CN112187823A - Internet of things availability evaluation method for malicious program diffusion under fog computing architecture - Google Patents

Internet of things availability evaluation method for malicious program diffusion under fog computing architecture Download PDF

Info

Publication number
CN112187823A
CN112187823A CN202011088039.5A CN202011088039A CN112187823A CN 112187823 A CN112187823 A CN 112187823A CN 202011088039 A CN202011088039 A CN 202011088039A CN 112187823 A CN112187823 A CN 112187823A
Authority
CN
China
Prior art keywords
internet
things
node
state
availability
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202011088039.5A
Other languages
Chinese (zh)
Other versions
CN112187823B (en
Inventor
沈士根
叶晓彤
刘建华
周海平
冯晟
方朝曦
余冬华
孙文飞
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
University of Shaoxing
Original Assignee
University of Shaoxing
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by University of Shaoxing filed Critical University of Shaoxing
Priority to CN202011088039.5A priority Critical patent/CN112187823B/en
Publication of CN112187823A publication Critical patent/CN112187823A/en
Application granted granted Critical
Publication of CN112187823B publication Critical patent/CN112187823B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F17/00Digital computing or data processing equipment or methods, specially adapted for specific functions
    • G06F17/10Complex mathematical operations
    • G06F17/18Complex mathematical operations for evaluating statistical data, e.g. average values, frequency distributions, probability functions, regression analysis
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/56Computer malware detection or handling, e.g. anti-virus arrangements
    • G06F21/566Dynamic detection, i.e. detection performed at run-time, e.g. emulation, suspicious activities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/12Discovery or management of network topologies
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/14Network analysis or design
    • H04L41/145Network analysis or design involving simulating, designing, planning or modelling of a network
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/12Protocols specially adapted for proprietary or special-purpose networking environments, e.g. medical networks, sensor networks, networks in vehicles or remote metering networks

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Physics & Mathematics (AREA)
  • Theoretical Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Software Systems (AREA)
  • Data Mining & Analysis (AREA)
  • Computing Systems (AREA)
  • Mathematical Analysis (AREA)
  • General Health & Medical Sciences (AREA)
  • Health & Medical Sciences (AREA)
  • Mathematical Physics (AREA)
  • Pure & Applied Mathematics (AREA)
  • Mathematical Optimization (AREA)
  • Computational Mathematics (AREA)
  • Evolutionary Biology (AREA)
  • Medical Informatics (AREA)
  • Virology (AREA)
  • Bioinformatics & Computational Biology (AREA)
  • Operations Research (AREA)
  • Probability & Statistics with Applications (AREA)
  • Bioinformatics & Cheminformatics (AREA)
  • Algebra (AREA)
  • Life Sciences & Earth Sciences (AREA)
  • Databases & Information Systems (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The invention discloses an Internet of things availability evaluation method for malicious program diffusion under a fog computing architecture, which comprises the following steps: (1) acquiring an Internet of things topological structure to be evaluated and an Internet of things node state transition graph influenced by spread of malicious programs; (2) establishing a Markov matrix of node state conversion of the Internet of things, and calculating a stable point of the Markov matrix to obtain the availability of the node of the Internet of things; (3) calculating the availability from the nodes of the Internet of things to the sink node under each route, thereby obtaining the availability of the whole Internet of things; (4) according to the principle that the higher the availability is, when the availability is judged to be greater than the preset threshold, the internet of things to be evaluated is in an available state. The method can solve the technical problems that influence of malicious program diffusion of the Internet of things and a typical topology structure of the Internet of things are not considered, and the usability evaluation method is complex in calculation and insufficient in calculation capacity of nodes of the Internet of things.

Description

Internet of things availability evaluation method for malicious program diffusion under fog computing architecture
Technical Field
The invention belongs to the technical field of Internet of things security, and particularly relates to an Internet of things usability evaluation method for malicious program diffusion under a fog computing architecture.
Background
The internet of things is closely related to our life and becomes a name of our modern life, and the security problem is a key factor influencing the application of the internet of things, wherein the spread of malicious programs is one of the reasons influencing the performance of the internet of things. When a malicious program attacks the nodes of the internet of things, the communication among the nodes of the internet of things is diffused to other nodes of the internet of things, so that the problems of data loss, communication blocking, energy loss and the like of the nodes of the internet of things are caused, and even the whole system of the internet of things is directly paralyzed. The availability evaluation of the internet of things reflects the probability that the network is in an available or operable state when the internet of things senses data, data communication and data aggregation, and is one of important indexes reflecting the performance of the internet of things. Under the background of malicious program diffusion, how to evaluate the availability of the internet of things becomes a key problem of successful application of the internet of things.
Currently, different agencies disclose methods regarding usability assessments. Patent application document CN107783851B discloses a markov modeling method for steady-state availability of a server cluster, which can reduce the number of states in a markov process, reduce the difficulty in calculating the steady-state availability of the server cluster, and provide valuable reference information for the design and improvement of the server cluster. The patent application document CN107633271A discloses a method for calculating the inaccurate probability of the steady-state availability of an electric power system, which aims at the problems that in the prior art, the calculated amount of the probability interval of the steady-state availability of the electric power system is large and the engineering implementation is very difficult by using interval operation or optimization algorithm according to the interval reliability index of an element, and can directly use the sample data of the system to deduce the upper and lower boundary expressions of the interval of the steady-state availability of the electric power system on the premise of not calculating the inaccurate reliability index of the element.
However, the existing usability evaluation technology is generally problematic when applied to the internet of things facing the spread of malicious programs. On one hand, the influence of malicious program diffusion of the internet of things and a typical topology structure of the internet of things are not considered in the existing method; on the other hand, the usability evaluation method is complex in calculation, and the calculation capability of the nodes of the Internet of things is often insufficient; therefore, how to realize the usability evaluation of the internet of things facing the spread of malicious programs becomes a problem which needs to be solved urgently.
Disclosure of Invention
Aiming at the defects or the improvement requirements of the prior art, the invention provides the Internet of things availability evaluation method facing malicious program diffusion under the fog computing architecture, and aims to solve the technical problems that the influence of the malicious program diffusion of the Internet of things and the typical topology structure of the Internet of things are not considered, and the availability evaluation method is complex in computation and insufficient in computation capability of nodes of the Internet of things.
In order to achieve the above object, according to an aspect of the present invention, a method for evaluating the usability of an internet of things facing malicious program diffusion under a fog computing architecture is provided, which specifically includes the following steps:
(1) the method comprises the steps that middleware deployed on a fog computing node obtains an Internet of things topological structure to be evaluated and an Internet of things node state transition graph affected by spread of malicious programs;
the Internet of things comprises interconnected nodes, wherein the nodes comprise Internet of things nodes and sink nodes;
the topology structure of the Internet of things comprises nodes, connection relations among the nodes, routes from the nodes of the Internet of things to the sink node SN, and the nodes of the Internet of things through which each route from the nodes of the Internet of things to the sink node SN passes;
the Internet of things node state transition diagram comprises Internet of things node states, transition relations among the Internet of things node states and transition probabilities among the Internet of things node states;
(2) simulating the process that malicious programs are spread in the Internet of things to enable the node state of the Internet of things to be converted according to the topology structure of the Internet of things and the node state transition diagram of the Internet of things influenced by the spread of the malicious programs obtained in the step (1), and establishing a Markov matrix M for state transition of the node i of the Internet of things at the moment ti(t) calculating a Markov matrix Mi(t) obtaining availability of node i of the Internet of things by using the stable point
Figure BDA0002721007730000021
Availability of the node i of the Internet of things
Figure BDA0002721007730000022
The node i is the available probability of the node i of the Internet of things;
(3) according to the availability of the node i of the Internet of things obtained in the step (2)
Figure BDA0002721007730000031
And (2) calculating the availability of the node i of the Internet of things to the sink node SN under each route by the node of the Internet of things which passes through each route from the node of the Internet of things to the sink node SN in the topology structure of the Internet of things obtained in the step (1)
Figure BDA0002721007730000032
And (2) calculating to obtain the availability of the whole Internet of things by combining the route from the Internet of things node to the sink node SN in the Internet of things topological structure obtained in the step (1)
Figure BDA0002721007730000033
Availability of the node i of the Internet of things to the sink node SN under each route
Figure BDA0002721007730000034
Refers to an objectThe probability that the nodes of the internet of things passing through each route from the networking node i to the sink node SN are available;
availability of the whole Internet of things
Figure BDA0002721007730000035
The probability that the node of the internet of things passing through any one of all the routes from the node i of the internet of things to the sink node SN is available is referred to;
(4) the availability of the whole Internet of things obtained according to the step (3)
Figure BDA0002721007730000036
Judging whether the Internet of things to be evaluated is available according to the principle that the higher the availability is, the higher the possibility that the Internet of things is available is; when judging the availability
Figure BDA0002721007730000037
When the threshold is larger than the preset threshold, the internet of things to be evaluated is in an available state, otherwise, the internet of things has potential safety hazards, and corresponding safety measures need to be implemented for malicious programs.
Preferably, the node states of the internet of things in the step (1) include a susceptible state (S), a latent state (E), an infected state (I), an immune state (R) and a dead state (D).
Preferably, in the step (1), the conversion relationship between the states of the nodes of the internet of things is that the susceptible state can be converted into a latent state, an immune state or a death state; the latent state may be converted to an immune state, an infectious state, or a death state; the infection state may be converted to an immune state, or a death state; the immune state may be transformed into a susceptible state, a latent state, or a dead state; the death state may be converted to an immune state; each of the states may also remain in the original state.
Preferably, the transition probability between the states of the nodes of the internet of things in the step (1)
Figure BDA0002721007730000038
Representing the probability of the node i of the internet of things transitioning from state x to state y at time t,x, y ∈ { S, E, I, R, D }) is specifically:
(a) the probability that the node i of the internet of things is converted from the susceptible state S into each state at the moment t is as follows:
Figure BDA0002721007730000041
wherein
Figure BDA0002721007730000042
Figure BDA0002721007730000043
Alpha represents the probability of the malicious program attacking the node of the Internet of things, and k represents the number of the nodes of the Internet of things adjacent to the node i of the Internet of things;
Figure BDA0002721007730000044
representing the probability that an internet of things node j adjacent to the internet of things node I is in an infection state I at the moment t-1; beta represents the detection rate of the malicious program invading the Internet of things to be detected;
Figure BDA0002721007730000045
representing the probability of death of the nodes of the Internet of things due to self energy exhaustion under the attack of non-malicious programs;
(b) the probability that the node i of the internet of things is converted from the latent state E into each state at the moment t is as follows:
Figure BDA0002721007730000046
wherein mu represents the probability of the node of the Internet of things converting from a latent state into an infected state;
(c) the probability that the node I of the internet of things is converted from the infection state I into each state at the moment t is as follows:
Figure BDA0002721007730000047
wherein omega represents the death probability of the nodes of the Internet of things due to the exhaustion of the attack energy of the malicious programs;
(d) the probability that the node i of the internet of things is converted from the immune state R to each state at the moment t is as follows:
Figure BDA0002721007730000051
wherein ζ represents a probability of the internet of things node being converted from the immune state to the susceptible state; gamma represents the false alarm rate of the malicious program invading the Internet of things to be detected;
(e) the probability that the node i of the internet of things is converted from the death state D into each state at the moment t is as follows:
Figure BDA0002721007730000052
wherein eta represents the probability that the administrator of the internet of things removes dead internet of things nodes from the internet of things and replaces the dead internet of things nodes with new healthy internet of things nodes.
Preferably, the probability that the node j of the internet of things is in the infection state I at the moment t
Figure BDA0002721007730000053
The method specifically comprises the following steps:
at the initial time when t is 0, the node j of the internet of things is in the immune state R, and the probability that the initial time is in the immune state R is set
Figure BDA0002721007730000054
And the probabilities in the other states are all 0, i.e.
Figure BDA0002721007730000055
Figure BDA0002721007730000056
At the moment t is greater than 0, the Internet of thingsProbability of node j being in infection state I
Figure BDA0002721007730000057
Comprises the following steps:
Figure BDA0002721007730000058
wherein:
Figure BDA0002721007730000059
Figure BDA00027210077300000510
Figure BDA0002721007730000061
Figure BDA0002721007730000062
the node j of the internet of things is the transition probability among different states at the moment t.
Preferably, the establishing of the Markov matrix M in step (2)i(t) and calculating availability of node i of Internet of things
Figure BDA0002721007730000063
The specific process is as follows:
(2-1) establishing a Markov matrix M of the state transition of the node i of the Internet of things at the moment t according to the topology structure of the Internet of things and the state transition diagram of the node of the Internet of things acquired in the step (1)i(t), specifically:
Figure BDA0002721007730000064
(2-2) calculating Markov matrix Mi(t) obtaining each state of the node i of the Internet of things by the stable pointSteady state availability vector of
Figure BDA0002721007730000065
The steady state availability for each state is:
Figure BDA0002721007730000066
wherein:
Figure BDA0002721007730000067
Figure BDA0002721007730000068
(2-3) obtaining a steady-state availability vector
Figure BDA0002721007730000069
Obtaining the availability of the node i of the Internet of things
Figure BDA00027210077300000610
Comprises the following steps:
Figure BDA0002721007730000071
preferably, the steady-state availability vector in step (2-2)
Figure BDA0002721007730000072
The steady state availability of each state in (1) is a joint Markov matrix Mi(t) solving the stable point equation and the equation of which the sum of the steady-state availability of all the states is 1;
the Markov matrix MiThe stable point equation of (t) means:
Figure BDA0002721007730000073
i.e. the matrix multiplication is expanded as:
Figure BDA0002721007730000074
preferably, the calculating in step (3) is performed to calculate the availability of the internet of things node i to the sink node SN under each route
Figure BDA0002721007730000075
And calculating to obtain the availability of the whole Internet of things
Figure BDA0002721007730000076
The specific process is as follows:
(3-1) availability according to node i of the Internet of things
Figure BDA0002721007730000077
And the Internet of things node passing through each route from the Internet of things node to the sink node SN, and calculating the availability of the Internet of things node i to the sink node SN under each route r
Figure BDA0002721007730000078
Comprises the following steps:
Figure BDA0002721007730000079
wherein M is the hop count of the node of the Internet of things passing from the node i of the Internet of things to the sink node SN;
(3-2) according to the availability of the node i of the Internet of things to the sink node SN under each route
Figure BDA00027210077300000710
And the route from the node i of the Internet of things to the sink node SN to obtain the availability of the whole Internet of things
Figure BDA00027210077300000711
Comprises the following steps:
Figure BDA00027210077300000712
and N is the number of all routes from the node i of the internet of things to the sink node SN in the whole internet of things.
In general, compared with the prior art, the above technical solution contemplated by the present invention can achieve the following beneficial effects:
according to the Internet of things availability evaluation method for malicious program diffusion under the fog computing architecture, aiming at a typical Internet of things topological structure of a mesh Internet of things, an Internet of things node state transition graph of networking nodes under the influence of malicious program diffusion is combined, the process that malicious programs are diffused in the Internet of things to enable the Internet of things node state to be converted is simulated, a Markov model of conversion among different states is established, and the whole Internet of things availability evaluation of the Internet of things under the background of the malicious program diffusion is achieved. Meanwhile, the invention is applied to the environment comprising the Internet of things and the fog computing node, and the whole availability evaluation process is completed by the middleware deployed on the fog computing node, so that the problem that the availability evaluation cannot be carried out due to the insufficient computing capability of the Internet of things node is solved, and a reliable basis is provided for the successful application of the Internet of things.
Drawings
FIG. 1 is a flow chart of a method for evaluating the usability of the Internet of things facing malicious program diffusion under a fog computing architecture;
fig. 2 is a state transition diagram of the nodes of the internet of things of the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the present invention more apparent, the present invention is further described in detail with reference to the following embodiments. It should be understood that the specific embodiments described herein are merely illustrative of the invention and are not intended to limit the invention. In addition, the technical features involved in the embodiments of the present invention described below may be combined with each other as long as they do not conflict with each other.
As shown in fig. 1, the method for evaluating the availability of the internet of things facing malicious program diffusion under the fog computing architecture provided by the present invention is applied to an environment including the internet of things and fog computing nodes, and the whole availability evaluation process is completed by middleware deployed on the fog computing nodes, and specifically includes the following steps:
(1) the method comprises the steps that middleware deployed on a fog computing node obtains an Internet of things topological structure to be evaluated and an Internet of things node state transition graph affected by spread of malicious programs;
the Internet of things comprises interconnected nodes, wherein the nodes comprise Internet of things nodes and sink nodes;
the topology structure of the Internet of things comprises nodes, connection relations among the nodes, routes from the nodes of the Internet of things to the sink node SN, and the nodes of the Internet of things through which each route from the nodes of the Internet of things to the sink node SN passes;
the Internet of things node state transition diagram comprises Internet of things node states, transition relations among the Internet of things node states and transition probabilities among the Internet of things node states;
the node states of the Internet of things comprise a susceptible state (S), a latent state (E), an infected state (I), an immune state (R) and a dead state (D);
the susceptibility state refers to the fact that malicious programs exist in the Internet of things and the nodes of the Internet of things are possibly infected;
the latent state means that the node of the internet of things is infected by the malicious program, but the malicious program is not in an active period at the moment, namely the node of the internet of things cannot spread the malicious program outwards at the moment;
the infection state refers to the activation of a malicious program latent in the Internet of things node, so that the Internet of things node is infected;
the immune state refers to a healthy initial state of the node of the Internet of things, or malicious program diffusion is resisted by installing a system security patch on the node of the Internet of things, so that the node of the Internet of things is not infected by the malicious program;
the death state refers to a state after the energy consumption of the nodes of the Internet of things is completely used up.
The conversion relation among the internet of things node states represents that malicious programs spread in the internet of things after attacking the internet of things nodes, so that the states of the internet of things nodes are converted, and as shown in fig. 2, the conversion relation specifically comprises: the susceptible state may be transformed into a latent state, an immune state, or a dead state; the latent state may be converted to an immune state, an infectious state, or a death state; the infection state may be converted to an immune state, or a death state; the immune state may be transformed into a susceptible state, a latent state, or a dead state; the death state may be converted to an immune state; each of the states may also remain in the original state.
The conversion probability among the states of the nodes of the Internet of things is the conversion probability among different states of different nodes of the Internet of things at different moments, and the conversion probability among different states of any node i of the Internet of things at t moment is expressed as
Figure BDA0002721007730000101
Wherein
Figure BDA0002721007730000102
The probability that the node I of the Internet of things is converted from the state x to the state y at the moment t is represented, and x, y belongs to { S, E, I, R, D };
transition probabilities between the different states
Figure BDA0002721007730000103
The method specifically comprises the following steps:
(a) the probability that the node i of the internet of things is converted from the susceptible state S into each state at the moment t is as follows:
Figure BDA0002721007730000104
wherein
Figure BDA0002721007730000105
When the node i of the Internet of things communicates with the adjacent node of the Internet of things, when the node i of the Internet of things is infected by the malicious program and the node i of the Internet of things is not spread by the malicious program and is still in the probability of a susceptible state, the node i of the Internet of things is used by psi1Represents:
Figure BDA0002721007730000106
alpha represents the probability of the malicious program attacking the node of the internet of things,
Figure BDA0002721007730000107
representing the probability that an internet of things node j adjacent to the internet of things node I is in an infection state I at the moment t-1;
Figure BDA0002721007730000108
the probability that the node i of the Internet of things is not attacked by a malicious program when the node i of the Internet of things communicates with the adjacent node j of the Internet of things is represented; k represents the number of internet of things nodes adjacent to the internet of things node i;
probability that node j of the Internet of things is in infection state I at moment t
Figure BDA0002721007730000109
The method specifically comprises the following steps:
at the initial time when t is 0, the internet of things node j is considered as a healthy internet of things node, namely in the immune state R, and the probability that the initial time is in the immune state R is set
Figure BDA00027210077300001010
And the probabilities in the other states are all 0, i.e.
Figure BDA00027210077300001011
When t is greater than 0, the node j of the Internet of things is in an infection state I, the node j of the Internet of things is in the infection state I at the time t-1 and is still in the infection state at the time t, or the node j of the Internet of things is in a latent state E at the time t-1 and is converted into the infection state I at the time t, and the probability
Figure BDA00027210077300001012
Comprises the following steps:
Figure BDA00027210077300001013
wherein:
Figure BDA0002721007730000111
Figure BDA0002721007730000112
Figure BDA0002721007730000113
Figure BDA0002721007730000114
the transition probability of the node j of the Internet of things in different states at the time t is obtained;
Figure BDA0002721007730000115
the probability of the node i of the Internet of things being converted from the susceptible state to the latent state is represented by psi2Represents:
Figure BDA0002721007730000116
beta represents the detection rate of the intrusion of the malicious program into the Internet of things, namely
Figure BDA0002721007730000117
The probability that the malicious program invades the Internet of things but is detected and the Internet of things node i is converted from a susceptible state into an immune state after the system security patch is installed is shown;
Figure BDA0002721007730000118
the node of the Internet of things dies due to self energy exhaustion under non-malicious program attackIs a probability of
Figure BDA0002721007730000119
Representing the probability that the node i of the Internet of things is converted into a death state from a susceptible state due to energy exhaustion;
the node state of the Internet of things can be obtained according to the conversion relation among the node states of the Internet of things, and the susceptible state cannot be converted into the infected state, so that the probability that the node I of the Internet of things is converted from the susceptible state S into the infected state I
Figure BDA00027210077300001110
Is 0;
(b) the probability that the node i of the internet of things is converted from the latent state E into each state at the moment t is as follows:
Figure BDA00027210077300001111
the node state transition diagram of the Internet of things can be obtained, the latent state cannot be converted into the susceptible state, and therefore the probability that the node i of the Internet of things is converted from the latent state into the susceptible state
Figure BDA00027210077300001112
Mu represents the probability of the node of the Internet of things converting from the latent state into the infected state, namely the node of the Internet of things is converted from the latent state into the infected state after a malicious program in the node i of the Internet of things is activated;
(c) the probability that the node I of the internet of things is converted from the infection state I into each state at the moment t is as follows:
Figure BDA0002721007730000121
the node state transition diagram of the Internet of things can be obtained, the infection state cannot be converted into the susceptible state and the latent state, and therefore the probability that the node i of the Internet of things is converted from the infection state into the susceptible state
Figure BDA0002721007730000122
And probability of transition to latent state
Figure BDA0002721007730000123
Are all 0;
omega represents the death probability of the node of the Internet of things due to the exhaustion of the attack energy of the malicious program, namely
Figure BDA0002721007730000124
Representing the probability that the node i of the Internet of things is attacked by a malicious program in an infection state and is exhausted in energy, or is attacked by a non-malicious program and is exhausted in energy, so as to enter a death state;
(d) the probability that the node i of the internet of things is converted from the immune state R to each state at the moment t is as follows:
Figure BDA0002721007730000125
zeta represents the probability of the node of the internet of things being converted from the immune state to the susceptible state, namely the node i of the internet of things is converted from the immune state to the susceptible state due to the existence of the vulnerability of the internet of things;
gamma represents the false alarm rate of the intrusion of the malicious program into the Internet of things, namely
Figure BDA0002721007730000126
The probability that malicious programs invade the Internet of things and are mistakenly reported due to false detection of a detection system is represented, so that the node i of the Internet of things is converted from an immune state to a latent state;
the node state conversion graph of the Internet of things can be obtained, the immune state cannot be converted into the infection state, and therefore the probability that the node i of the Internet of things is converted from the immune state into the infection state
Figure BDA0002721007730000127
Is 0;
(e) the probability that the node i of the internet of things is converted from the death state D into each state at the moment t is as follows:
Figure BDA0002721007730000131
the probability that the node i of the Internet of things is converted from the death state into the susceptible state can be obtained according to the node state conversion diagram of the Internet of things, and the death state cannot be converted into the susceptible state, the latent state and the infected state, so that the node i of the Internet of things is converted from the death state into the susceptible state
Figure BDA0002721007730000132
Probability of transition to latent state
Figure BDA0002721007730000133
And probability of transformation to infectious state
Figure BDA0002721007730000134
Are all 0;
eta represents the probability that the administrator of the internet of things removes dead internet of things nodes from the internet of things and changes the dead internet of things nodes into new healthy internet of things nodes, namely, the dead internet of things nodes are changed into immune states because the new healthy internet of things nodes are changed;
(2) simulating the process that malicious programs are spread in the Internet of things to enable the node state of the Internet of things to be converted according to the topology structure of the Internet of things and the node state conversion diagram of the Internet of things acquired in the step (1), and establishing a Markov matrix M for state conversion of the node i of the Internet of things at the moment ti(t) calculating a Markov matrix Mi(t) obtaining availability of node i of the Internet of things by using the stable point
Figure BDA0002721007730000135
Availability of the node i of the Internet of things
Figure BDA0002721007730000136
The node i is the available probability of the node i of the Internet of things;
the establishing of the Markov matrix Mi(t) and calculating availability of node i of Internet of things
Figure BDA0002721007730000137
The specific process is as follows:
(2-1) establishing a Markov matrix M of the state transition of the node i of the Internet of things at the moment t according to the topology structure of the Internet of things and the state transition diagram of the node of the Internet of things acquired in the step (1)i(t), specifically:
Figure BDA0002721007730000138
Figure BDA0002721007730000141
(2-2) calculating Markov matrix Mi(t) obtaining steady-state availability vectors of all states of the node i of the Internet of things by the stable point
Figure BDA0002721007730000142
Wherein:
Figure BDA0002721007730000143
and the sum of the steady-state availability satisfying each state is 1, namely:
Figure BDA0002721007730000144
the steady state availability vector
Figure BDA0002721007730000145
Is a joint Markov matrix Mi(t) and the equation with the sum of the steady-state availability degrees of all the states being 1, solving to obtain:
Figure BDA0002721007730000146
wherein:
Figure BDA0002721007730000147
the Markov matrix MiThe stable point equation of (t) means:
Figure BDA0002721007730000148
i.e. the matrix multiplication is expanded as:
Figure BDA0002721007730000151
wherein
Figure BDA0002721007730000152
(2-3) obtaining a steady-state availability vector
Figure BDA0002721007730000153
Obtaining the availability of the node i of the Internet of things
Figure BDA0002721007730000154
The method specifically comprises the following steps:
Figure BDA0002721007730000155
(3) according to the availability of the node i of the Internet of things obtained in the step (2)
Figure BDA0002721007730000156
And (2) calculating the availability of the node i of the Internet of things to the sink node SN under each route by the node of the Internet of things which passes through each route from the node of the Internet of things to the sink node SN in the topology structure of the Internet of things obtained in the step (1)
Figure BDA0002721007730000157
And (2) combining the objects in the topological structure of the Internet of things obtained in the step (1)The route from the networking node to the sink node SN is calculated to obtain the availability of the whole Internet of things
Figure BDA0002721007730000158
Availability of the node i of the Internet of things to the sink node SN under each route
Figure BDA0002721007730000159
The probability that the nodes of the internet of things passing through each route from the node i of the internet of things to the sink node SN are available is referred to;
availability of the whole Internet of things
Figure BDA00027210077300001510
The probability that the node of the internet of things passing through any one of all the routes from the node i of the internet of things to the sink node SN is available is referred to;
and calculating the availability of the node i of the Internet of things to the sink node SN under each route
Figure BDA00027210077300001511
And calculating to obtain the availability of the whole Internet of things
Figure BDA00027210077300001512
The specific process is as follows:
(3-1) availability according to node i of the Internet of things
Figure BDA00027210077300001513
And the Internet of things node passing through each route from the Internet of things node to the sink node SN, and calculating the availability of the Internet of things node i to the sink node SN under each route r
Figure BDA00027210077300001514
Comprises the following steps:
Figure BDA00027210077300001515
wherein M is the hop count of the node of the Internet of things passing from the node i of the Internet of things to the sink node SN;
(3-2) according to the availability of the node i of the Internet of things to the sink node SN under each route
Figure BDA0002721007730000161
And the route from the node of the Internet of things to the sink node SN is calculated to calculate the availability of the whole Internet of things
Figure BDA0002721007730000162
Comprises the following steps:
Figure BDA0002721007730000163
n is the number of all routes from the node i of the Internet of things to the sink node SN in the whole Internet of things;
(4) the availability of the whole Internet of things obtained according to the step (3)
Figure BDA0002721007730000164
Judging whether the Internet of things to be evaluated is available according to the principle that the higher the availability is, the higher the possibility that the Internet of things is available is; when judging the availability
Figure BDA0002721007730000165
When the threshold is larger than the preset threshold, the internet of things to be evaluated is in an available state, the performance is good, otherwise, the internet of things has potential safety hazards, and corresponding safety measures need to be implemented for malicious programs.
It will be understood by those skilled in the art that the foregoing is only a preferred embodiment of the present invention, and is not intended to limit the invention, and that any modification, equivalent replacement, or improvement made within the spirit and principle of the present invention should be included in the scope of the present invention.

Claims (8)

1. The Internet of things availability evaluation method for malicious program diffusion under the fog computing architecture is characterized by comprising the following steps:
(1) the method comprises the steps that middleware deployed on a fog computing node obtains an Internet of things topological structure to be evaluated and an Internet of things node state transition graph affected by spread of malicious programs;
the Internet of things comprises interconnected nodes, wherein the nodes comprise Internet of things nodes and sink nodes;
the topology structure of the Internet of things comprises nodes, connection relations among the nodes, routes from the nodes of the Internet of things to the sink node SN, and the nodes of the Internet of things through which each route from the nodes of the Internet of things to the sink node SN passes;
the Internet of things node state transition diagram comprises Internet of things node states, transition relations among the Internet of things node states and transition probabilities among the Internet of things node states;
(2) simulating the process that malicious programs are spread in the Internet of things to enable the node state of the Internet of things to be converted according to the topology structure of the Internet of things and the node state transition diagram of the Internet of things influenced by the spread of the malicious programs obtained in the step (1), and establishing a Markov matrix M for state transition of the node i of the Internet of things at the moment ti(t) calculating a Markov matrix Mi(t) obtaining availability of node i of the Internet of things by using the stable point
Figure FDA0002721007720000011
Availability of the node i of the Internet of things
Figure FDA0002721007720000012
The node i is the available probability of the node i of the Internet of things;
(3) according to the availability of the node i of the Internet of things obtained in the step (2)
Figure FDA0002721007720000013
And (2) calculating the availability of the node i of the Internet of things to the sink node SN under each route by the node of the Internet of things which passes through each route from the node of the Internet of things to the sink node SN in the topology structure of the Internet of things obtained in the step (1)
Figure FDA0002721007720000014
And (2) calculating to obtain the availability of the whole Internet of things by combining the route from the Internet of things node to the sink node SN in the Internet of things topological structure obtained in the step (1)
Figure FDA0002721007720000015
Availability of the node i of the Internet of things to the sink node SN under each route
Figure FDA0002721007720000016
The probability that the nodes of the internet of things passing through each route from the node i of the internet of things to the sink node SN are available is referred to;
availability of the whole Internet of things
Figure FDA0002721007720000017
The probability that the node of the internet of things passing through any one of all the routes from the node i of the internet of things to the sink node SN is available is referred to;
(4) the availability of the whole Internet of things obtained according to the step (3)
Figure FDA0002721007720000021
Judging whether the Internet of things to be evaluated is available according to the principle that the higher the availability is, the higher the possibility that the Internet of things is available is; when judging the availability
Figure FDA0002721007720000022
When the threshold is larger than the preset threshold, the internet of things to be evaluated is in an available state, otherwise, the internet of things has potential safety hazards, and corresponding safety measures need to be implemented for malicious programs.
2. The method for assessing the usability of the internet of things facing the spread of malicious programs under the fog computing architecture according to claim 1, wherein the node states of the internet of things in the step (1) include a susceptible state (S), a latent state (E), an infected state (I), an immune state (R), and a dead state (D).
3. The method for evaluating the usability of the internet of things facing the spread of malicious programs under the fog computing architecture according to claim 2, wherein in the step (1), the conversion relationship among the states of the nodes of the internet of things is that the susceptible state can be converted into a latent state, an immune state or a death state; the latent state may be converted to an immune state, an infectious state, or a death state; the infection state may be converted to an immune state, or a death state; the immune state may be transformed into a susceptible state, a latent state, or a dead state; the death state may be converted to an immune state; each of the states may also remain in the original state.
4. The method for evaluating the usability of the internet of things facing the spread of malicious programs under the fog computing architecture as claimed in claim 2, wherein the probability of transition between the states of the nodes of the internet of things in the step (1)
Figure FDA0002721007720000023
(
Figure FDA0002721007720000024
The probability that the node I of the internet of things is converted from the state x to the state y at the moment t is represented, and x, y belongs to { S, E, I, R, D }) specifically:
(a) the probability that the node i of the internet of things is converted from the susceptible state S into each state at the moment t is as follows:
Figure FDA0002721007720000025
wherein
Figure FDA0002721007720000031
Figure FDA0002721007720000032
Alpha represents the probability of the malicious program attacking the node of the Internet of things, and k represents the number of the nodes of the Internet of things adjacent to the node i of the Internet of things;
Figure FDA0002721007720000033
representing the probability that an internet of things node j adjacent to the internet of things node I is in an infection state I at the moment t-1; beta represents the detection rate of the malicious program invading the Internet of things to be detected;
Figure FDA0002721007720000034
representing the probability of death of the nodes of the Internet of things due to self energy exhaustion under the attack of non-malicious programs;
(b) the probability that the node i of the internet of things is converted from the latent state E into each state at the moment t is as follows:
Figure FDA0002721007720000035
wherein mu represents the probability of the node of the Internet of things converting from a latent state into an infected state;
(c) the probability that the node I of the internet of things is converted from the infection state I into each state at the moment t is as follows:
Figure FDA0002721007720000036
wherein omega represents the death probability of the nodes of the Internet of things due to the exhaustion of the attack energy of the malicious programs;
(d) the probability that the node i of the internet of things is converted from the immune state R to each state at the moment t is as follows:
Figure FDA0002721007720000037
wherein ζ represents a probability of the internet of things node being converted from the immune state to the susceptible state; gamma represents the false alarm rate of the malicious program invading the Internet of things to be detected;
(e) the probability that the node i of the internet of things is converted from the death state D into each state at the moment t is as follows:
Figure FDA0002721007720000041
wherein eta represents the probability that the administrator of the internet of things removes dead internet of things nodes from the internet of things and replaces the dead internet of things nodes with new healthy internet of things nodes.
5. The Internet of things availability evaluation method for malicious program diffusion under the fog computing architecture of claim 4, wherein the probability that the Internet of things node j is in the infection state I at the time t is
Figure FDA0002721007720000042
The method specifically comprises the following steps:
at the initial time when t is 0, the node j of the internet of things is in the immune state R, and the probability that the initial time is in the immune state R is set
Figure FDA0002721007720000043
And the probabilities in the other states are all 0, i.e.
Figure FDA0002721007720000044
Figure FDA0002721007720000045
When t is greater than 0, the probability that the node j of the Internet of things is in the infection state I
Figure FDA0002721007720000046
Comprises the following steps:
Figure FDA0002721007720000047
wherein:
Figure FDA0002721007720000048
Figure FDA0002721007720000049
Figure FDA00027210077200000410
Figure FDA00027210077200000411
the node j of the internet of things is the transition probability among different states at the moment t.
6. The method for evaluating the usability of the internet of things facing the spread of malicious programs under the fog computing architecture according to claim 1, wherein the establishing of the markov matrix M in the step (2) is performedi(t) and calculating availability of node i of Internet of things
Figure FDA0002721007720000051
The specific process is as follows:
(2-1) establishing a Markov matrix M of the state transition of the node i of the Internet of things at the moment t according to the topology structure of the Internet of things and the state transition diagram of the node of the Internet of things acquired in the step (1)i(t), specifically:
Figure FDA0002721007720000052
(2-2) calculating Markov matrix Mi(t) obtaining steady-state availability vectors of all states of the node i of the Internet of things by the stable point
Figure FDA0002721007720000053
Figure FDA0002721007720000054
The steady state availability for each state is:
Figure FDA0002721007720000055
wherein:
Figure FDA0002721007720000056
Figure FDA0002721007720000057
(2-3) obtaining a steady-state availability vector
Figure FDA0002721007720000058
Obtaining the availability of the node i of the Internet of things
Figure FDA0002721007720000059
Comprises the following steps:
Figure FDA00027210077200000510
7. the Internet of things availability evaluation method for malicious program diffusion under fog computing architecture as claimed in claim 6, wherein the steady-state availability vector in step (2-2)
Figure FDA00027210077200000511
The steady state availability of each state in (1) is a joint Markov matrix Mi(t) solving the stable point equation and the equation of which the sum of the steady-state availability of all the states is 1;
the Markov matrix Mi(t)The stable point equation of (a) means:
Figure FDA0002721007720000061
i.e. the matrix multiplication is expanded as:
Figure FDA0002721007720000062
8. the method for evaluating the availability of the internet of things for malicious program diffusion under the fog computing architecture according to claim 1, wherein the computing in the step (3) is used for computing the availability of the internet of things node i to the sink node SN under each route
Figure FDA0002721007720000063
And calculating to obtain the availability of the whole Internet of things
Figure FDA0002721007720000064
The specific process is as follows:
(3-1) availability according to node i of the Internet of things
Figure FDA0002721007720000065
And the Internet of things node passing through each route from the Internet of things node to the sink node SN, and calculating the availability of the Internet of things node i to the sink node SN under each route r
Figure FDA0002721007720000066
Comprises the following steps:
Figure FDA0002721007720000067
wherein M is the hop count of the node of the Internet of things passing from the node i of the Internet of things to the sink node SN;
(3-2) Internet of things according to each routeAvailability of a network node i to a sink node SN
Figure FDA0002721007720000068
And the route from the node i of the Internet of things to the sink node SN to obtain the availability of the whole Internet of things
Figure FDA0002721007720000069
Comprises the following steps:
Figure FDA00027210077200000610
and N is the number of all routes from the node i of the internet of things to the sink node SN in the whole internet of things.
CN202011088039.5A 2020-10-13 2020-10-13 Internet of things availability evaluation method for malicious program diffusion under fog computing architecture Active CN112187823B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202011088039.5A CN112187823B (en) 2020-10-13 2020-10-13 Internet of things availability evaluation method for malicious program diffusion under fog computing architecture

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202011088039.5A CN112187823B (en) 2020-10-13 2020-10-13 Internet of things availability evaluation method for malicious program diffusion under fog computing architecture

Publications (2)

Publication Number Publication Date
CN112187823A true CN112187823A (en) 2021-01-05
CN112187823B CN112187823B (en) 2022-04-19

Family

ID=73949362

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202011088039.5A Active CN112187823B (en) 2020-10-13 2020-10-13 Internet of things availability evaluation method for malicious program diffusion under fog computing architecture

Country Status (1)

Country Link
CN (1) CN112187823B (en)

Citations (12)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103532761A (en) * 2013-10-18 2014-01-22 嘉兴学院 Survivability evaluating method applicable to attacked wireless sensing network
US20160142426A1 (en) * 2014-11-17 2016-05-19 International Business Machines Corporation Endpoint traffic profiling for early detection of malware spread
CN107204871A (en) * 2017-04-19 2017-09-26 天津大学 Wireless sensor network biological treatability appraisal procedure based on Evolutionary Game Model
CN107483438A (en) * 2017-08-15 2017-12-15 山东华诺网络科技有限公司 A kind of network security situation awareness early warning system and method based on big data
CN108418843A (en) * 2018-06-11 2018-08-17 中国人民解放军战略支援部队信息工程大学 Network attack target identification method based on attack graph and system
CN109474607A (en) * 2018-12-06 2019-03-15 连云港杰瑞深软科技有限公司 A kind of industrial control network safeguard protection monitoring system
CN109617874A (en) * 2018-12-10 2019-04-12 绍兴文理学院 A kind of heterogeneous Sensor Network rogue program propagation modeling method
CN109756578A (en) * 2019-02-26 2019-05-14 上海科技大学 A kind of low time delay method for scheduling task calculating network towards dynamic mist
CN109861995A (en) * 2019-01-17 2019-06-07 安徽谛听信息科技有限公司 A kind of safe big data intelligent analysis method of cyberspace, computer-readable medium
CN110647747A (en) * 2019-09-05 2020-01-03 四川大学 False mobile application detection method based on multi-dimensional similarity
CN111343180A (en) * 2020-02-25 2020-06-26 广州大学 Multi-type malicious program attack and defense method based on nonlinear chargeable sensor network model
CN111586696A (en) * 2020-04-29 2020-08-25 重庆邮电大学 Resource allocation and unloading decision method based on multi-agent architecture reinforcement learning

Patent Citations (13)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103532761A (en) * 2013-10-18 2014-01-22 嘉兴学院 Survivability evaluating method applicable to attacked wireless sensing network
US20160142426A1 (en) * 2014-11-17 2016-05-19 International Business Machines Corporation Endpoint traffic profiling for early detection of malware spread
US20160142423A1 (en) * 2014-11-17 2016-05-19 International Business Machines Corporation Endpoint traffic profiling for early detection of malware spread
CN107204871A (en) * 2017-04-19 2017-09-26 天津大学 Wireless sensor network biological treatability appraisal procedure based on Evolutionary Game Model
CN107483438A (en) * 2017-08-15 2017-12-15 山东华诺网络科技有限公司 A kind of network security situation awareness early warning system and method based on big data
CN108418843A (en) * 2018-06-11 2018-08-17 中国人民解放军战略支援部队信息工程大学 Network attack target identification method based on attack graph and system
CN109474607A (en) * 2018-12-06 2019-03-15 连云港杰瑞深软科技有限公司 A kind of industrial control network safeguard protection monitoring system
CN109617874A (en) * 2018-12-10 2019-04-12 绍兴文理学院 A kind of heterogeneous Sensor Network rogue program propagation modeling method
CN109861995A (en) * 2019-01-17 2019-06-07 安徽谛听信息科技有限公司 A kind of safe big data intelligent analysis method of cyberspace, computer-readable medium
CN109756578A (en) * 2019-02-26 2019-05-14 上海科技大学 A kind of low time delay method for scheduling task calculating network towards dynamic mist
CN110647747A (en) * 2019-09-05 2020-01-03 四川大学 False mobile application detection method based on multi-dimensional similarity
CN111343180A (en) * 2020-02-25 2020-06-26 广州大学 Multi-type malicious program attack and defense method based on nonlinear chargeable sensor network model
CN111586696A (en) * 2020-04-29 2020-08-25 重庆邮电大学 Resource allocation and unloading decision method based on multi-agent architecture reinforcement learning

Non-Patent Citations (3)

* Cited by examiner, † Cited by third party
Title
SHIGEN SHEN: "Multistage Signaling Game-Based Optimal Detection Strategies for Suppressing Malware Diffusion in Fog-Cloud-Based IoT Networks", 《 IEEE INTERNET OF THINGS JOURNAL》 *
沈士根等: "基于扩展传染病模型的异质传感网恶意程序", 《传感技术学报》 *
沈士根等: "面向恶意程序传播的传感网可靠度评估_沈士根.pdf", 《电子学报》 *

Also Published As

Publication number Publication date
CN112187823B (en) 2022-04-19

Similar Documents

Publication Publication Date Title
CN109615116B (en) Telecommunication fraud event detection method and system
Wang et al. Game-theory-based active defense for intrusion detection in cyber-physical embedded systems
CN101282332B (en) System for generating assaulting chart facing network safety alarm incident
Fang et al. A resilient trust management scheme for defending against reputation time-varying attacks based on BETA distribution
Haider et al. Detecting anomalous behavior in cloud servers by nested-arc hidden semi-Markov model with state summarization
CN107733877B (en) Management method and system for wireless communication architecture of Internet of things
CN112769869B (en) SDN network security prediction method based on Bayesian attack graph and corresponding system
CN109214456A (en) A kind of network anomaly detection method, system and electronic equipment
Hu et al. TMSE: A topology modification strategy to enhance the robustness of scale-free wireless sensor networks
CN104166708A (en) Mobile phone virus spreading modeling method based on social network and semi-Markov process
CN111224984B (en) Snort improvement method based on data mining algorithm
Sinha et al. Sniffer: A machine learning approach for DoS attack localization in NoC-based SoCs
Lu et al. Security-aware routing protocol based on artificial neural network algorithm and 6LoWPAN in the internet of things
CN112187823B (en) Internet of things availability evaluation method for malicious program diffusion under fog computing architecture
Hendaoui et al. FID: Fuzzy based intrusion detection for distributed smart devices
CN112969180B (en) Wireless sensor network attack defense method and system in fuzzy environment
Kun et al. Network security situation evaluation method based on attack intention recognition
CN112491801B (en) Incidence matrix-based object-oriented network attack modeling method and device
CN114362972B (en) Botnet hybrid detection method and system based on flow abstract and graph sampling
Abdallah et al. An Optimal Framework for SDN Based on Deep Neural Network
CN110362754B (en) Online social network information source detection method based on reinforcement learning
Zhou et al. Network security situation assessment methods and tactics based on multivariate spatiotemporal attack graph model
OUKAS et al. Generalized stochastic petri nets modelling for energy harvesting wsns considering neighbors with different vicinity levels
Roy et al. Top-Performing Unifying Architecture for Network Intrusion Detection in SDN Using Fully Convolutional Network
Yang Performance analysis of Petri net based on moment generating function

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant