propagation dynamics model of the malware a is:
Figure FDA0002563832940000015
the established propagation dynamics model of the malicious software B is as follows:
Figure FDA0002563832940000021
wherein:<k>representing an average of the computer network; gamma ray1And gamma2Representing the natural recovery rate of the node β1(t) and β2(t) represents the time-varying infection rates of malware A and B, respectively, β1(t)∈(0,1],β2(t)∈(0,1];
The time-varying infection rate is defined as:
Figure FDA0002563832940000022
wherein:
Figure FDA0002563832940000023
and
Figure FDA0002563832940000024
respectively represent the infection rates of the malware a and B in the respective propagation processes without considering the mutual influence of the malware a and B,
Figure FDA0002563832940000025
and
Figure FDA0002563832940000026
is an empirical value;
α1(t) and α2(t) represents the coupling term(s),
Figure FDA0002563832940000027
α2(t)=1;
Figure FDA0002563832940000028
Figure FDA0002563832940000029
is a critical value describing the coupling between malware B and a, is an empirical value, and is determined through multiple experiments.
3. The coupling-based malware propagation modeling and optimal control method of claim 1, wherein:
in step S1, the feasible domains Ω of the malware a and B are:
Figure FDA00025638329400000210
wherein the content of the first and second substances,
Figure FDA00025638329400000211
representing a 2-dimensional positive real number domain.
4. The coupling-based malware propagation modeling and optimal control method of claim 1, wherein:
in step S2, the constraint function is as follows:
Figure FDA0002563832940000031
wherein:<k>representing an average of the computer network; gamma ray1And gamma2Respectively representing the natural recovery rate of the nodes in the propagation dynamics models of the malicious software A and B;
Figure FDA0002563832940000032
and
Figure FDA0002563832940000033
respectively represent the infection rates of the malware a and B in the respective propagation processes without considering the mutual influence of the malware a and B,
Figure FDA0002563832940000034
and
Figure FDA0002563832940000035
is an empirical value;
Figure FDA0002563832940000036
Figure FDA0002563832940000037
is a critical value describing the coupling between malware B and a, is an empirical value, and is determined through multiple experiments.
5. The coupling-based malware propagation modeling and optimal control method of claim 1, wherein:
step S3 further includes:
310 construct the lagrangian function of the optimal control problem
Figure FDA0002563832940000038
320 constructs a function H according to the lagrangian function L:
Figure FDA0002563832940000039
330 analyzes the optimal control problem by Pontryagin maximum value principle to obtain the accompanying variable lambda1(t)、λ2(t)、λ3(t)、λ4(t) should satisfy:
Figure FDA00025638329400000310
340 in combination with a cross-sectional condition lambda1(T)=λ2(T)=λ3(T)=λ4(T) ═ 0, the optimum control variables were calculated as follows:
Figure FDA0002563832940000041
wherein:
c1and c2Weights representing revenue and consumption, respectively;<k>representing an average of the computer network; gamma ray1And gamma2Representing the natural recovery rate of the node; lambda [ alpha ]1(t)、λ2(t)、λ3(t)、λ4(t) represents an accompanying variable at time t;
Figure FDA0002563832940000042
and
Figure FDA0002563832940000043
respectively represent the infection rates of the malware a and B in the respective propagation processes without considering the mutual influence of the malware a and B,
Figure FDA0002563832940000044
and
Figure FDA0002563832940000045
is an empirical value;
Figure FDA0002563832940000046
Figure FDA0002563832940000047
is a critical value describing the coupling effect between the malicious software B and the malicious software A, is an empirical value, and is determined through a plurality of tests; t represents a specific time constant when the lagrange multiplier is 0;
Figure FDA0002563832940000048
Figure FDA0002563832940000049
represents the optimal state variable SA(t)、IA(t)、SB(t)、IB(t);
Figure FDA00025638329400000410
And
Figure FDA00025638329400000411
is [0,1 ]]Medium arbitrary constant, represents the upper bound of the controlled variable.
CN201810404836.6A 2018-04-28 2018-04-28 Communication system malicious software propagation modeling and optimal control method based on coupling Active CN108667833B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201810404836.6A CN108667833B (en) 2018-04-28 2018-04-28 Communication system malicious software propagation modeling and optimal control method based on coupling

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201810404836.6A CN108667833B (en) 2018-04-28 2018-04-28 Communication system malicious software propagation modeling and optimal control method based on coupling

Publications (2)

Publication Number Publication Date
CN108667833A CN108667833A (en) 2018-10-16
CN108667833B true CN108667833B (en) 2020-09-08

Family

ID=63781606

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201810404836.6A Active CN108667833B (en) 2018-04-28 2018-04-28 Communication system malicious software propagation modeling and optimal control method based on coupling

Country Status (1)

Country Link
CN (1) CN108667833B (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114760208B (en) * 2022-03-25 2024-01-30 广州大学 Wireless sensor network control method based on time division

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2004078780A (en) * 2002-08-21 2004-03-11 Nippon Telegr & Teleph Corp <Ntt> Method, device, and program for prediction, and recording medium recording the prediction program
CN106126970A (en) * 2016-06-20 2016-11-16 西安建筑科技大学 There is the severtal populations competition multiple target website bit combination optimization method of protection zone
CN107844626A (en) * 2017-09-21 2018-03-27 南京邮电大学 A kind of viral transmission control method with multicast rate

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2004078780A (en) * 2002-08-21 2004-03-11 Nippon Telegr & Teleph Corp <Ntt> Method, device, and program for prediction, and recording medium recording the prediction program
CN106126970A (en) * 2016-06-20 2016-11-16 西安建筑科技大学 There is the severtal populations competition multiple target website bit combination optimization method of protection zone
CN107844626A (en) * 2017-09-21 2018-03-27 南京邮电大学 A kind of viral transmission control method with multicast rate

Non-Patent Citations (3)

* Cited by examiner, † Cited by third party
Title
"Modeling and analysis of the propagation dynamics of modern email malware";Wen S,Zhou W,Ghang J,et al.;《IEEE Transactions on Dependable & Secure Computing》;20141231;第11卷(第4期);361-374页 *
"基于一维元胞自动机的复杂网络恶意软件传播研究";宋玉蓉,蒋国平;《物理学报》;20090915;第58卷(第9期);5911-5918页 *
"基于耦合作用的通信系统恶意软件传播建模与最优控制";冯希军,苑超,徐晓寅,孔政敏;《武汉大学学报(工学版)》;20190831;第52卷(第8期);741-746页 *

Also Published As

Publication number Publication date
CN108667833A (en) 2018-10-16

Similar Documents

Publication Publication Date Title
Shi et al. An SIS model with infective medium on complex networks
Paré et al. Modeling, estimation, and analysis of epidemics over networks: An overview
Hosseini et al. A model for malware propagation in scale-free networks based on rumor spreading process
Wang et al. Differential evolution based on covariance matrix learning and bimodal distribution parameter setting
Ren et al. A novel computer virus model and its dynamics
Li et al. Analysis of epidemic spreading of an SIRS model in complex heterogeneous networks
Cheng et al. Dynamical behaviors and control measures of rumor-spreading model in consideration of the infected media and time delay
CN107566387B (en) Network defense action decision method based on attack and defense evolution game analysis
Zhang et al. Optimal control strategy for a novel computer virus propagation model on scale-free networks
Zhu et al. The dynamics analysis of a rumor propagation model in online social networks
Hosseini et al. Malware propagation modeling considering software diversity and immunization
Rahman et al. A predator-prey model with disease in prey
CN106599691B (en) A kind of Computer Virus Spread based on complex network seeks source method
Shams Using network properties to evaluate targeted immunization algorithms
Xiao et al. Dynamical behavior for a stage-structured SIR infectious disease model
CN107844626B (en) Virus propagation control method with multiple propagation rates
CN115935442A (en) Block chain performance optimization method based on multi-agent deep reinforcement learning
Wu et al. Epidemic waves of a spatial SIR model in combination with random dispersal and non-local dispersal
Liu et al. An evolutionary game based particle swarm optimization algorithm
CN108667833B (en) Communication system malicious software propagation modeling and optimal control method based on coupling
Zhou et al. Complex dynamics and control strategies of SEIR heterogeneous network model with saturated treatment
Eroğlu et al. Comparative analysis on fractional optimal control of an SLBS model
Mehta et al. Mutation, sexual reproduction and survival in dynamic environments
Tsimring et al. Modeling of contact tracing in social networks
Piqueira et al. Malware propagation in clustered computer networks

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant