多操作系統(tǒng)異構(gòu)網(wǎng)絡(luò)的病毒傳播模型和安全性能優(yōu)化策略

王剛; 馮云; 陸世偉; 馬潤年

doi:10.11999/JEIT190360

多操作系統(tǒng)異構(gòu)網(wǎng)絡(luò)的病毒傳播模型和安全性能優(yōu)化策略

doi: 10.11999/JEIT190360

空軍工程大學(xué)信息與導(dǎo)航學(xué)院西安 710077

基金項(xiàng)目: 國家自然科學(xué)基金(61573017)

詳細(xì)信息

作者簡介:
王剛：男，1976年生，教授，博士，碩士生導(dǎo)師，主要研究方向?yàn)榫W(wǎng)絡(luò)空間安全和復(fù)雜網(wǎng)絡(luò)

馮云：男，1996年生，碩士生，研究方向?yàn)榫W(wǎng)絡(luò)空間安全

陸世偉：男，1995年生，碩士生，研究方向?yàn)榫W(wǎng)絡(luò)空間安全

馬潤年：男，1963年生，教授，博士，碩士生導(dǎo)師，主要研究方向?yàn)榫W(wǎng)絡(luò)空間安全和復(fù)雜網(wǎng)絡(luò)

通訊作者:
王剛　wglxl@nudt.edu.cn

中圖分類號(hào): TP393.08
計(jì)量
- 文章訪問數(shù): 2085
- HTML全文瀏覽量: 893
- PDF下載量: 84
- 被引次數(shù): 0
出版歷程
- 收稿日期: 2019-05-22
- 修回日期: 2019-12-09
- 網(wǎng)絡(luò)出版日期: 2019-12-20
- 刊出日期: 2020-06-04

Virus Propagation Model and Security Performance Optimization Strategy of Multi-operating System Heterogeneous Network

Information and Navigation Institute, Air Force Engineering University, Xi’an 710077, China

Funds: The National Nature Science Foundation of China (61573017)

摘要

摘要:
針對(duì)蠕蟲病毒通常只能感染特定操作系統(tǒng)的特點(diǎn)，該文研究了多操作系統(tǒng)異構(gòu)網(wǎng)絡(luò)中的病毒傳播規(guī)律及安全性能優(yōu)化策略。首先，考慮多數(shù)病毒僅限在同種操作系統(tǒng)之間的鏈路中傳播，在SIRS病毒傳播模型中引入異構(gòu)邊比例參數(shù)，通過系統(tǒng)平衡點(diǎn)求解和基本再生數(shù)分析，研究異構(gòu)邊對(duì)單系統(tǒng)病毒傳播和網(wǎng)絡(luò)安全性能的影響。其次，按照動(dòng)態(tài)目標(biāo)防御思想和技術(shù)，設(shè)計(jì)了非異構(gòu)邊隨機(jī)中斷、非異構(gòu)邊隨機(jī)重連和單操作系統(tǒng)節(jié)點(diǎn)隨機(jī)跳變3種網(wǎng)絡(luò)安全優(yōu)化策略，分析了3種策略下異構(gòu)邊比例和基本再生數(shù)的變化及其對(duì)網(wǎng)絡(luò)安全性能的影響。最后仿真驗(yàn)證了病毒傳播模型的正確性和3種策略的網(wǎng)絡(luò)安全性能優(yōu)化效果，同隨機(jī)中斷和隨機(jī)隔離策略對(duì)比，分析其對(duì)網(wǎng)絡(luò)安全性能和網(wǎng)絡(luò)業(yè)務(wù)承載能力的影響。
- 病毒傳播 /
- SIRS模型 /
- 異構(gòu)邊比例 /
- 網(wǎng)絡(luò)安全性能
Abstract:
In view of the fact that worm viruses can only infect specific operating systems, the virus propagation rule and security performance optimization strategy in multi-operating system heterogeneous network are studied in this paper. First, considering that most viruses can only spread in link between the same operation system, the parameters of heterogeneous edges ratio are introduced into the Susceptible Infected Remove Susceptible (SIRS) virus transmission model, and the influence of heterogeneous edges and network security performance on the single system virus transmission is studied through system equilibrium solution and basic regeneration number analysis. Secondly, according to the moving target defense thought and technology, the network security optimization strategies is designed for non-isomeric random interrupt, non-isomeric random reconnecting and single operating system random node migration, and the variation of the same ratio and the basic number of regenerated numbers in the three strategies and the impact on the safety of the network are anaylrzed. Finally, the correctness of the virus propagation model is verified by simulation, and the network security performance optimization effects of the three strategies are analyzed.
- Virus transmission /
- Susceptible Infected Remove Susceptible (SIRS) model /
- Heterogeneous edge ratio /
- Network security performance

HTML全文

圖 1 多操作系統(tǒng)異構(gòu)網(wǎng)絡(luò)及其子網(wǎng)絡(luò)

下載: 全尺寸圖片幻燈片

圖 2 多操作系統(tǒng)異構(gòu)網(wǎng)絡(luò)中病毒傳播的SIRS模型

下載: 全尺寸圖片幻燈片

圖 3 β=0.01時(shí)不同網(wǎng)絡(luò)中病毒傳播情況

下載: 全尺寸圖片幻燈片

圖 4 鏈路調(diào)整前后網(wǎng)絡(luò)中病毒傳播情況

下載: 全尺寸圖片幻燈片

圖 5 非異構(gòu)邊隨機(jī)中斷、非異構(gòu)邊隨機(jī)重連和隨機(jī)中斷效果對(duì)比

下載: 全尺寸圖片幻燈片

圖 6 單操作系統(tǒng)節(jié)點(diǎn)隨機(jī)跳變策略對(duì)網(wǎng)絡(luò)中病毒傳播的影響

下載: 全尺寸圖片幻燈片

圖 7 隨機(jī)隔離、單操作系統(tǒng)節(jié)點(diǎn)隨機(jī)跳變效果對(duì)比

下載: 全尺寸圖片幻燈片

圖 8 100次重復(fù)試驗(yàn)中節(jié)點(diǎn)跳變優(yōu)化前后網(wǎng)絡(luò)平均度變化

下載: 全尺寸圖片幻燈片

表 1 非異構(gòu)邊隨機(jī)中斷表

輸入：初始網(wǎng)絡(luò)G，斷開邊的比例${p_{\rmq7j3ldu95}}$；
輸出：優(yōu)化后的網(wǎng)絡(luò)${{G}}'$；
(1) 為網(wǎng)絡(luò)中的邊加權(quán)，其中異構(gòu)邊權(quán)重為1，非異構(gòu)邊權(quán)重為2；
(2) 采用Prime表以網(wǎng)絡(luò)中度最大的節(jié)點(diǎn)為起點(diǎn)生成網(wǎng)絡(luò)G的最　　小生成樹G₁及其子圖G₂；
(3) 隨機(jī)刪除G₂中數(shù)量為${p_{\rmq7j3ldu95}}({M_1} + {M_2})$的連接相應(yīng)操作系統(tǒng)的邊；
(4) 將G₁和G₂整合得到優(yōu)化后的網(wǎng)絡(luò)${{G}}'$。

下載: 導(dǎo)出CSV

表 2 非異構(gòu)邊隨機(jī)重連表

輸入：初始網(wǎng)絡(luò)G，重連邊的比例${p_{\rmq7j3ldu95}}$；
輸出：優(yōu)化后的網(wǎng)絡(luò)${{G}}'$；
(1) 為網(wǎng)絡(luò)中的邊加權(quán)，其中異構(gòu)邊權(quán)重為1，非異構(gòu)邊權(quán)重為2；
(2) 采用Prime表以網(wǎng)絡(luò)中度最大節(jié)點(diǎn)為起點(diǎn)生成網(wǎng)絡(luò)G的最小　　生成樹G₁及其補(bǔ)圖G₂；
(3) 隨機(jī)刪除G₂中數(shù)量為${p_{\rmq7j3ldu95}}({M_1} + {M_2})$的連接相應(yīng)操作系統(tǒng)的邊；
(4) 在網(wǎng)絡(luò)G₂中增添數(shù)量為${p_{\rmq7j3ldu95}}({M_1} + {M_2})$的邊，用于連接網(wǎng)絡(luò)中　　不同操作系統(tǒng)類型的節(jié)點(diǎn)；
(5) 將G₁和G₂整合得到優(yōu)化后的網(wǎng)絡(luò)${{G}}'$。

下載: 導(dǎo)出CSV

表 3 單操作系統(tǒng)節(jié)點(diǎn)隨機(jī)跳變算法

輸入：初始網(wǎng)絡(luò)G，目標(biāo)比例${p_j}$；
輸出：優(yōu)化后的網(wǎng)絡(luò)G；
(1) 隨機(jī)選取網(wǎng)絡(luò)中的相應(yīng)操作系統(tǒng)節(jié)點(diǎn)N_i，改變其操作系統(tǒng)類型；
(2) 統(tǒng)計(jì)網(wǎng)絡(luò)中相應(yīng)操作系統(tǒng)比例${p_1}$，若${p_1} < {p_j}$，則進(jìn)行步驟(3)，　　否則重復(fù)步驟(1)、步驟(2)；
(3) 輸出網(wǎng)絡(luò)G。

下載: 導(dǎo)出CSV

表 4 數(shù)學(xué)模型及網(wǎng)絡(luò)演化結(jié)果對(duì)比

	數(shù)學(xué)模型平衡點(diǎn)位置	網(wǎng)絡(luò)演化穩(wěn)態(tài)均值	方差
無標(biāo)度網(wǎng)絡(luò)	${P_0}(333.1,0,666.9)$	337.1,0,662.9	18.10,0,18.10
小世界網(wǎng)絡(luò)	${P_0}(333.1,0,666.9)$	332.9,0,667.1	14.50,0,14.50
P2P網(wǎng)絡(luò)	${P_0}(1816,0,3624)$	1834.1,0,3603.9	22.41,0,22.40

下載: 導(dǎo)出CSV

參考文獻(xiàn)(18)

PEI Yongzhen, LIU Shaoying, LI Changguo, et al. The dynamics of an impulsive delay SI model with variable coefficients[J]. Applied Mathematical Modelling, 2009, 33(6): 2766–2776. doi: 10.1016/j.apm.2008.08.011

VAN MIEGHEM P. Epidemic phase transition of the SIS type in networks[J]. Europhysics Letters, 2012, 97(4): 48004. doi: 10.1209/0295-5075/97/48004

MARTINEZ J S V, LOPEZ G P, GONZALEZ A J, et al. Numerical approaching of SIR epidemic model for propagation of computer worms[J]. IEEE Latin America Transactions, 2015, 13(10): 3452–3460. doi: 10.1109/TLA.2015.7387254

王剛, 胡鑫, 陸世偉. 節(jié)點(diǎn)增減機(jī)制下的病毒傳播模型及穩(wěn)定性[J]. 電子科技大學(xué)學(xué)報(bào), 2019, 48(1): 74–79. doi: 10.3969/j.issn.1001-0548.2019.01.013

WANG Gang, HU Xin, and LU Shiwei. Virus spreading model and its stability based on the mechanism of node increasing and decreasing[J]. Journal of University of Electronic Science and Technology of China, 2019, 48(1): 74–79. doi: 10.3969/j.issn.1001-0548.2019.01.013

顧?？? 蔣國平, 夏玲玲. 基于狀態(tài)概率轉(zhuǎn)移的SIRS病毒傳播模型及其臨界值分析[J]. 計(jì)算機(jī)科學(xué), 2016, 43(6A): 64–67. doi: 10.11896/j.issn.1002-137X.2016.6A.014

GU Haijun, JIANG Guoping, and XIA Lingling. SIRS epidemic model and its threshold based on state transition probability[J]. Computer Science, 2016, 43(6A): 64–67. doi: 10.11896/j.issn.1002-137X.2016.6A.014

王剛, 陸世偉, 胡鑫, 等. “去二存一”混合機(jī)制下的病毒擴(kuò)散模型及穩(wěn)定性分析[J]. 電子與信息學(xué)報(bào), 2019, 41(3): 709–716. doi: 10.11999/JEIT180381

WANG Gang, LU Shiwei, HU Xin, et al. Virus propagation model and stability under the hybrid mechanism of “Two-go and One-live”[J]. Journal of Electronics &Information Technology, 2019, 41(3): 709–716. doi: 10.11999/JEIT180381

王剛, 陸世偉, 胡鑫, 等. 潛伏機(jī)制下網(wǎng)絡(luò)病毒傳播SEIQRS模型及穩(wěn)定性分析[J]. 哈爾濱工業(yè)大學(xué)學(xué)報(bào), 2019, 51(5): 131–137. doi: 10.11918/j.issn.0367-6234.201805136

WANG Gang, LU Shiwei, HU Xin, et al. Network virus spreading SEIQRS model and its stability under escape mechanism[J]. Journal of Harbin Institute of Technology, 2019, 51(5): 131–137. doi: 10.11918/j.issn.0367-6234.201805136

EL-SAYED A M A, ARAFA A A M, KHALI M, et al. A mathematical model with memory for propagation of computer virus under human intervention[J]. Progress in Fractional Differentiation and Applications, 2016, 2(2): 105–113. doi: 10.18576/pfda/020203

WANG Lei, YAO Changhua, YANG Yuqi, et al. Research on a dynamic virus propagation model to improve smart campus security[J]. IEEE Access, 2018, 6: 20663–20672. doi: 10.1109/ACCESS.2018.2817508

HEYDARI V, KIM S I, and YOO S M. Scalable anti-censorship framework using moving target defense for web servers[J]. IEEE Transactions on Information Forensics and Security, 2017, 12(5): 1113–1124. doi: 10.1109/TIFS.2016.2647218

LEI Cheng, MA Duohe, and ZHANG Hongqi. Optimal strategy selection for moving target defense based on Markov game[J]. IEEE Access, 2017, 5: 156–169. doi: 10.1109/ACCESS.2016.2633983

熊鑫立, 趙光勝, 徐偉光, 等. 基于系統(tǒng)攻擊面的動(dòng)態(tài)目標(biāo)防御有效性評(píng)估方法[J]. 清華大學(xué)學(xué)報(bào): 自然科學(xué)版, 2019, 59(4): 276–283. doi: 10.16511/j.cnki.qhdxxb.2018.26.056

XIONG Xinli, ZHAO Guangsheng, XU Weiguang, et al. System attack surface based MTD effectiveness assessment model[J]. Journal of Tsinghua University:Science and Technology, 2019, 59(4): 276–283. doi: 10.16511/j.cnki.qhdxxb.2018.26.056

周余陽, 程光, 郭春生, 等. 移動(dòng)目標(biāo)防御的攻擊面動(dòng)態(tài)轉(zhuǎn)移技術(shù)研究綜述[J]. 軟件學(xué)報(bào), 2018, 29(9): 2799–2820. doi: 10.13328/j.cnki.jos.005597

ZHOU Yuyang, CHENG Guang, GUO Chunsheng, et al. Survey on attack surface dynamic transfer technology based on moving target defense[J]. Journal of Software, 2018, 29(9): 2799–2820. doi: 10.13328/j.cnki.jos.005597

劉江, 張紅旗, 楊英杰, 等. 基于主機(jī)安全狀態(tài)遷移模型的動(dòng)態(tài)網(wǎng)絡(luò)防御有效性評(píng)估[J]. 電子與信息學(xué)報(bào), 2017, 39(3): 509–517. doi: 10.11999/JEIT160513

LIU Jiang, ZHANG Hongqi, YANG Yingjie, et al. Effectiveness evaluation of moving network defense based on host security state transition model[J]. Journal of Electronics &Information Technology, 2017, 39(3): 509–517. doi: 10.11999/JEIT160513

HONG J B and KIM D S. Assessing the effectiveness of moving target defenses using security models[J]. IEEE Transactions on Dependable and Secure Computing, 2016, 13(2): 163–177. doi: 10.1109/TDSC.2015.2443790

JIANG Jiaojiao, WEN Sheng, YU Shui, et al. K-center: An approach on the multi-source identification of information diffusion[J]. IEEE Transactions on Information Forensics and Security, 2015, 10(12): 2616–2626. doi: 10.1109/TIFS.2015.2469256

CAI Jun, WANG Yu, LIU Yan, et al. Enhancing network capacity by weakening community structure in scale-free network[J]. Future Generation Computer Systems, 2018, 87: 765–771. doi: 10.1016/j.future.2017.08.014

LESKOVEC J, KLEINBERG J, and KREVL A. SNAP Datasets: Stanford Large Network Dataset Collection[EB/OL]. http://snap.stanford.edu/data/p2p-Gnutella04.html, 2004.

相關(guān)文章

施引文獻(xiàn)

資源附件(0)

訪問統(tǒng)計(jì)