CN112187823A - Internet of things availability evaluation method for malicious program diffusion under fog computing architecture - Google Patents
Internet of things availability evaluation method for malicious program diffusion under fog computing architecture Download PDFInfo
- Publication number
- CN112187823A CN112187823A CN202011088039.5A CN202011088039A CN112187823A CN 112187823 A CN112187823 A CN 112187823A CN 202011088039 A CN202011088039 A CN 202011088039A CN 112187823 A CN112187823 A CN 112187823A
- Authority
- CN
- China
- Prior art keywords
- internet
- things
- node
- state
- availability
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F17/00—Digital computing or data processing equipment or methods, specially adapted for specific functions
- G06F17/10—Complex mathematical operations
- G06F17/18—Complex mathematical operations for evaluating statistical data, e.g. average values, frequency distributions, probability functions, regression analysis
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/56—Computer malware detection or handling, e.g. anti-virus arrangements
- G06F21/566—Dynamic detection, i.e. detection performed at run-time, e.g. emulation, suspicious activities
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/12—Discovery or management of network topologies
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/14—Network analysis or design
- H04L41/145—Network analysis or design involving simulating, designing, planning or modelling of a network
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/12—Protocols specially adapted for proprietary or special-purpose networking environments, e.g. medical networks, sensor networks, networks in vehicles or remote metering networks
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Physics & Mathematics (AREA)
- Theoretical Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- General Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- Software Systems (AREA)
- Data Mining & Analysis (AREA)
- Computing Systems (AREA)
- Mathematical Analysis (AREA)
- General Health & Medical Sciences (AREA)
- Health & Medical Sciences (AREA)
- Mathematical Physics (AREA)
- Pure & Applied Mathematics (AREA)
- Mathematical Optimization (AREA)
- Computational Mathematics (AREA)
- Evolutionary Biology (AREA)
- Medical Informatics (AREA)
- Virology (AREA)
- Bioinformatics & Computational Biology (AREA)
- Operations Research (AREA)
- Probability & Statistics with Applications (AREA)
- Bioinformatics & Cheminformatics (AREA)
- Algebra (AREA)
- Life Sciences & Earth Sciences (AREA)
- Databases & Information Systems (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention discloses an Internet of things availability evaluation method for malicious program diffusion under a fog computing architecture, which comprises the following steps: (1) acquiring an Internet of things topological structure to be evaluated and an Internet of things node state transition graph influenced by spread of malicious programs; (2) establishing a Markov matrix of node state conversion of the Internet of things, and calculating a stable point of the Markov matrix to obtain the availability of the node of the Internet of things; (3) calculating the availability from the nodes of the Internet of things to the sink node under each route, thereby obtaining the availability of the whole Internet of things; (4) according to the principle that the higher the availability is, when the availability is judged to be greater than the preset threshold, the internet of things to be evaluated is in an available state. The method can solve the technical problems that influence of malicious program diffusion of the Internet of things and a typical topology structure of the Internet of things are not considered, and the usability evaluation method is complex in calculation and insufficient in calculation capacity of nodes of the Internet of things.
Description
Technical Field
The invention belongs to the technical field of Internet of things security, and particularly relates to an Internet of things usability evaluation method for malicious program diffusion under a fog computing architecture.
Background
The internet of things is closely related to our life and becomes a name of our modern life, and the security problem is a key factor influencing the application of the internet of things, wherein the spread of malicious programs is one of the reasons influencing the performance of the internet of things. When a malicious program attacks the nodes of the internet of things, the communication among the nodes of the internet of things is diffused to other nodes of the internet of things, so that the problems of data loss, communication blocking, energy loss and the like of the nodes of the internet of things are caused, and even the whole system of the internet of things is directly paralyzed. The availability evaluation of the internet of things reflects the probability that the network is in an available or operable state when the internet of things senses data, data communication and data aggregation, and is one of important indexes reflecting the performance of the internet of things. Under the background of malicious program diffusion, how to evaluate the availability of the internet of things becomes a key problem of successful application of the internet of things.
Currently, different agencies disclose methods regarding usability assessments. Patent application document CN107783851B discloses a markov modeling method for steady-state availability of a server cluster, which can reduce the number of states in a markov process, reduce the difficulty in calculating the steady-state availability of the server cluster, and provide valuable reference information for the design and improvement of the server cluster. The patent application document CN107633271A discloses a method for calculating the inaccurate probability of the steady-state availability of an electric power system, which aims at the problems that in the prior art, the calculated amount of the probability interval of the steady-state availability of the electric power system is large and the engineering implementation is very difficult by using interval operation or optimization algorithm according to the interval reliability index of an element, and can directly use the sample data of the system to deduce the upper and lower boundary expressions of the interval of the steady-state availability of the electric power system on the premise of not calculating the inaccurate reliability index of the element.
However, the existing usability evaluation technology is generally problematic when applied to the internet of things facing the spread of malicious programs. On one hand, the influence of malicious program diffusion of the internet of things and a typical topology structure of the internet of things are not considered in the existing method; on the other hand, the usability evaluation method is complex in calculation, and the calculation capability of the nodes of the Internet of things is often insufficient; therefore, how to realize the usability evaluation of the internet of things facing the spread of malicious programs becomes a problem which needs to be solved urgently.
