CN111262829A - Virus of industrial control network and propagation model system thereof - Google Patents

Virus of industrial control network and propagation model system thereof Download PDF

Info

Publication number
CN111262829A
CN111262829A CN201911416757.8A CN201911416757A CN111262829A CN 111262829 A CN111262829 A CN 111262829A CN 201911416757 A CN201911416757 A CN 201911416757A CN 111262829 A CN111262829 A CN 111262829A
Authority
CN
China
Prior art keywords
virus
layer
module
network
industrial
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201911416757.8A
Other languages
Chinese (zh)
Inventor
不公告发明人
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Nanjing Liancheng Technology Development Co ltd
Original Assignee
Nanjing Liancheng Technology Development Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Nanjing Liancheng Technology Development Co ltd filed Critical Nanjing Liancheng Technology Development Co ltd
Priority to CN201911416757.8A priority Critical patent/CN111262829A/en
Publication of CN111262829A publication Critical patent/CN111262829A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • H04L63/1416Event detection, e.g. attack signature detection
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1433Vulnerability analysis
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • H04L63/145Countermeasures against malicious traffic the attack involving the propagation of malware through the network, e.g. viruses, trojans or worms
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/20Network architectures or network communication protocols for network security for managing network security; network security policies in general

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Health & Medical Sciences (AREA)
  • General Health & Medical Sciences (AREA)
  • Virology (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The invention discloses a virus of an industrial control network and a propagation model system thereof, which is characterized in that the system comprises a demand layer, a model layer, a stability analysis layer and a result layer; the demand layer comprises an information security module, a PLC and SCADA module, a key industrial network module and a dynamic module for virus propagation; the model layer comprises a graphic representation module and a mathematical representation module; the stability analysis layer is responsible for stability analysis of the virus and a propagation model thereof in a national key infrastructure industrial network; the result layer is responsible for numerical solution of a differential equation set; the mathematical representation module describes Stuxnet virus and a propagation model thereof in a national key infrastructure industrial network. The invention can deal with the security threat to the national key infrastructure industrial network caused by using the USB to transmit the virus.

Description

Virus of industrial control network and propagation model system thereof
Technical Field
The invention relates to the technical field of industrial control computers, network security, computer viruses, network management and automatic control, in particular to a virus of an industrial control network and a propagation model system thereof.
Background
The key industrial network is used for the safety management and operation and maintenance of national key infrastructure, and whether the national key infrastructure industry is safe or not relates to the big affairs of the national civilization. However, today's national key infrastructure industry network security still relies on earlier designed proprietary communication protocols and isolation from the Internet.
Disclosure of Invention
In order to solve the above technical problems, the present invention provides a virus of an industrial control network and a propagation model system thereof, which is designed specifically for an industrial control network, such as APT virus named Stuxnet, and propagates the virus of Stuxnet and the like to a computer or an industrial control computer connected to a key infrastructure industrial network (composed of industrial controllers) isolated from the Internet through a removable storage medium USB, thereby causing a security threat to the national key infrastructure industrial network.
The system is characterized by comprising a demand layer, a model layer, a stability analysis layer and a result layer;
the demand layer comprises an information security module, a PLC and SCADA module, a key industrial network module and a dynamic module for virus propagation;
the model layer comprises a graphic representation module and a mathematical representation module;
the stability analysis layer is responsible for stability analysis of the virus and a propagation model thereof in a national key infrastructure industrial network;
the result layer is responsible for numerical solution of a differential equation set;
further, the mathematical representation module describes a model of Stuxnet virus and its propagation in the national key infrastructure industrial network, and comprises the following differential equation system:
Figure 925189DEST_PATH_IMAGE001
=
Figure 935870DEST_PATH_IMAGE002
S(t);
Figure 808886DEST_PATH_IMAGE003
=
Figure 436177DEST_PATH_IMAGE004
Figure 554305DEST_PATH_IMAGE005
=
Figure 216231DEST_PATH_IMAGE006
Figure 355088DEST_PATH_IMAGE007
=
Figure 79462DEST_PATH_IMAGE008
Figure 125915DEST_PATH_IMAGE009
=
Figure 111189DEST_PATH_IMAGE010
the relevant initial conditions are as follows:
S(0) =
Figure 827472DEST_PATH_IMAGE011
,I(0) =
Figure 163775DEST_PATH_IMAGE012
,P(0) =
Figure 122242DEST_PATH_IMAGE013
,S(0) =
Figure 493180DEST_PATH_IMAGE011
Figure 973840DEST_PATH_IMAGE014
(0)=
Figure 938385DEST_PATH_IMAGE015
Figure 61062DEST_PATH_IMAGE016
(0)=
Figure 427452DEST_PATH_IMAGE017
Figure 79013DEST_PATH_IMAGE018
=
Figure 389909DEST_PATH_IMAGE019
Figure 191643DEST_PATH_IMAGE020
=
Figure 537174DEST_PATH_IMAGE021
further, said system of differential equations is
Figure 359636DEST_PATH_IMAGE003
Figure 531729DEST_PATH_IMAGE005
And
Figure 261788DEST_PATH_IMAGE009
the simplification is as follows:
Figure 337191DEST_PATH_IMAGE003
=
Figure 330555DEST_PATH_IMAGE022
I;
Figure 616043DEST_PATH_IMAGE005
=
Figure 25159DEST_PATH_IMAGE023
Figure 79702DEST_PATH_IMAGE009
=
Figure 243967DEST_PATH_IMAGE024
the invention has the technical effects that:
the invention provides a virus of an industrial control network and a propagation model system thereof, which is characterized by comprising a demand layer, a model layer, a stability analysis layer and a result layer; the demand layer comprises an information security module, a PLC and SCADA module, a key industrial network module and a dynamic module for virus propagation; the model layer comprises a graphic representation module and a mathematical representation module; the stability analysis layer is responsible for stability analysis of the virus and a propagation model thereof in a national key infrastructure industrial network; the result layer is responsible for numerical solution of a differential equation set; the mathematical representation module describes Stuxnet virus and a propagation model thereof in a national key infrastructure industrial network. The invention can deal with the security threat to the national key infrastructure industrial network caused by using the USB to transmit the virus.
Drawings
FIG. 1 is a schematic diagram of an architecture of a virus and its propagation model system of an industrial control network;
FIG. 2 is a Stuxnet transmission diagram of a virus and its transmission model system for an industrial control network;
FIG. 3 is a schematic diagram of the Stuxnet components of a virus and its propagation model system for an industrial control network;
FIG. 4 is a schematic diagram of a method for Stuxnet attack targeting of viruses and their transmission model system for an industrial control network;
FIG. 5 is a schematic diagram of a mathematical representation of a system of viruses and their propagation models for an industrial control network and their locations in the system;
FIG. 6 is a diagrammatic representation of a virus and its propagation model system for an industrial control network.
Detailed Description
The invention is described in further detail below with reference to the figures and examples:
FIG. 1 is a schematic diagram of an architecture of a virus and its propagation model system of an industrial control network, the virus model system of the industrial control network is characterized in that the system comprises a demand layer, a model layer, a stability analysis layer and a result layer;
the demand layer comprises an information security module, a PLC and SCADA module, a key industrial network module and a dynamic module for virus propagation;
the model layer comprises a graphic representation module and a mathematical representation module;
the stability analysis layer is responsible for stability analysis of the virus and a propagation model thereof in a national key infrastructure industrial network;
the result layer is responsible for numerical solution of a differential equation set;
further, the requirement layer, that is, the requirements of the virus and its propagation model in the national key infrastructure industrial network, relates to multiple aspects of information security, PLC and SCADA, key industrial network and virus propagation:
in recent years, cyber threat behaviors in the form of viruses, malware, trojan horses, stealing information or blacking out customer accounts, etc. have increasingly occurred in a variety of complex and technological ways. Countries and people are accumulating network resources and protecting the security of industrial networks by issuing new policies and developing new products in an optimal way. Due to the automation of industrial and economic processes, the world economy and security depend on the secure connection of the Internet (Internet) and intranets (Intranet). The frequent occurrence of international conflicts poses a serious threat to the system security, financial market, critical information and critical assets of competitors. Networks have now been the target of well-designed network attacks, particularly with regard to events that disrupt internal system security and spyware critical information, often through internal system vulnerabilities, and exploitation of "zero-day" vulnerabilities of software or hardware. A "zero day" vulnerability is a vulnerability that any software or hardware may exploit in the real world before disclosing and providing any patches. Due to the fact that the industry is 4.0, the industrial automation level is improved, various devices are required to have automation functions, the use of software is greatly increased, and therefore the requirement for the reliability of software codes is improved. Poor software programming methods and weak software testing methods fail to detect bugs in the code, which may compromise the entire system and easily become a prey of hackers. The price estimate for a valuable "zero day" vulnerability development may exceed $ 100,000. It is very common to find new BUGs in known software, for example, during 2009-2012, over 400 BUGs were found in the Firefox browser and about 800 BUGs were found in the Chrome browser. The rapidly growing 'zero-day' development market requires deep and detailed system design and understanding of the malicious code propagation mechanism;
in the early 90 s of the 20 th century, the process control mechanisms designed for managing national key infrastructure systems such as power grids, power plants, ferrous metallurgy, petroleum machinery, radar, water monitoring and the like mostly adopt special hardware and protocols, which make the whole process simple, but also make the system vulnerable to hackers. In 2007, 3 months, the national laboratory of Edahoe in America carries out an aurora vulnerability test, and an attacker can remotely control a high-voltage circuit breaker and destroy a generator by rapidly opening and closing the circuit breaker. On 25.1 month in 2003, 12:30 am, eastern standard time in the united states, malicious program Slammer started to exploit the vulnerability of Microsoft SQL server, which in as little as 10 minutes infected approximately 7500 servers worldwide, resulting in a half day interruption of the internet in korea. The operators of industrial process control operations consider their systems to be less vulnerable to virus attacks, firstly because their industrial process control systems are isolated from the Internet, and secondly because proprietary communication protocols are used. However, telecommunications carriers are beginning to replace outdated old hardware with new hardware to implement open protocols, in the process, few control systems are not connected to the Internet, which makes the scene vulnerable to hackers;
removable storage media, such as USB (Universal Serial Bus), play an important role in bridging the gap between isolated national critical infrastructure networks and commercial networks. The ease of use and connectivity enhance the role of removable storage media in transferring data and viruses to computers connected to critical infrastructure networks (comprised of industrial controllers) that are isolated from the Internet. Stuxnet is a 500 kbyte worm virus, the most complex virus written mainly for industrial control systems, which can be spread using multiple dimensions, but is most notoriously USB devices in this respect. The internal design of Stuxnet has the characteristics of strong concealment and high complexity;
the behavior of these malicious codes is performed by epidemiological models of virus transmission. Implementing control policies for these complex malicious code is very difficult due to aspects such as obtaining the location of a legitimate system process, obtaining administrative privileges, the ability to inject infectious code in a system dynamic link library, and eliminating tracking;
stuxnet virus possesses all the attributes of complex computer viruses and can attack victims with "zero-day" vulnerabilities. Advances in Internet (Internet) technology have posed a significant threat and challenge to the security of the national critical infrastructure that exists with these vulnerabilities. Therefore, it is hopeful to analyze the dynamic behavior of these malicious codes in detail and to develop effective control strategies to overcome their corruption. Mathematical modeling of malicious code provides a platform for deep understanding of problems and provides a flexible, stable, robust approach to control strategies. In this regard, mathematicians, biologists and computer scientists have introduced the concept of models for analyzing the behavior of different malicious epidemic viruses critically, these analysis methods including malware propagation models in mobile computer devices, random behavior analysis models, theoretical evaluation methods of virus models, discontinuous anti-virus strategies in computer virus models, network topology models, etc.;
designing a mathematical model to analyze the behavior of Stuxnet-type viruses; the Stuxnet-type virus is a very elaborate code that captures the name of the first digital weapon in news and the sound name is a magpie in an industrial web attack on the national key infrastructure. The application focuses on designing a mathematical model describing the propagation and attack of Stuxnet in an industrial network environment and its impact on the national key infrastructure managed by the industrial personal computer. Stuxnet is an apt (advance presistantthread) type network attack that uses unusual methods to attack resources in order to access critical information without discovery, and has special control and elimination arrangements. Typical APT-type attacks establish different connection points to attack the victim and ensure that when the network attack fails at any point, the evidence of the occurrence of APT is removed without removing the reentry path, the attacker can continue and control of the target system can be easily regained. The virus model described herein takes into account several attack vectors, such as infection propagation due to infected hosts and infected removable storage media, which are further infected by other infection vectors, such as email, network, file, application bugs, infected media, supply chain paralysis, or human intelligence and spoofing. Therefore, the resource mitigation strategy of APT organization is a challenging area of network security. There have been few studies observing the effect of removable media USB on worm propagation, but in these existing studies, in addition to the simplified models and the behaviour of the models theoretically verified without using real data, these models have not been linked to the standard industrial computer scenario.
Stuxnet is a complex computer virus, mainly aiming at industrial control network system, using four 'zero-day' bugs to attack, and able to hide itself and not attacked by anti-virus program. In one embodiment, as shown in FIG. 2, Stuxnet uses two stolen digital certificates to show that it is a legitimate program, thus giving in-depth insight into systems such as the target Siemens monitoring And Data Acquisition (Supervisory Control And Data Acquisition SCADA). Stuxnet was discovered in 6 months 2010 and was used to attack the iran nuclear enrichment plant enterprise of natnz. The irantatz facility includes centrifuges in a cascade fashion, where the output of one centrifuge is piped through the input of a second centrifuge, and so on Stuxnet has several malicious modules built into it, making it a complex network weapon. The virus utilizes four 'zero-day' vulnerability functions to change a system library, attacks a SCADA (supervisory control and data acquisition) system of Siemens Germany, installs a signature driver, hides the existence of the signature driver, clears a log, runs a Remote Procedure Call (RPC) (remote procedure call) server, communicates with a control center of the RPC server and updates a version.
Components of the virus as shown in fig. 3, in one embodiment, Stuxnet virus is spread across the national critical infrastructure industrial network through an infected USB connected to the system, further attacking the network by exploiting different vulnerabilities after infecting the first computer. The ultimate goal of the virus is a machine connected to the centrifuge, which is managed by a Programmable Logic Controller (PLC) of a special purpose computer. Typically, these computers are not connected to the Internet and typically operate in a standalone industrial environment. Thus, Stuxnet uses other transmission methods over USB to reach the target computer.
USB-caused vulnerabilities are common, for example, in 2009 26% of our country's infections were caused by USB malware that utilizes windows auto-run functionality. Different Stuxnet versions use different vulnerability attacks, and the latest version uses Windows LNK vulnerability; inf file vulnerability using autorun, Stuxnet searches for target Siemens WinCC (an interface for controlling SCADA system) by connecting to SQL database using hard-coded password, and uploads infected version as shown in fig. 4; then, Stuxnet propagates in the network through network sharing, windows spooler MS 10-061 "zero day" vulnerabilities, server message block SMB for file sharing, MS 08-067 "zero day" vulnerabilities, and the like. Stuxnet infects programs in the SCADA project of Simatic, Siemens, which was turned on in infected computers. Stuxnet updates the old version on the local network using a built-in peer-to-peer network (peer to peer P2P). Each replica starts the remote procedure call service RPC and listens for connections, and all connected nodes update themselves. Stuxnet also attempts to contact the command and control server by sending data in encrypted form. Stuxnet is not really harmful to the average user, but is a targeted agent, the Siemens PLC. Viruses hide themselves from the operator by installing rootkits on infected computers and programmable logic controllers. The Stuxnet attack destroys 1000 of 5000 centrifuges in the irantaz plant. Similar cyber attacks have changed greatly over the years in criminal and terrorist entities and countries as weapons, and they can be used not only to collect information, but also to destroy national critical infrastructure;
further, the mathematical representation module, as shown in fig. 5, gives the necessary description of the mathematical model of the industrial network virus. Dividing the total node N (t) into susceptible nodes, infected nodes and damaged nodes, which are respectively represented by S (t), I (t) and P (t). The medium susceptible to USB infection and the medium infected by USB are respectively used
Figure 995847DEST_PATH_IMAGE025
And
Figure 474233DEST_PATH_IMAGE026
denotes, N = S + I + P and U =
Figure 757184DEST_PATH_IMAGE014
+
Figure 889088DEST_PATH_IMAGE016
. In this configuration, all non-infected computers (networked or standalone) fall within the scope of the perceptible computer. An infected computer is a computer that is infected due to network sharing or by connecting a removable storage device (i.e., USB). Corrupted computers are those that are temporarily unable to perform the desired function and are therefore removed from the installation program. The removable storage media that are susceptible to infection are those that are virus-free but may become infected objects if connected to an infected node. Because of the weak firmware security and plug-and-play functionality of USB devices, infected removable storage media are a major source of spread of infection in networks. Is provided with
Figure 758955DEST_PATH_IMAGE027
In order for the new computer to arrive,
Figure 634507DEST_PATH_IMAGE028
is movableThe arrival of the storage device(s) is,
Figure 866906DEST_PATH_IMAGE029
in order to control the rate of damage caused by viral infection to a computer connected to a programmable logic controller,
Figure 45077DEST_PATH_IMAGE030
and
Figure DEST_PATH_IMAGE031
respectively, the infection transfer rates from the infected computer to the computer susceptible to infection on the network, and from the infected removable device to the computer susceptible to infection, the natural removal (death/aging) rates of the computer and removable device from the network, respectively
Figure 933399DEST_PATH_IMAGE032
And
Figure 815904DEST_PATH_IMAGE033
and (4) showing. In the Internet protocol version 4 (IPv 4) scheme, the probability of finding a vulnerable computer on the network is S ≦
Figure 699547DEST_PATH_IMAGE034
(total number of computers in IPv4 is
Figure 547155DEST_PATH_IMAGE034
). Removable storage devices are a major source of virus spread in the niche national key infrastructure industrial network, they can close the niche, providing predators with a prey-targeted environment;
the present application models computer viruses and their transmission, particularly Stuxnet viruses in national critical infrastructure industrial networks through removable storage media and infected computers.
Further, the graphical representation module, as shown in fig. 6, gives a flow chart of Stuxnet virus and its data in the national key infrastructure industrial network propagation model;
further, the mathematical representation module describes a model of Stuxnet virus and its propagation in the national key infrastructure industrial network, and comprises the following differential equation system:
Figure 516248DEST_PATH_IMAGE001
=
Figure 608968DEST_PATH_IMAGE002
S(t),
Figure 347117DEST_PATH_IMAGE003
=
Figure 867092DEST_PATH_IMAGE004
Figure 792322DEST_PATH_IMAGE005
=
Figure 954313DEST_PATH_IMAGE006
Figure 812548DEST_PATH_IMAGE007
=
Figure 736379DEST_PATH_IMAGE008
Figure 148906DEST_PATH_IMAGE009
=
Figure 708063DEST_PATH_IMAGE035
(1)
the relevant initial conditions are as follows:
S(0) =
Figure 296171DEST_PATH_IMAGE011
,I(0) =
Figure 282581DEST_PATH_IMAGE012
,P(0) =
Figure 323350DEST_PATH_IMAGE013
,S(0) =
Figure 420619DEST_PATH_IMAGE011
Figure 128812DEST_PATH_IMAGE014
(0)=
Figure 286123DEST_PATH_IMAGE015
Figure 312723DEST_PATH_IMAGE016
(0)=
Figure 213683DEST_PATH_IMAGE017
Figure 776382DEST_PATH_IMAGE018
=
Figure 104596DEST_PATH_IMAGE019
Figure 119956DEST_PATH_IMAGE020
=
Figure 27869DEST_PATH_IMAGE021
(2)
wherein the arrival rate of the new node is used
Figure 569709DEST_PATH_IMAGE027
Indicating mortality rate by
Figure 944190DEST_PATH_IMAGE032
Is shown by
Figure 571480DEST_PATH_IMAGE028
Indicating the arrival rate of the new removable storage device,
Figure 188144DEST_PATH_IMAGE033
indicating its removal rate. Thus, the net rate of change of the total node is
Figure 584490DEST_PATH_IMAGE036
=
Figure DEST_PATH_IMAGE037
And
Figure 661031DEST_PATH_IMAGE038
=
Figure 650983DEST_PATH_IMAGE039
given that the latter may be positive, zero or negative. Solving equation set (2) yields:
N(t)
Figure 166278DEST_PATH_IMAGE040
,t
Figure DEST_PATH_IMAGE041
U(t)
Figure 823656DEST_PATH_IMAGE042
,t
Figure 664573DEST_PATH_IMAGE041
(3)
equation (1) can be simplified as follows:
Figure 640357DEST_PATH_IMAGE003
=
Figure DEST_PATH_IMAGE043
I(t)
Figure 631447DEST_PATH_IMAGE005
=
Figure 2385DEST_PATH_IMAGE006
Figure 889570DEST_PATH_IMAGE009
=
Figure 978748DEST_PATH_IMAGE044
(4)
wherein:
Figure DEST_PATH_IMAGE045
=
Figure 507950DEST_PATH_IMAGE046
and
Figure DEST_PATH_IMAGE047
=
Figure 650173DEST_PATH_IMAGE048
when equation (3) is used in system (4), there is a restriction system as an element:
Figure 973838DEST_PATH_IMAGE003
=
Figure 284734DEST_PATH_IMAGE022
I
Figure 679943DEST_PATH_IMAGE005
=
Figure DEST_PATH_IMAGE049
Figure 431999DEST_PATH_IMAGE009
=
Figure 660986DEST_PATH_IMAGE024
the above description is only for the preferred embodiment of the present invention, and is not intended to limit the scope of the present invention; all equivalent changes and modifications made according to the present invention are considered to be covered by the scope of the present invention.

Claims (2)

1. The virus model system of the industrial control network is characterized by comprising a demand layer, a model layer, a stability analysis layer and a result layer;
the demand layer comprises an information security module, a PLC and SCADA module, a key industrial network module and a dynamic module for virus propagation;
the model layer comprises a graphic representation module and a mathematical representation module;
the stability analysis layer is responsible for stability analysis of the virus and a propagation model thereof in a national key infrastructure industrial network;
the result layer is responsible for numerical solution of a differential equation set;
the mathematical expression module describes Stuxnet virus and a propagation model thereof in a national key infrastructure industrial network, and comprises the following differential equation sets:
Figure DEST_PATH_IMAGE001
=
Figure DEST_PATH_IMAGE003
S(t);
Figure 327910DEST_PATH_IMAGE004
=
Figure 143419DEST_PATH_IMAGE006
Figure DEST_PATH_IMAGE007
=
Figure DEST_PATH_IMAGE009
Figure 228050DEST_PATH_IMAGE010
=
Figure 662573DEST_PATH_IMAGE012
Figure DEST_PATH_IMAGE013
=
Figure DEST_PATH_IMAGE015
the relevant initial conditions are as follows:
S(0) =
Figure DEST_PATH_IMAGE017
,I(0) =
Figure DEST_PATH_IMAGE019
,P(0) =
Figure DEST_PATH_IMAGE021
,S(0) =
Figure 155740DEST_PATH_IMAGE017
Figure DEST_PATH_IMAGE023
(0)=
Figure DEST_PATH_IMAGE025
Figure DEST_PATH_IMAGE027
(0)=
Figure DEST_PATH_IMAGE029
Figure 516052DEST_PATH_IMAGE030
=
Figure 822400DEST_PATH_IMAGE032
Figure DEST_PATH_IMAGE033
=
Figure DEST_PATH_IMAGE035
2. the system of claim 1, wherein the system of differential equations comprises
Figure 326193DEST_PATH_IMAGE004
Figure 893441DEST_PATH_IMAGE007
And
Figure 926119DEST_PATH_IMAGE013
the following can be simplified:
Figure 578817DEST_PATH_IMAGE004
=
Figure 853678DEST_PATH_IMAGE036
I;
Figure 541012DEST_PATH_IMAGE007
=
Figure 338066DEST_PATH_IMAGE038
Figure 353427DEST_PATH_IMAGE013
=
Figure DEST_PATH_IMAGE039
CN201911416757.8A 2019-12-31 2019-12-31 Virus of industrial control network and propagation model system thereof Pending CN111262829A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201911416757.8A CN111262829A (en) 2019-12-31 2019-12-31 Virus of industrial control network and propagation model system thereof

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201911416757.8A CN111262829A (en) 2019-12-31 2019-12-31 Virus of industrial control network and propagation model system thereof

Publications (1)

Publication Number Publication Date
CN111262829A true CN111262829A (en) 2020-06-09

Family

ID=70953937

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201911416757.8A Pending CN111262829A (en) 2019-12-31 2019-12-31 Virus of industrial control network and propagation model system thereof

Country Status (1)

Country Link
CN (1) CN111262829A (en)

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103036886A (en) * 2012-12-19 2013-04-10 珠海市鸿瑞软件技术有限公司 Industrial controlling network safety protecting method
CN109543301A (en) * 2018-11-22 2019-03-29 苏州健雄职业技术学院 A kind of network security attacks prototype modeling method based on Industry Control

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103036886A (en) * 2012-12-19 2013-04-10 珠海市鸿瑞软件技术有限公司 Industrial controlling network safety protecting method
CN109543301A (en) * 2018-11-22 2019-03-29 苏州健雄职业技术学院 A kind of network security attacks prototype modeling method based on Industry Control

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
ZAHEER MASOOD等: "Design of a mathematical model for the Stuxnet virus in a network of critical control infrastructure", 《COMPUTERS & SECURITY》 *

Similar Documents

Publication Publication Date Title
Tuptuk et al. Security of smart manufacturing systems
Nazir et al. Assessing and augmenting SCADA cyber security: A survey of techniques
Alanazi et al. SCADA vulnerabilities and attacks: A review of the state‐of‐the‐art and open issues
US9256739B1 (en) Systems and methods for using event-correlation graphs to generate remediation procedures
KR101057432B1 (en) System, method, program and recording medium for detection and blocking the harmful program in a real-time throught behavior analysis of the process
Masood et al. Design of a mathematical model for the Stuxnet virus in a network of critical control infrastructure
CN111181926B (en) Security device based on mimicry defense idea and operation method thereof
Jain et al. Defending against internet worms using honeyfarm
Vignau et al. The evolution of IoT Malwares, from 2008 to 2019: Survey, taxonomy, process simulator and perspectives
Grégio et al. Ontology for malware behavior: A core model proposal
Grégio et al. Toward a taxonomy of malware behaviors
Kumar et al. APT attacks on industrial control systems: A tale of three incidents
Grammatikakis et al. Understanding and mitigating banking trojans: From zeus to emotet
Umar et al. Mitigating sodinokibi ransomware attack on cloud network using software-defined networking (SDN)
Zhang et al. A multi-step attack detection model based on alerts of smart grid monitoring system
AL-Dahasi et al. Attack tree model for potential attacks against the scada system
CN112242991A (en) System and method for correlating events to detect information security incidents
KR20110131627A (en) Apparatus for detecting malicious code using structure and characteristic of file, and terminal thereof
CN111262829A (en) Virus of industrial control network and propagation model system thereof
Li et al. Research on attack mechanism of network intrusion in industrial control system
Martínez Martínez et al. MalSEIRS: Forecasting malware spread based on compartmental models in epidemiology
Lau et al. Securing supervisory control and data acquisition control systems
Reti et al. Deep down the rabbit hole: On references in networks of decoy elements
Lamb Advanced Malware and Nuclear Power: Past Present and Future.
Hirata et al. INTERCEPT+: SDN support for live migration-based honeypots

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication

Application publication date: 20200609

RJ01 Rejection of invention patent application after publication