多操作系統(tǒng)異構(gòu)網(wǎng)絡(luò)的病毒傳播模型和安全性能優(yōu)化策略
doi: 10.11999/JEIT190360
-
空軍工程大學(xué)信息與導(dǎo)航學(xué)院 西安 710077
Virus Propagation Model and Security Performance Optimization Strategy of Multi-operating System Heterogeneous Network
-
Information and Navigation Institute, Air Force Engineering University, Xi’an 710077, China
-
摘要:
針對(duì)蠕蟲病毒通常只能感染特定操作系統(tǒng)的特點(diǎn),該文研究了多操作系統(tǒng)異構(gòu)網(wǎng)絡(luò)中的病毒傳播規(guī)律及安全性能優(yōu)化策略。首先,考慮多數(shù)病毒僅限在同種操作系統(tǒng)之間的鏈路中傳播,在SIRS病毒傳播模型中引入異構(gòu)邊比例參數(shù),通過系統(tǒng)平衡點(diǎn)求解和基本再生數(shù)分析,研究異構(gòu)邊對(duì)單系統(tǒng)病毒傳播和網(wǎng)絡(luò)安全性能的影響。其次,按照動(dòng)態(tài)目標(biāo)防御思想和技術(shù),設(shè)計(jì)了非異構(gòu)邊隨機(jī)中斷、非異構(gòu)邊隨機(jī)重連和單操作系統(tǒng)節(jié)點(diǎn)隨機(jī)跳變3種網(wǎng)絡(luò)安全優(yōu)化策略,分析了3種策略下異構(gòu)邊比例和基本再生數(shù)的變化及其對(duì)網(wǎng)絡(luò)安全性能的影響。最后仿真驗(yàn)證了病毒傳播模型的正確性和3種策略的網(wǎng)絡(luò)安全性能優(yōu)化效果,同隨機(jī)中斷和隨機(jī)隔離策略對(duì)比,分析其對(duì)網(wǎng)絡(luò)安全性能和網(wǎng)絡(luò)業(yè)務(wù)承載能力的影響。
-
關(guān)鍵詞:
- 病毒傳播 /
- SIRS模型 /
- 異構(gòu)邊比例 /
- 網(wǎng)絡(luò)安全性能
Abstract:In view of the fact that worm viruses can only infect specific operating systems, the virus propagation rule and security performance optimization strategy in multi-operating system heterogeneous network are studied in this paper. First, considering that most viruses can only spread in link between the same operation system, the parameters of heterogeneous edges ratio are introduced into the Susceptible Infected Remove Susceptible (SIRS) virus transmission model, and the influence of heterogeneous edges and network security performance on the single system virus transmission is studied through system equilibrium solution and basic regeneration number analysis. Secondly, according to the moving target defense thought and technology, the network security optimization strategies is designed for non-isomeric random interrupt, non-isomeric random reconnecting and single operating system random node migration, and the variation of the same ratio and the basic number of regenerated numbers in the three strategies and the impact on the safety of the network are anaylrzed. Finally, the correctness of the virus propagation model is verified by simulation, and the network security performance optimization effects of the three strategies are analyzed.
-
表 1 非異構(gòu)邊隨機(jī)中斷表
輸入:初始網(wǎng)絡(luò)G,斷開邊的比例${p_{\rmq7j3ldu95}}$; 輸出:優(yōu)化后的網(wǎng)絡(luò)${{G}}'$; (1) 為網(wǎng)絡(luò)中的邊加權(quán),其中異構(gòu)邊權(quán)重為1,非異構(gòu)邊權(quán)重為2; (2) 采用Prime表以網(wǎng)絡(luò)中度最大的節(jié)點(diǎn)為起點(diǎn)生成網(wǎng)絡(luò)G的最
小生成樹G1及其子圖G2;(3) 隨機(jī)刪除G2中數(shù)量為${p_{\rmq7j3ldu95}}({M_1} + {M_2})$的連接相應(yīng)操作系統(tǒng)的邊; (4) 將G1和G2整合得到優(yōu)化后的網(wǎng)絡(luò)${{G}}'$。 下載: 導(dǎo)出CSV
表 2 非異構(gòu)邊隨機(jī)重連表
輸入:初始網(wǎng)絡(luò)G,重連邊的比例${p_{\rmq7j3ldu95}}$; 輸出:優(yōu)化后的網(wǎng)絡(luò)${{G}}'$; (1) 為網(wǎng)絡(luò)中的邊加權(quán),其中異構(gòu)邊權(quán)重為1,非異構(gòu)邊權(quán)重為2; (2) 采用Prime表以網(wǎng)絡(luò)中度最大節(jié)點(diǎn)為起點(diǎn)生成網(wǎng)絡(luò)G的最小
生成樹G1及其補(bǔ)圖G2;(3) 隨機(jī)刪除G2中數(shù)量為${p_{\rmq7j3ldu95}}({M_1} + {M_2})$的連接相應(yīng)操作系統(tǒng)的邊; (4) 在網(wǎng)絡(luò)G2中增添數(shù)量為${p_{\rmq7j3ldu95}}({M_1} + {M_2})$的邊,用于連接網(wǎng)絡(luò)中
不同操作系統(tǒng)類型的節(jié)點(diǎn);(5) 將G1和G2整合得到優(yōu)化后的網(wǎng)絡(luò)${{G}}'$。 下載: 導(dǎo)出CSV
表 3 單操作系統(tǒng)節(jié)點(diǎn)隨機(jī)跳變算法
輸入:初始網(wǎng)絡(luò)G,目標(biāo)比例${p_j}$; 輸出:優(yōu)化后的網(wǎng)絡(luò)G; (1) 隨機(jī)選取網(wǎng)絡(luò)中的相應(yīng)操作系統(tǒng)節(jié)點(diǎn)Ni,改變其操作系統(tǒng)類型; (2) 統(tǒng)計(jì)網(wǎng)絡(luò)中相應(yīng)操作系統(tǒng)比例${p_1}$,若${p_1} < {p_j}$,則進(jìn)行步驟(3),
否則重復(fù)步驟(1)、步驟(2);(3) 輸出網(wǎng)絡(luò)G。 下載: 導(dǎo)出CSV
表 4 數(shù)學(xué)模型及網(wǎng)絡(luò)演化結(jié)果對(duì)比
數(shù)學(xué)模型平衡點(diǎn)位置 網(wǎng)絡(luò)演化穩(wěn)態(tài)均值 方差 無標(biāo)度網(wǎng)絡(luò) ${P_0}(333.1,0,666.9)$ 337.1,0,662.9 18.10,0,18.10 小世界網(wǎng)絡(luò) ${P_0}(333.1,0,666.9)$ 332.9,0,667.1 14.50,0,14.50 P2P網(wǎng)絡(luò) ${P_0}(1816,0,3624)$ 1834.1,0,3603.9 22.41,0,22.40 下載: 導(dǎo)出CSV
-
PEI Yongzhen, LIU Shaoying, LI Changguo, et al. The dynamics of an impulsive delay SI model with variable coefficients[J]. Applied Mathematical Modelling, 2009, 33(6): 2766–2776. doi: 10.1016/j.apm.2008.08.011 VAN MIEGHEM P. Epidemic phase transition of the SIS type in networks[J]. Europhysics Letters, 2012, 97(4): 48004. doi: 10.1209/0295-5075/97/48004 MARTINEZ J S V, LOPEZ G P, GONZALEZ A J, et al. Numerical approaching of SIR epidemic model for propagation of computer worms[J]. IEEE Latin America Transactions, 2015, 13(10): 3452–3460. doi: 10.1109/TLA.2015.7387254 王剛, 胡鑫, 陸世偉. 節(jié)點(diǎn)增減機(jī)制下的病毒傳播模型及穩(wěn)定性[J]. 電子科技大學(xué)學(xué)報(bào), 2019, 48(1): 74–79. doi: 10.3969/j.issn.1001-0548.2019.01.013WANG Gang, HU Xin, and LU Shiwei. Virus spreading model and its stability based on the mechanism of node increasing and decreasing[J]. Journal of University of Electronic Science and Technology of China, 2019, 48(1): 74–79. doi: 10.3969/j.issn.1001-0548.2019.01.013 顧??? 蔣國平, 夏玲玲. 基于狀態(tài)概率轉(zhuǎn)移的SIRS病毒傳播模型及其臨界值分析[J]. 計(jì)算機(jī)科學(xué), 2016, 43(6A): 64–67. doi: 10.11896/j.issn.1002-137X.2016.6A.014GU Haijun, JIANG Guoping, and XIA Lingling. SIRS epidemic model and its threshold based on state transition probability[J]. Computer Science, 2016, 43(6A): 64–67. doi: 10.11896/j.issn.1002-137X.2016.6A.014 王剛, 陸世偉, 胡鑫, 等. “去二存一”混合機(jī)制下的病毒擴(kuò)散模型及穩(wěn)定性分析[J]. 電子與信息學(xué)報(bào), 2019, 41(3): 709–716. doi: 10.11999/JEIT180381WANG Gang, LU Shiwei, HU Xin, et al. Virus propagation model and stability under the hybrid mechanism of “Two-go and One-live”[J]. Journal of Electronics &Information Technology, 2019, 41(3): 709–716. doi: 10.11999/JEIT180381 王剛, 陸世偉, 胡鑫, 等. 潛伏機(jī)制下網(wǎng)絡(luò)病毒傳播SEIQRS模型及穩(wěn)定性分析[J]. 哈爾濱工業(yè)大學(xué)學(xué)報(bào), 2019, 51(5): 131–137. doi: 10.11918/j.issn.0367-6234.201805136WANG Gang, LU Shiwei, HU Xin, et al. Network virus spreading SEIQRS model and its stability under escape mechanism[J]. Journal of Harbin Institute of Technology, 2019, 51(5): 131–137. doi: 10.11918/j.issn.0367-6234.201805136 EL-SAYED A M A, ARAFA A A M, KHALI M, et al. A mathematical model with memory for propagation of computer virus under human intervention[J]. Progress in Fractional Differentiation and Applications, 2016, 2(2): 105–113. doi: 10.18576/pfda/020203 WANG Lei, YAO Changhua, YANG Yuqi, et al. Research on a dynamic virus propagation model to improve smart campus security[J]. IEEE Access, 2018, 6: 20663–20672. doi: 10.1109/ACCESS.2018.2817508 HEYDARI V, KIM S I, and YOO S M. Scalable anti-censorship framework using moving target defense for web servers[J]. IEEE Transactions on Information Forensics and Security, 2017, 12(5): 1113–1124. doi: 10.1109/TIFS.2016.2647218 LEI Cheng, MA Duohe, and ZHANG Hongqi. Optimal strategy selection for moving target defense based on Markov game[J]. IEEE Access, 2017, 5: 156–169. doi: 10.1109/ACCESS.2016.2633983 熊鑫立, 趙光勝, 徐偉光, 等. 基于系統(tǒng)攻擊面的動(dòng)態(tài)目標(biāo)防御有效性評(píng)估方法[J]. 清華大學(xué)學(xué)報(bào): 自然科學(xué)版, 2019, 59(4): 276–283. doi: 10.16511/j.cnki.qhdxxb.2018.26.056XIONG Xinli, ZHAO Guangsheng, XU Weiguang, et al. System attack surface based MTD effectiveness assessment model[J]. Journal of Tsinghua University:Science and Technology, 2019, 59(4): 276–283. doi: 10.16511/j.cnki.qhdxxb.2018.26.056 周余陽, 程光, 郭春生, 等. 移動(dòng)目標(biāo)防御的攻擊面動(dòng)態(tài)轉(zhuǎn)移技術(shù)研究綜述[J]. 軟件學(xué)報(bào), 2018, 29(9): 2799–2820. doi: 10.13328/j.cnki.jos.005597ZHOU Yuyang, CHENG Guang, GUO Chunsheng, et al. Survey on attack surface dynamic transfer technology based on moving target defense[J]. Journal of Software, 2018, 29(9): 2799–2820. doi: 10.13328/j.cnki.jos.005597 劉江, 張紅旗, 楊英杰, 等. 基于主機(jī)安全狀態(tài)遷移模型的動(dòng)態(tài)網(wǎng)絡(luò)防御有效性評(píng)估[J]. 電子與信息學(xué)報(bào), 2017, 39(3): 509–517. doi: 10.11999/JEIT160513LIU Jiang, ZHANG Hongqi, YANG Yingjie, et al. Effectiveness evaluation of moving network defense based on host security state transition model[J]. Journal of Electronics &Information Technology, 2017, 39(3): 509–517. doi: 10.11999/JEIT160513 HONG J B and KIM D S. Assessing the effectiveness of moving target defenses using security models[J]. IEEE Transactions on Dependable and Secure Computing, 2016, 13(2): 163–177. doi: 10.1109/TDSC.2015.2443790 JIANG Jiaojiao, WEN Sheng, YU Shui, et al. K-center: An approach on the multi-source identification of information diffusion[J]. IEEE Transactions on Information Forensics and Security, 2015, 10(12): 2616–2626. doi: 10.1109/TIFS.2015.2469256 CAI Jun, WANG Yu, LIU Yan, et al. Enhancing network capacity by weakening community structure in scale-free network[J]. Future Generation Computer Systems, 2018, 87: 765–771. doi: 10.1016/j.future.2017.08.014 LESKOVEC J, KLEINBERG J, and KREVL A. SNAP Datasets: Stanford Large Network Dataset Collection[EB/OL]. http://snap.stanford.edu/data/p2p-Gnutella04.html, 2004. -