Disclosure of Invention
Aiming at the defects or the improvement requirements of the prior art, the invention provides the Internet of things availability evaluation method facing malicious program diffusion under the fog computing architecture, and aims to solve the technical problems that the influence of the malicious program diffusion of the Internet of things and the typical topology structure of the Internet of things are not considered, and the availability evaluation method is complex in computation and insufficient in computation capability of nodes of the Internet of things.
In order to achieve the above object, according to an aspect of the present invention, a method for evaluating the usability of an internet of things facing malicious program diffusion under a fog computing architecture is provided, which specifically includes the following steps:
(1) the method comprises the steps that middleware deployed on a fog computing node obtains an Internet of things topological structure to be evaluated and an Internet of things node state transition graph affected by spread of malicious programs;
the Internet of things comprises interconnected nodes, wherein the nodes comprise Internet of things nodes and sink nodes;
the topology structure of the Internet of things comprises nodes, connection relations among the nodes, routes from the nodes of the Internet of things to the sink node SN, and the nodes of the Internet of things through which each route from the nodes of the Internet of things to the sink node SN passes;
the Internet of things node state transition diagram comprises Internet of things node states, transition relations among the Internet of things node states and transition probabilities among the Internet of things node states;
(2) simulating the process that malicious programs are spread in the Internet of things to enable the node state of the Internet of things to be converted according to the topology structure of the Internet of things and the node state transition diagram of the Internet of things influenced by the spread of the malicious programs obtained in the step (1), and establishing a Markov matrix M for state transition of the node i of the Internet of things at the moment ti(t) calculating a Markov matrix Mi(t) obtaining availability of node i of the Internet of things by using the stable point
Availability of the node i of the Internet of thingsThe node i is the available probability of the node i of the Internet of things;
(3) according to the availability of the node i of the Internet of things obtained in the step (2)And (2) calculating the availability of the node i of the Internet of things to the sink node SN under each route by the node of the Internet of things which passes through each route from the node of the Internet of things to the sink node SN in the topology structure of the Internet of things obtained in the step (1)And (2) calculating to obtain the availability of the whole Internet of things by combining the route from the Internet of things node to the sink node SN in the Internet of things topological structure obtained in the step (1)
Availability of the node i of the Internet of things to the sink node SN under each routeRefers to an objectThe probability that the nodes of the internet of things passing through each route from the networking node i to the sink node SN are available;
availability of the whole Internet of thingsThe probability that the node of the internet of things passing through any one of all the routes from the node i of the internet of things to the sink node SN is available is referred to;
(4) the availability of the whole Internet of things obtained according to the step (3)Judging whether the Internet of things to be evaluated is available according to the principle that the higher the availability is, the higher the possibility that the Internet of things is available is; when judging the availabilityWhen the threshold is larger than the preset threshold, the internet of things to be evaluated is in an available state, otherwise, the internet of things has potential safety hazards, and corresponding safety measures need to be implemented for malicious programs.
Preferably, the node states of the internet of things in the step (1) include a susceptible state (S), a latent state (E), an infected state (I), an immune state (R) and a dead state (D).
Preferably, in the step (1), the conversion relationship between the states of the nodes of the internet of things is that the susceptible state can be converted into a latent state, an immune state or a death state; the latent state may be converted to an immune state, an infectious state, or a death state; the infection state may be converted to an immune state, or a death state; the immune state may be transformed into a susceptible state, a latent state, or a dead state; the death state may be converted to an immune state; each of the states may also remain in the original state.
Preferably, the transition probability between the states of the nodes of the internet of things in the step (1)Representing the probability of the node i of the internet of things transitioning from state x to state y at time t,x, y ∈ { S, E, I, R, D }) is specifically:
(a) the probability that the node i of the internet of things is converted from the susceptible state S into each state at the moment t is as follows:
wherein
Alpha represents the probability of the malicious program attacking the node of the Internet of things, and k represents the number of the nodes of the Internet of things adjacent to the node i of the Internet of things;representing the probability that an internet of things node j adjacent to the internet of things node I is in an infection state I at the moment t-1; beta represents the detection rate of the malicious program invading the Internet of things to be detected;representing the probability of death of the nodes of the Internet of things due to self energy exhaustion under the attack of non-malicious programs;
(b) the probability that the node i of the internet of things is converted from the latent state E into each state at the moment t is as follows:
wherein mu represents the probability of the node of the Internet of things converting from a latent state into an infected state;
(c) the probability that the node I of the internet of things is converted from the infection state I into each state at the moment t is as follows:
wherein omega represents the death probability of the nodes of the Internet of things due to the exhaustion of the attack energy of the malicious programs;
(d) the probability that the node i of the internet of things is converted from the immune state R to each state at the moment t is as follows:
wherein ζ represents a probability of the internet of things node being converted from the immune state to the susceptible state; gamma represents the false alarm rate of the malicious program invading the Internet of things to be detected;
(e) the probability that the node i of the internet of things is converted from the death state D into each state at the moment t is as follows:
wherein eta represents the probability that the administrator of the internet of things removes dead internet of things nodes from the internet of things and replaces the dead internet of things nodes with new healthy internet of things nodes.
Preferably, the probability that the node j of the internet of things is in the infection state I at the moment tThe method specifically comprises the following steps:
at the initial time when t is 0, the node j of the internet of things is in the immune state R, and the probability that the initial time is in the immune state R is setAnd the probabilities in the other states are all 0, i.e.
At the moment t is greater than 0, the Internet of thingsProbability of node j being in infection state IComprises the following steps:
wherein:
the node j of the internet of things is the transition probability among different states at the moment t.
Preferably, the establishing of the Markov matrix M in step (2)i(t) and calculating availability of node i of Internet of thingsThe specific process is as follows:
(2-1) establishing a Markov matrix M of the state transition of the node i of the Internet of things at the moment t according to the topology structure of the Internet of things and the state transition diagram of the node of the Internet of things acquired in the step (1)i(t), specifically:
(2-2) calculating Markov matrix Mi(t) obtaining each state of the node i of the Internet of things by the stable pointSteady state availability vector ofThe steady state availability for each state is:
wherein:
(2-3) obtaining a steady-state availability vectorObtaining the availability of the node i of the Internet of thingsComprises the following steps:
preferably, the steady-state availability vector in step (2-2)The steady state availability of each state in (1) is a joint Markov matrix Mi(t) solving the stable point equation and the equation of which the sum of the steady-state availability of all the states is 1;
the Markov matrix MiThe stable point equation of (t) means:
i.e. the matrix multiplication is expanded as:
preferably, the calculating in step (3) is performed to calculate the availability of the internet of things node i to the sink node SN under each routeAnd calculating to obtain the availability of the whole Internet of thingsThe specific process is as follows:
(3-1) availability according to node i of the Internet of thingsAnd the Internet of things node passing through each route from the Internet of things node to the sink node SN, and calculating the availability of the Internet of things node i to the sink node SN under each route rComprises the following steps:
wherein M is the hop count of the node of the Internet of things passing from the node i of the Internet of things to the sink node SN;
(3-2) according to the availability of the node i of the Internet of things to the sink node SN under each routeAnd the route from the node i of the Internet of things to the sink node SN to obtain the availability of the whole Internet of thingsComprises the following steps:
and N is the number of all routes from the node i of the internet of things to the sink node SN in the whole internet of things.
In general, compared with the prior art, the above technical solution contemplated by the present invention can achieve the following beneficial effects:
according to the Internet of things availability evaluation method for malicious program diffusion under the fog computing architecture, aiming at a typical Internet of things topological structure of a mesh Internet of things, an Internet of things node state transition graph of networking nodes under the influence of malicious program diffusion is combined, the process that malicious programs are diffused in the Internet of things to enable the Internet of things node state to be converted is simulated, a Markov model of conversion among different states is established, and the whole Internet of things availability evaluation of the Internet of things under the background of the malicious program diffusion is achieved. Meanwhile, the invention is applied to the environment comprising the Internet of things and the fog computing node, and the whole availability evaluation process is completed by the middleware deployed on the fog computing node, so that the problem that the availability evaluation cannot be carried out due to the insufficient computing capability of the Internet of things node is solved, and a reliable basis is provided for the successful application of the Internet of things.
Drawings
FIG. 1 is a flow chart of a method for evaluating the usability of the Internet of things facing malicious program diffusion under a fog computing architecture;
fig. 2 is a state transition diagram of the nodes of the internet of things of the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the present invention more apparent, the present invention is further described in detail with reference to the following embodiments. It should be understood that the specific embodiments described herein are merely illustrative of the invention and are not intended to limit the invention. In addition, the technical features involved in the embodiments of the present invention described below may be combined with each other as long as they do not conflict with each other.
As shown in fig. 1, the method for evaluating the availability of the internet of things facing malicious program diffusion under the fog computing architecture provided by the present invention is applied to an environment including the internet of things and fog computing nodes, and the whole availability evaluation process is completed by middleware deployed on the fog computing nodes, and specifically includes the following steps:
(1) the method comprises the steps that middleware deployed on a fog computing node obtains an Internet of things topological structure to be evaluated and an Internet of things node state transition graph affected by spread of malicious programs;
the Internet of things comprises interconnected nodes, wherein the nodes comprise Internet of things nodes and sink nodes;
the topology structure of the Internet of things comprises nodes, connection relations among the nodes, routes from the nodes of the Internet of things to the sink node SN, and the nodes of the Internet of things through which each route from the nodes of the Internet of things to the sink node SN passes;
the Internet of things node state transition diagram comprises Internet of things node states, transition relations among the Internet of things node states and transition probabilities among the Internet of things node states;
the node states of the Internet of things comprise a susceptible state (S), a latent state (E), an infected state (I), an immune state (R) and a dead state (D);
the susceptibility state refers to the fact that malicious programs exist in the Internet of things and the nodes of the Internet of things are possibly infected;
the latent state means that the node of the internet of things is infected by the malicious program, but the malicious program is not in an active period at the moment, namely the node of the internet of things cannot spread the malicious program outwards at the moment;
the infection state refers to the activation of a malicious program latent in the Internet of things node, so that the Internet of things node is infected;
the immune state refers to a healthy initial state of the node of the Internet of things, or malicious program diffusion is resisted by installing a system security patch on the node of the Internet of things, so that the node of the Internet of things is not infected by the malicious program;
the death state refers to a state after the energy consumption of the nodes of the Internet of things is completely used up.
The conversion relation among the internet of things node states represents that malicious programs spread in the internet of things after attacking the internet of things nodes, so that the states of the internet of things nodes are converted, and as shown in fig. 2, the conversion relation specifically comprises: the susceptible state may be transformed into a latent state, an immune state, or a dead state; the latent state may be converted to an immune state, an infectious state, or a death state; the infection state may be converted to an immune state, or a death state; the immune state may be transformed into a susceptible state, a latent state, or a dead state; the death state may be converted to an immune state; each of the states may also remain in the original state.
The conversion probability among the states of the nodes of the Internet of things is the conversion probability among different states of different nodes of the Internet of things at different moments, and the conversion probability among different states of any node i of the Internet of things at t moment is expressed asWhereinThe probability that the node I of the Internet of things is converted from the state x to the state y at the moment t is represented, and x, y belongs to { S, E, I, R, D };
transition probabilities between the different statesThe method specifically comprises the following steps:
(a) the probability that the node i of the internet of things is converted from the susceptible state S into each state at the moment t is as follows:
whereinWhen the node i of the Internet of things communicates with the adjacent node of the Internet of things, when the node i of the Internet of things is infected by the malicious program and the node i of the Internet of things is not spread by the malicious program and is still in the probability of a susceptible state, the node i of the Internet of things is used by psi1Represents:
alpha represents the probability of the malicious program attacking the node of the internet of things,representing the probability that an internet of things node j adjacent to the internet of things node I is in an infection state I at the moment t-1;the probability that the node i of the Internet of things is not attacked by a malicious program when the node i of the Internet of things communicates with the adjacent node j of the Internet of things is represented; k represents the number of internet of things nodes adjacent to the internet of things node i;
probability that node j of the Internet of things is in infection state I at moment tThe method specifically comprises the following steps:
at the initial time when t is 0, the internet of things node j is considered as a healthy internet of things node, namely in the immune state R, and the probability that the initial time is in the immune state R is setAnd the probabilities in the other states are all 0, i.e.
When t is greater than 0, the node j of the Internet of things is in an infection state I, the node j of the Internet of things is in the infection state I at the time t-1 and is still in the infection state at the time t, or the node j of the Internet of things is in a latent state E at the time t-1 and is converted into the infection state I at the time t, and the probabilityComprises the following steps:
wherein:
the transition probability of the node j of the Internet of things in different states at the time t is obtained;
the probability of the node i of the Internet of things being converted from the susceptible state to the latent state is represented by psi2Represents:
beta represents the detection rate of the intrusion of the malicious program into the Internet of things, namelyThe probability that the malicious program invades the Internet of things but is detected and the Internet of things node i is converted from a susceptible state into an immune state after the system security patch is installed is shown;
the node of the Internet of things dies due to self energy exhaustion under non-malicious program attackIs a probability ofRepresenting the probability that the node i of the Internet of things is converted into a death state from a susceptible state due to energy exhaustion;
the node state of the Internet of things can be obtained according to the conversion relation among the node states of the Internet of things, and the susceptible state cannot be converted into the infected state, so that the probability that the node I of the Internet of things is converted from the susceptible state S into the infected state IIs 0;
(b) the probability that the node i of the internet of things is converted from the latent state E into each state at the moment t is as follows:
the node state transition diagram of the Internet of things can be obtained, the latent state cannot be converted into the susceptible state, and therefore the probability that the node i of the Internet of things is converted from the latent state into the susceptible state
Mu represents the probability of the node of the Internet of things converting from the latent state into the infected state, namely the node of the Internet of things is converted from the latent state into the infected state after a malicious program in the node i of the Internet of things is activated;
(c) the probability that the node I of the internet of things is converted from the infection state I into each state at the moment t is as follows:
the node state transition diagram of the Internet of things can be obtained, the infection state cannot be converted into the susceptible state and the latent state, and therefore the probability that the node i of the Internet of things is converted from the infection state into the susceptible stateAnd probability of transition to latent stateAre all 0;
omega represents the death probability of the node of the Internet of things due to the exhaustion of the attack energy of the malicious program, namelyRepresenting the probability that the node i of the Internet of things is attacked by a malicious program in an infection state and is exhausted in energy, or is attacked by a non-malicious program and is exhausted in energy, so as to enter a death state;
(d) the probability that the node i of the internet of things is converted from the immune state R to each state at the moment t is as follows:
zeta represents the probability of the node of the internet of things being converted from the immune state to the susceptible state, namely the node i of the internet of things is converted from the immune state to the susceptible state due to the existence of the vulnerability of the internet of things;
gamma represents the false alarm rate of the intrusion of the malicious program into the Internet of things, namelyThe probability that malicious programs invade the Internet of things and are mistakenly reported due to false detection of a detection system is represented, so that the node i of the Internet of things is converted from an immune state to a latent state;
the node state conversion graph of the Internet of things can be obtained, the immune state cannot be converted into the infection state, and therefore the probability that the node i of the Internet of things is converted from the immune state into the infection stateIs 0;
(e) the probability that the node i of the internet of things is converted from the death state D into each state at the moment t is as follows:
the probability that the node i of the Internet of things is converted from the death state into the susceptible state can be obtained according to the node state conversion diagram of the Internet of things, and the death state cannot be converted into the susceptible state, the latent state and the infected state, so that the node i of the Internet of things is converted from the death state into the susceptible stateProbability of transition to latent stateAnd probability of transformation to infectious stateAre all 0;
eta represents the probability that the administrator of the internet of things removes dead internet of things nodes from the internet of things and changes the dead internet of things nodes into new healthy internet of things nodes, namely, the dead internet of things nodes are changed into immune states because the new healthy internet of things nodes are changed;
(2) simulating the process that malicious programs are spread in the Internet of things to enable the node state of the Internet of things to be converted according to the topology structure of the Internet of things and the node state conversion diagram of the Internet of things acquired in the step (1), and establishing a Markov matrix M for state conversion of the node i of the Internet of things at the moment ti(t) calculating a Markov matrix Mi(t) obtaining availability of node i of the Internet of things by using the stable point
Availability of the node i of the Internet of thingsThe node i is the available probability of the node i of the Internet of things;
the establishing of the Markov matrix Mi(t) and calculating availability of node i of Internet of thingsThe specific process is as follows:
(2-1) establishing a Markov matrix M of the state transition of the node i of the Internet of things at the moment t according to the topology structure of the Internet of things and the state transition diagram of the node of the Internet of things acquired in the step (1)i(t), specifically:
(2-2) calculating Markov matrix Mi(t) obtaining steady-state availability vectors of all states of the node i of the Internet of things by the stable point
Wherein:
and the sum of the steady-state availability satisfying each state is 1, namely:
the steady state availability vectorIs a joint Markov matrix Mi(t) and the equation with the sum of the steady-state availability degrees of all the states being 1, solving to obtain:
wherein:
the Markov matrix MiThe stable point equation of (t) means:
i.e. the matrix multiplication is expanded as:
wherein
(2-3) obtaining a steady-state availability vectorObtaining the availability of the node i of the Internet of thingsThe method specifically comprises the following steps:
(3) according to the availability of the node i of the Internet of things obtained in the step (2)And (2) calculating the availability of the node i of the Internet of things to the sink node SN under each route by the node of the Internet of things which passes through each route from the node of the Internet of things to the sink node SN in the topology structure of the Internet of things obtained in the step (1)And (2) combining the objects in the topological structure of the Internet of things obtained in the step (1)The route from the networking node to the sink node SN is calculated to obtain the availability of the whole Internet of things
Availability of the node i of the Internet of things to the sink node SN under each routeThe probability that the nodes of the internet of things passing through each route from the node i of the internet of things to the sink node SN are available is referred to;
availability of the whole Internet of thingsThe probability that the node of the internet of things passing through any one of all the routes from the node i of the internet of things to the sink node SN is available is referred to;
and calculating the availability of the node i of the Internet of things to the sink node SN under each routeAnd calculating to obtain the availability of the whole Internet of thingsThe specific process is as follows:
(3-1) availability according to node i of the Internet of thingsAnd the Internet of things node passing through each route from the Internet of things node to the sink node SN, and calculating the availability of the Internet of things node i to the sink node SN under each route rComprises the following steps:
wherein M is the hop count of the node of the Internet of things passing from the node i of the Internet of things to the sink node SN;
(3-2) according to the availability of the node i of the Internet of things to the sink node SN under each routeAnd the route from the node of the Internet of things to the sink node SN is calculated to calculate the availability of the whole Internet of thingsComprises the following steps:
n is the number of all routes from the node i of the Internet of things to the sink node SN in the whole Internet of things;
(4) the availability of the whole Internet of things obtained according to the step (3)Judging whether the Internet of things to be evaluated is available according to the principle that the higher the availability is, the higher the possibility that the Internet of things is available is; when judging the availabilityWhen the threshold is larger than the preset threshold, the internet of things to be evaluated is in an available state, the performance is good, otherwise, the internet of things has potential safety hazards, and corresponding safety measures need to be implemented for malicious programs.
It will be understood by those skilled in the art that the foregoing is only a preferred embodiment of the present invention, and is not intended to limit the invention, and that any modification, equivalent replacement, or improvement made within the spirit and principle of the present invention should be included in the scope of the present invention.
Claims (8)
1. The Internet of things availability evaluation method for malicious program diffusion under the fog computing architecture is characterized by comprising the following steps:
(1) the method comprises the steps that middleware deployed on a fog computing node obtains an Internet of things topological structure to be evaluated and an Internet of things node state transition graph affected by spread of malicious programs;
the Internet of things comprises interconnected nodes, wherein the nodes comprise Internet of things nodes and sink nodes;
the topology structure of the Internet of things comprises nodes, connection relations among the nodes, routes from the nodes of the Internet of things to the sink node SN, and the nodes of the Internet of things through which each route from the nodes of the Internet of things to the sink node SN passes;
the Internet of things node state transition diagram comprises Internet of things node states, transition relations among the Internet of things node states and transition probabilities among the Internet of things node states;
(2) simulating the process that malicious programs are spread in the Internet of things to enable the node state of the Internet of things to be converted according to the topology structure of the Internet of things and the node state transition diagram of the Internet of things influenced by the spread of the malicious programs obtained in the step (1), and establishing a Markov matrix M for state transition of the node i of the Internet of things at the moment ti(t) calculating a Markov matrix Mi(t) obtaining availability of node i of the Internet of things by using the stable point
Availability of the node i of the Internet of thingsThe node i is the available probability of the node i of the Internet of things;
(3) according to the availability of the node i of the Internet of things obtained in the step (2)And (2) calculating the availability of the node i of the Internet of things to the sink node SN under each route by the node of the Internet of things which passes through each route from the node of the Internet of things to the sink node SN in the topology structure of the Internet of things obtained in the step (1)And (2) calculating to obtain the availability of the whole Internet of things by combining the route from the Internet of things node to the sink node SN in the Internet of things topological structure obtained in the step (1)
Availability of the node i of the Internet of things to the sink node SN under each routeThe probability that the nodes of the internet of things passing through each route from the node i of the internet of things to the sink node SN are available is referred to;
availability of the whole Internet of thingsThe probability that the node of the internet of things passing through any one of all the routes from the node i of the internet of things to the sink node SN is available is referred to;
(4) the availability of the whole Internet of things obtained according to the step (3)Judging whether the Internet of things to be evaluated is available according to the principle that the higher the availability is, the higher the possibility that the Internet of things is available is; when judging the availabilityWhen the threshold is larger than the preset threshold, the internet of things to be evaluated is in an available state, otherwise, the internet of things has potential safety hazards, and corresponding safety measures need to be implemented for malicious programs.
2. The method for assessing the usability of the internet of things facing the spread of malicious programs under the fog computing architecture according to claim 1, wherein the node states of the internet of things in the step (1) include a susceptible state (S), a latent state (E), an infected state (I), an immune state (R), and a dead state (D).
3. The method for evaluating the usability of the internet of things facing the spread of malicious programs under the fog computing architecture according to claim 2, wherein in the step (1), the conversion relationship among the states of the nodes of the internet of things is that the susceptible state can be converted into a latent state, an immune state or a death state; the latent state may be converted to an immune state, an infectious state, or a death state; the infection state may be converted to an immune state, or a death state; the immune state may be transformed into a susceptible state, a latent state, or a dead state; the death state may be converted to an immune state; each of the states may also remain in the original state.
4. The method for evaluating the usability of the internet of things facing the spread of malicious programs under the fog computing architecture as claimed in claim 2, wherein the probability of transition between the states of the nodes of the internet of things in the step (1)(The probability that the node I of the internet of things is converted from the state x to the state y at the moment t is represented, and x, y belongs to { S, E, I, R, D }) specifically:
(a) the probability that the node i of the internet of things is converted from the susceptible state S into each state at the moment t is as follows:
wherein
Alpha represents the probability of the malicious program attacking the node of the Internet of things, and k represents the number of the nodes of the Internet of things adjacent to the node i of the Internet of things;representing the probability that an internet of things node j adjacent to the internet of things node I is in an infection state I at the moment t-1; beta represents the detection rate of the malicious program invading the Internet of things to be detected;representing the probability of death of the nodes of the Internet of things due to self energy exhaustion under the attack of non-malicious programs;
(b) the probability that the node i of the internet of things is converted from the latent state E into each state at the moment t is as follows:
wherein mu represents the probability of the node of the Internet of things converting from a latent state into an infected state;
(c) the probability that the node I of the internet of things is converted from the infection state I into each state at the moment t is as follows:
wherein omega represents the death probability of the nodes of the Internet of things due to the exhaustion of the attack energy of the malicious programs;
(d) the probability that the node i of the internet of things is converted from the immune state R to each state at the moment t is as follows:
wherein ζ represents a probability of the internet of things node being converted from the immune state to the susceptible state; gamma represents the false alarm rate of the malicious program invading the Internet of things to be detected;
(e) the probability that the node i of the internet of things is converted from the death state D into each state at the moment t is as follows:
wherein eta represents the probability that the administrator of the internet of things removes dead internet of things nodes from the internet of things and replaces the dead internet of things nodes with new healthy internet of things nodes.
5. The Internet of things availability evaluation method for malicious program diffusion under the fog computing architecture of claim 4, wherein the probability that the Internet of things node j is in the infection state I at the time t isThe method specifically comprises the following steps:
at the initial time when t is 0, the node j of the internet of things is in the immune state R, and the probability that the initial time is in the immune state R is setAnd the probabilities in the other states are all 0, i.e.
When t is greater than 0, the probability that the node j of the Internet of things is in the infection state IComprises the following steps:
wherein:
6. The method for evaluating the usability of the internet of things facing the spread of malicious programs under the fog computing architecture according to claim 1, wherein the establishing of the markov matrix M in the step (2) is performedi(t) and calculating availability of node i of Internet of thingsThe specific process is as follows:
(2-1) establishing a Markov matrix M of the state transition of the node i of the Internet of things at the moment t according to the topology structure of the Internet of things and the state transition diagram of the node of the Internet of things acquired in the step (1)i(t), specifically:
(2-2) calculating Markov matrix Mi(t) obtaining steady-state availability vectors of all states of the node i of the Internet of things by the stable point The steady state availability for each state is:
wherein:
(2-3) obtaining a steady-state availability vectorObtaining the availability of the node i of the Internet of thingsComprises the following steps:
7. the Internet of things availability evaluation method for malicious program diffusion under fog computing architecture as claimed in claim 6, wherein the steady-state availability vector in step (2-2)The steady state availability of each state in (1) is a joint Markov matrix Mi(t) solving the stable point equation and the equation of which the sum of the steady-state availability of all the states is 1;
the Markov matrix Mi(t)The stable point equation of (a) means:
i.e. the matrix multiplication is expanded as:
8. the method for evaluating the availability of the internet of things for malicious program diffusion under the fog computing architecture according to claim 1, wherein the computing in the step (3) is used for computing the availability of the internet of things node i to the sink node SN under each routeAnd calculating to obtain the availability of the whole Internet of thingsThe specific process is as follows:
(3-1) availability according to node i of the Internet of thingsAnd the Internet of things node passing through each route from the Internet of things node to the sink node SN, and calculating the availability of the Internet of things node i to the sink node SN under each route rComprises the following steps:
wherein M is the hop count of the node of the Internet of things passing from the node i of the Internet of things to the sink node SN;
(3-2) Internet of things according to each routeAvailability of a network node i to a sink node SNAnd the route from the node i of the Internet of things to the sink node SN to obtain the availability of the whole Internet of thingsComprises the following steps:
and N is the number of all routes from the node i of the internet of things to the sink node SN in the whole internet of things.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202011088039.5A CN112187823B (en) | 2020-10-13 | 2020-10-13 | Internet of things availability evaluation method for malicious program diffusion under fog computing architecture |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202011088039.5A CN112187823B (en) | 2020-10-13 | 2020-10-13 | Internet of things availability evaluation method for malicious program diffusion under fog computing architecture |
Publications (2)
Publication Number | Publication Date |
---|---|
CN112187823A true CN112187823A (en) | 2021-01-05 |
CN112187823B CN112187823B (en) | 2022-04-19 |
Family
ID=73949362
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202011088039.5A Active CN112187823B (en) | 2020-10-13 | 2020-10-13 | Internet of things availability evaluation method for malicious program diffusion under fog computing architecture |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN112187823B (en) |
Citations (12)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN103532761A (en) * | 2013-10-18 | 2014-01-22 | 嘉兴学院 | Survivability evaluating method applicable to attacked wireless sensing network |
US20160142426A1 (en) * | 2014-11-17 | 2016-05-19 | International Business Machines Corporation | Endpoint traffic profiling for early detection of malware spread |
CN107204871A (en) * | 2017-04-19 | 2017-09-26 | 天津大学 | Wireless sensor network biological treatability appraisal procedure based on Evolutionary Game Model |
CN107483438A (en) * | 2017-08-15 | 2017-12-15 | 山东华诺网络科技有限公司 | A kind of network security situation awareness early warning system and method based on big data |
CN108418843A (en) * | 2018-06-11 | 2018-08-17 | 中国人民解放军战略支援部队信息工程大学 | Network attack target identification method based on attack graph and system |
CN109474607A (en) * | 2018-12-06 | 2019-03-15 | 连云港杰瑞深软科技有限公司 | A kind of industrial control network safeguard protection monitoring system |
CN109617874A (en) * | 2018-12-10 | 2019-04-12 | 绍兴文理学院 | A kind of heterogeneous Sensor Network rogue program propagation modeling method |
CN109756578A (en) * | 2019-02-26 | 2019-05-14 | 上海科技大学 | A kind of low time delay method for scheduling task calculating network towards dynamic mist |
CN109861995A (en) * | 2019-01-17 | 2019-06-07 | 安徽谛听信息科技有限公司 | A kind of safe big data intelligent analysis method of cyberspace, computer-readable medium |
CN110647747A (en) * | 2019-09-05 | 2020-01-03 | 四川大学 | False mobile application detection method based on multi-dimensional similarity |
CN111343180A (en) * | 2020-02-25 | 2020-06-26 | 广州大学 | Multi-type malicious program attack and defense method based on nonlinear chargeable sensor network model |
CN111586696A (en) * | 2020-04-29 | 2020-08-25 | 重庆邮电大学 | Resource allocation and unloading decision method based on multi-agent architecture reinforcement learning |
-
2020
- 2020-10-13 CN CN202011088039.5A patent/CN112187823B/en active Active
Patent Citations (13)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN103532761A (en) * | 2013-10-18 | 2014-01-22 | 嘉兴学院 | Survivability evaluating method applicable to attacked wireless sensing network |
US20160142426A1 (en) * | 2014-11-17 | 2016-05-19 | International Business Machines Corporation | Endpoint traffic profiling for early detection of malware spread |
US20160142423A1 (en) * | 2014-11-17 | 2016-05-19 | International Business Machines Corporation | Endpoint traffic profiling for early detection of malware spread |
CN107204871A (en) * | 2017-04-19 | 2017-09-26 | 天津大学 | Wireless sensor network biological treatability appraisal procedure based on Evolutionary Game Model |
CN107483438A (en) * | 2017-08-15 | 2017-12-15 | 山东华诺网络科技有限公司 | A kind of network security situation awareness early warning system and method based on big data |
CN108418843A (en) * | 2018-06-11 | 2018-08-17 | 中国人民解放军战略支援部队信息工程大学 | Network attack target identification method based on attack graph and system |
CN109474607A (en) * | 2018-12-06 | 2019-03-15 | 连云港杰瑞深软科技有限公司 | A kind of industrial control network safeguard protection monitoring system |
CN109617874A (en) * | 2018-12-10 | 2019-04-12 | 绍兴文理学院 | A kind of heterogeneous Sensor Network rogue program propagation modeling method |
CN109861995A (en) * | 2019-01-17 | 2019-06-07 | 安徽谛听信息科技有限公司 | A kind of safe big data intelligent analysis method of cyberspace, computer-readable medium |
CN109756578A (en) * | 2019-02-26 | 2019-05-14 | 上海科技大学 | A kind of low time delay method for scheduling task calculating network towards dynamic mist |
CN110647747A (en) * | 2019-09-05 | 2020-01-03 | 四川大学 | False mobile application detection method based on multi-dimensional similarity |
CN111343180A (en) * | 2020-02-25 | 2020-06-26 | 广州大学 | Multi-type malicious program attack and defense method based on nonlinear chargeable sensor network model |
CN111586696A (en) * | 2020-04-29 | 2020-08-25 | 重庆邮电大学 | Resource allocation and unloading decision method based on multi-agent architecture reinforcement learning |
Non-Patent Citations (3)
Title |
---|
SHIGEN SHEN: "Multistage Signaling Game-Based Optimal Detection Strategies for Suppressing Malware Diffusion in Fog-Cloud-Based IoT Networks", 《 IEEE INTERNET OF THINGS JOURNAL》 * |
沈士根等: "基于扩展传染病模型的异质传感网恶意程序", 《传感技术学报》 * |
沈士根等: "面向恶意程序传播的传感网可靠度评估_沈士根.pdf", 《电子学报》 * |
Also Published As
Publication number | Publication date |
---|---|
CN112187823B (en) | 2022-04-19 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN109615116B (en) | Telecommunication fraud event detection method and system | |
Wang et al. | Game-theory-based active defense for intrusion detection in cyber-physical embedded systems | |
CN101282332B (en) | System for generating assaulting chart facing network safety alarm incident | |
Fang et al. | A resilient trust management scheme for defending against reputation time-varying attacks based on BETA distribution | |
Haider et al. | Detecting anomalous behavior in cloud servers by nested-arc hidden semi-Markov model with state summarization | |
CN107733877B (en) | Management method and system for wireless communication architecture of Internet of things | |
CN112769869B (en) | SDN network security prediction method based on Bayesian attack graph and corresponding system | |
CN109214456A (en) | A kind of network anomaly detection method, system and electronic equipment | |
Hu et al. | TMSE: A topology modification strategy to enhance the robustness of scale-free wireless sensor networks | |
CN104166708A (en) | Mobile phone virus spreading modeling method based on social network and semi-Markov process | |
CN111224984B (en) | Snort improvement method based on data mining algorithm | |
Sinha et al. | Sniffer: A machine learning approach for DoS attack localization in NoC-based SoCs | |
Lu et al. | Security-aware routing protocol based on artificial neural network algorithm and 6LoWPAN in the internet of things | |
CN112187823B (en) | Internet of things availability evaluation method for malicious program diffusion under fog computing architecture | |
Hendaoui et al. | FID: Fuzzy based intrusion detection for distributed smart devices | |
CN112969180B (en) | Wireless sensor network attack defense method and system in fuzzy environment | |
Kun et al. | Network security situation evaluation method based on attack intention recognition | |
CN112491801B (en) | Incidence matrix-based object-oriented network attack modeling method and device | |
CN114362972B (en) | Botnet hybrid detection method and system based on flow abstract and graph sampling | |
Abdallah et al. | An Optimal Framework for SDN Based on Deep Neural Network | |
CN110362754B (en) | Online social network information source detection method based on reinforcement learning | |
Zhou et al. | Network security situation assessment methods and tactics based on multivariate spatiotemporal attack graph model | |
OUKAS et al. | Generalized stochastic petri nets modelling for energy harvesting wsns considering neighbors with different vicinity levels | |
Roy et al. | Top-Performing Unifying Architecture for Network Intrusion Detection in SDN Using Fully Convolutional Network | |
Yang | Performance analysis of Petri net based on moment generating function |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |