CN115941238B - Method for preventing and controlling coupled P2P industrial Internet worm transmission by using composite benign worm - Google Patents
Method for preventing and controlling coupled P2P industrial Internet worm transmission by using composite benign worm Download PDFInfo
- Publication number
- CN115941238B CN115941238B CN202211134586.1A CN202211134586A CN115941238B CN 115941238 B CN115941238 B CN 115941238B CN 202211134586 A CN202211134586 A CN 202211134586A CN 115941238 B CN115941238 B CN 115941238B
- Authority
- CN
- China
- Prior art keywords
- network
- worms
- node
- nodes
- benign
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 83
- 239000002131 composite material Substances 0.000 title claims abstract description 16
- 230000005540 biological transmission Effects 0.000 title claims abstract description 13
- 230000003211 malignant effect Effects 0.000 claims abstract description 93
- 230000002265 prevention Effects 0.000 claims abstract description 34
- 230000008569 process Effects 0.000 claims abstract description 34
- 238000004519 manufacturing process Methods 0.000 claims abstract description 30
- 230000000694 effects Effects 0.000 claims abstract description 10
- 208000015181 infectious disease Diseases 0.000 claims description 67
- 230000008878 coupling Effects 0.000 claims description 42
- 238000010168 coupling process Methods 0.000 claims description 42
- 238000005859 coupling reaction Methods 0.000 claims description 42
- 230000007480 spreading Effects 0.000 claims description 12
- 238000003892 spreading Methods 0.000 claims description 12
- 230000008859 change Effects 0.000 claims description 5
- 238000004364 calculation method Methods 0.000 claims description 4
- 238000009826 distribution Methods 0.000 claims description 4
- 230000001900 immune effect Effects 0.000 claims description 4
- 230000000903 blocking effect Effects 0.000 abstract description 7
- 230000003053 immunization Effects 0.000 abstract 1
- 238000002649 immunization Methods 0.000 abstract 1
- 238000010586 diagram Methods 0.000 description 16
- 230000007704 transition Effects 0.000 description 10
- 230000006870 function Effects 0.000 description 6
- 238000004088 simulation Methods 0.000 description 5
- 206010028980 Neoplasm Diseases 0.000 description 2
- 201000011510 cancer Diseases 0.000 description 2
- 230000007547 defect Effects 0.000 description 2
- 230000036039 immunity Effects 0.000 description 2
- 230000036210 malignancy Effects 0.000 description 2
- 230000003449 preventive effect Effects 0.000 description 2
- 238000011160 research Methods 0.000 description 2
- 230000002159 abnormal effect Effects 0.000 description 1
- 230000009471 action Effects 0.000 description 1
- 238000013459 approach Methods 0.000 description 1
- 230000008901 benefit Effects 0.000 description 1
- 238000004140 cleaning Methods 0.000 description 1
- 238000004891 communication Methods 0.000 description 1
- 150000001875 compounds Chemical class 0.000 description 1
- 238000004590 computer program Methods 0.000 description 1
- 238000011217 control strategy Methods 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 230000003631 expected effect Effects 0.000 description 1
- 230000003993 interaction Effects 0.000 description 1
- 230000007246 mechanism Effects 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000008092 positive effect Effects 0.000 description 1
- 230000000644 propagated effect Effects 0.000 description 1
- 230000008439 repair process Effects 0.000 description 1
- 230000004083 survival effect Effects 0.000 description 1
Landscapes
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention provides a method for preventing and controlling worm transmission of coupled P2P industrial Internet by using composite benign worm, which has the technical scheme that: abstracting a factory office network-production network coupled P2P network into a network topology model, and establishing a dynamic propagation process of network worms by utilizing the SIUR model; the control process is divided into three stages: a prevention stage, a pre-countermeasure stage and a post-countermeasure stage. In the prevention stage, benign worms are put on a host with larger degrees, and an immunization effect is primarily achieved; in the early stage of the countermeasure, the benign worms adopt an active and passive strategy to combat malignant worms and inhibit the early stage of the spread of the malignant worms; later in the challenge phase, benign worms take passive strategies, waiting for malignant worm attacks to discover and destroy them, avoiding massive ineffective scanning from blocking the network. According to the invention, different strategies can be used in the countermeasure process to reduce the consumption of industrial Internet network resources, and a good industrial Internet collaborative safety protection model and protection strategy are constructed.
Description
Technical Field
The invention belongs to the crossing field of network science and control science, and particularly relates to a method for preventing and controlling worm transmission of coupled P2P industrial Internet by using composite benign worms.
Background
The factory office network and the production network are important components in the industrial Internet, and interaction exists between the factory office network and the production network, so that a coupling network is formed. A P2P network is a distributed network in which each node in the network may share resources owned by the respective node, the sharing of which is supported by the network. The core of the P2P network is that each node in the network is peer-to-peer with each other, which not only acts as a server to provide services for other nodes, but also receives services provided by other nodes, and is both a provider and an acquirer of resources. Data transmission can be directly carried out between each two nodes without service support of a third party. In the industrial internet, devices in the factory office network can send production demands to devices in the production network, and different devices in the factory office network or different devices in the production network can send information to each other, so that a coupling P2P network is formed.
A network worm refers to a program or code that runs on a computer itself without user action. The method integrates network attack, cryptography and computer technology, and utilizes security defects or policy loopholes in the industrial Internet to transmit the copy of the complete function of the method to another node. Unlike conventional network worms, in a factory office network-production network coupled P2P network, worms can utilize topology information in the network and propagate quickly without extensive random scanning. The propagation mode makes the propagation more rapid and accurate, the unused IP address can not be scanned, and a large number of abnormal states of connection failure can not occur. In addition, the P2P worm can hide self-transmitted traffic in normal network communication traffic, so that the transmission concealment is greatly enhanced.
P2P worms can be divided into two classes, active P2P worms and passive P2P worms. The active P2P worm constructs an attack list for active propagation by acquiring neighbor node information on an infected host; passive P2P worms wait for other users to download for passive propagation by disguising themselves and hiding them in the shared resources of the P2P network. In the industrial internet, most of P2P worms are passive worms at present, and active worms do not appear.
Using the mechanism of spreading worms, benign worms may be used to combat malignant worms. Like a malignant worm, a benign worm is an automatically independent computer program or code that does not require intervention by a computer user and is propagated using vulnerabilities present in the network. However, in contrast, the benign worms can use their own transmission functions to obtain auxiliary tools to remove the malignant worms on the infected computers and safely self-destroy the infected computers after the tasks such as immunity, bug repair and the like are completed.
Benign worms can be divided into three general classes, passive, active, and mixed. Passive benign worms may discover an infected host by waiting for a malignant worm attack, thereby cleaning up the malignant worm on the host and repairing the vulnerability. Although passive benign worms resist malignant worms at a slower rate, they generate little additional traffic in the process of finding targets and therefore hardly block the network. Active worms can actively discover hosts with vulnerabilities and can be divided into three subclasses according to their functions, namely patched active worms, predated active worms and compound active worms. The patched active benign worm can patch the host with the loopholes; predated active benign worms may clear malignant worms on hosts that have vulnerabilities; the composite active benign worm has the functions of both active benign worms. Although the active benign worms resist the malignant worms at a higher rate, they generate a lot of extra traffic during the search for targets, and the blocking effect on the network is even greater than that of the malignant worms later in the resist process. The hybrid worms also fall into three subclasses, namely patched hybrid worms, predated hybrid worms, composite hybrid worms. The functions of the three types of hybrid benign worms are added to the functions of the passive benign worms on the basis of the active benign worms of the corresponding types, the speed of resisting the malignant worms is the highest, and the blocking effect on the network is the highest.
Currently, in the industrial internet, research on methods for controlling coupled P2P worms using benign worms has achieved a certain result. The existing control strategies mainly have two kinds: an active strategy using active benign worms and a passive strategy using passive benign worms. However, these two approaches do not balance well the two aspects of effective countermeasures and resource consumption. The active strategy can quickly find and kill worms, but the resource consumption is huge; passive strategies, while slow in propagation, consume little resources. Therefore, a more effective and economical countermeasure method is needed to construct a good industrial internet collaborative security model and protection strategy.
Disclosure of Invention
Aiming at the defects of the existing research on the use of benign worms to control coupled P2P worms in a factory office network-production network coupled P2P network in an industrial Internet, the invention provides a method for controlling malignant worms in the coupled P2P industrial Internet by using composite benign worms, and different control modes are used according to the number of worms in the coupled P2P network in different control stages. The invention aims to prevent malignant worms in the industrial Internet by using composite benign worms, reduce the consumption of network resources of the industrial Internet while achieving the prevention effect, control the spread range and survival time of coupled P2P worms, prevent the worms from causing larger damage to the industrial Internet, and further perfect the cooperative safety protection model and protection strategy of the industrial Internet. The invention provides a method for preventing and treating malignant worms in coupled P2P industrial Internet by using composite benign worms, which comprises the following specific steps:
Step one: constructing an initial coupling P2P network topology, abstracting a coupling P2P network of a factory office network-a production network into a network topology model, taking a host and equipment in the coupling P2P network as nodes, abstracting connection between the host and the equipment into node connection edges, and building the network topology in a certain space;
Step two: based on the coupled P2P network topology, utilizing SIUR model to establish dynamic propagation process of industrial Internet network worm, changing node attribute in the coupled network topology model according to worm propagation attribute in each unit time, and constructing dynamic network topology model of coupled P2P network;
Step three: the control process is divided into three stages: in the prevention stage, the early stage and the later stage of the countermeasure stage, different prevention and treatment modes are used according to the quantity of worms in the P2P network of the factory office network-production network coupling in different prevention and treatment stages, so that the worm prevention and treatment effect is achieved, and meanwhile, the consumption of industrial Internet network resources is reduced.
Through the steps, the effect of preventing and controlling malignant worms in the factory office network-production network coupling P2P network by using composite benign worms is achieved, meanwhile, the consumption of industrial Internet network resources is reduced, the method is suitable for preventing the malignant worms from infecting the industrial Internet on a large scale, the spreading range of the malignant worms is reduced, production stagnation and economic loss are minimized, and the cooperative safety protection model and protection strategy of the industrial Internet are further improved.
The specific implementation method of the "constructing an initial coupling P2P network topology" in the first step is as follows: the factory office network is represented by an a network, the production network is represented by a B network, which is a P2P network with two degrees uncorrelated, the degrees of the nodes in each network obeying a power law distribution. For each node in the a network, the degree to which it is connected to other nodes is denoted by (i, j), i denotes the degree to which it is connected to other nodes in the a network, j denotes the degree to which it is connected to nodes in the B network; for each node in the B network, the degree to which it is connected to other nodes is denoted by (k, l), k denotes the degree to which it is connected to other nodes in the B network, and l denotes the degree to which it is connected to nodes in the a network. Setting the minimum degree of connection between the node in the A network and other nodes in the A network as m 11 and the maximum degree as n 11; the minimum degree of connection between the nodes in the A network and the nodes in the B network is m 12, and the maximum degree is n 12; the minimum degree of connection between the node in the B network and other nodes in the B network is m 21, and the maximum degree is n 21; the minimum degree of connection between the node in the B network and the node in the a network is m 22, the maximum degree is n 22;PA (i, ·) indicating the probability of occurrence of the node in the a network with the degree (i, ·), P A (·, j) indicating the probability of occurrence of the node in the a network with the degree (·, j), P B (k, ·) indicating the probability of occurrence of the node in the B network with the degree (k, ·), and P B (·, l) indicating the probability of occurrence of the node in the B network with the degree (·, l).
The calculation method of P A(i,·)、PA(·,j)、PB(k,·)、PB (.l) is specifically as follows:
Defining the coupling average degree as: in a coupled network, the average degree of a node between two networks. The average degree of coupling between the network A and the network B is less than k > 11, the average degree of coupling between the network A and the network B is less than k > 12, the average degree of coupling between the network B and the network B is less than k > 21, the average degree of coupling between the network B and the network A is less than k > 22, and the calculation method specifically comprises the following steps:
The step two is based on coupling P2P network topology, and establishes a dynamic propagation process of industrial Internet network worms by using SIR model, which comprises the following specific steps: is provided with Is the node number of the susceptible state, the malignant infection state, the benign infection state and the immune state which are marked as (i, j) at t in the A network, The number of nodes in the B network is the susceptibility state, the malignant infection state, the benign infection state and the immune state of the scale (k, l) at t. The probability of a transition between the various state nodes at each point in time, irrespective of the blocking effect of worm scanning on the network, is:
Considering the blocking effect of worm scanning on the network, the infection rate of worms is related to the number of worms in the coupled P2P network, and the slower the worm scanning speed, the lower the infection rate. At this time, the infection rate of the malignant worm with time is:
The infection rate of benign worms over time is:
Wherein η 1 and η 2 are the infection rate controlling coefficients of the malignant and benign worms, respectively.
The contact infection rate was defined as: one neighbor of a node in the network is the probability of the node being in an infected state. The method for calculating the malignant worm contact infection rate of the node in the A network along with the time change comprises the following steps of:
The method for calculating the benign worm contact infection rate of the node in the A network, the node in the B network and the node in the B network along with the time change comprises the following steps:
Wherein, The number of nodes in the A network, which are in the malignant infection state and the benign infection state, are marked as (i, j) at t time,/>, respectivelyThe number of nodes in the B network is the malignant infection state and the benign infection state marked by (k, l) at t, and N A、NB is the total number of nodes in the A network and the B network.
Wherein, the specific process of the "prevention stage" in the above step three is: putting benign worms on some hosts with larger degrees in a factory office network-production network coupled P2P network, realizing quick spreading of the early benign worms, achieving a certain-scale immune effect and limiting the spreading range of the malignant worms;
The specific process of the "early stage of the countermeasure phase" in the step three is as follows: when the benign worm detects the existence of the malignant worm, the benign worm adopts active and passive countermeasure strategies at the same time, so that the immunity range is expanded, the early-stage spreading of the malignant worm is restrained, and the later countermeasure pressure is relieved;
The specific process of the "late challenge phase" in the third step is as follows: when the malignant worms in the P2P network of the factory office network-production network account for 10% of the total number of nodes, passive countermeasure strategies are adopted by the benign worms, and the rest malignant worms wait for launching attacks so as to destroy the malignant worms, so that the situation that the benign worms perform a large number of invalid scans so as to block the network and consume industrial Internet resources is avoided.
The invention provides a method for preventing and controlling worm transmission of coupled P2P industrial Internet by using composite benign worms, which has the following characteristics and positive effects:
1. the dynamic characteristics of the coupled P2P network of the factory office network-production network are fully considered, the transmission characteristics of various network worms in the industrial Internet are comprehensively considered, and a method for preventing and controlling the transmission of the coupled P2P network worms by using composite benign worms is provided;
2. Aiming at the topological structure of the coupling P2P network of the factory office network-production network, a concept of coupling average degree is provided in the second step, namely, the average degree of nodes between two networks in the coupling network is provided, so that the connection condition between the nodes in the coupling network is better simulated;
3. Aiming at the topological structure of the coupled P2P network of the factory office network-production network, a concept of contact infection rate is provided in the second step, namely the probability that one neighbor of a node in the network is a node in an infection state, so that the propagation process of malignant worms and benign worms in the coupled network is better simulated;
4. In the third step, the control process is divided into three stages: in the prevention stage, the early stage and the later stage of the countermeasure stage, different prevention and treatment modes are purposefully adopted according to different transmission characteristics of worms in different prevention and treatment stages, so that an effective and economic prevention and treatment effect is achieved, and an industrial Internet collaborative safety protection model and a protection strategy are further perfected;
5. In the prevention stage in the third step, benign worms are put on some host computers with larger degrees in the P2P network of the factory office network-production network coupling, so that the benign worms can be rapidly spread in the early stage, and the spread range of the malignant worms is limited while a certain-scale immune effect is achieved;
6. in the early stage of the challenge phase in the third step, when the benign worm detects the existence of the malignant worm, the benign worm adopts an active and passive challenge strategy at the same time, so that the immune range is expanded, the early-stage propagation of the malignant worm is restrained, and the later challenge pressure is relieved;
7. In the later stage of the countermeasure stage in the step three, when the residual malignant worms in the P2P network of the factory office network-production network coupling account for 10% of the total number of nodes, the benign worms only adopt passive countermeasure strategies and wait for the residual malignant worms to initiate attacks so as to destroy the residual malignant worms, thereby avoiding the situation that the network is blocked due to the fact that the benign worms perform a large number of invalid scans in the network in the existing method and establishing effective industrial Internet cooperative security protection measures;
the control method of the invention has the following expected effects compared with the traditional control method:
Drawings
FIG. 1 is a flow chart of the method according to the present invention.
Fig. 2 is a diagram of a node state transition process in a prevention phase.
FIG. 3 is a diagram illustrating a node state transition process in the early stage of the challenge phase.
Fig. 4 is a diagram of a node state transition process at a later stage of the challenge phase.
Fig. 5 is a diagram showing the number of nodes in each state in the a network when the control method according to the present invention is used.
Fig. 6 is a diagram showing the number of nodes in each state in the B-network when the control method according to the present invention is used.
Fig. 7 is a graph showing the number of nodes in a network a in a malignant infection state, using the control method of the present invention and the countermeasure method without the prevention stage.
Fig. 8 is a graph showing the number of nodes in a network B in a malignant infection state, using the control method of the present invention and the countermeasure method without the prevention stage.
Fig. 9 is a diagram showing the number of nodes in a malignant infection state in a network a by using the control method and the whole course using the mixed countermeasure method according to the present invention.
Fig. 10 is a graph showing the number of nodes in a malignant infection state in a B-network using a control method and a mixed countermeasure method in the whole course of use according to the present invention.
Fig. 11 is a diagram showing the number of nodes in a malignant infection state in the a network after entering the challenge phase when the malignant worms account for 5%, 10%, 20% and 30% of the total number of nodes by using the control method of the present invention.
Fig. 12 is a graph showing the number of nodes in the B-network in the state of malignancy infection after entering the stage of challenge when the control method of the present invention is used, and the ratio of the number of the nodes in the malignant worms is 5%, 10%, 20% and 30% of the total number of the nodes.
Fig. 13 is a graph showing the number of nodes in a network a in a malignant infection state when the average coupling degrees are 2,4 and 6, respectively, by using the control method of the present invention.
Fig. 14 is a graph showing the number of nodes in a B network in a malignant infection state when the average coupling degrees are 2,4, and 6, respectively, using the control method of the present invention.
The symbols in the figures are illustrated as follows:
susceptible are nodes in a susceptible state.
Benign infected are nodes of benign infection status.
Infected is a node in a malignant infection state.
Recovered are nodes of immune status.
Number is the Number of nodes.
Time is the point in Time.
With prevention stage is the control mode of the invention, namely the countermeasure strategy with the prevention stage.
Without prevention stage is a traditional control mode, namely an countermeasure strategy without a prevention stage.
PASSIVE STRATEGY is the control mode of the invention, namely, passive countermeasure strategy is adopted in later period of countermeasure stage.
Mixed strategy is a traditional control mode, namely, a Mixed countermeasure strategy is adopted in the whole countermeasure stage.
Number of infected nodes is the number of nodes in malignant infection state.
Rate is the proportion of malignant worms to the total number of nodes.
And < k > is the coupling average.
Detailed Description
The invention provides a method for preventing and treating malignant worms in coupled P2P industrial Internet by using composite benign worms, which is described in detail below with reference to the accompanying drawings:
Step one: the method comprises the steps of constructing an initial coupling P2P network topology, abstracting a coupling P2P network of a factory office network-production network into a network topology model, taking a host and equipment in the coupling P2P network as nodes, abstracting connection between the host and the equipment into node connection edges, and building the network topology in a certain space.
The factory office network is denoted by an a network and the production network is denoted by a B network, which is a two degree uncorrelated P2P network. For each node in the a network, the degree to which it is connected to other nodes is denoted by (i, j), i denotes the degree to which it is connected to other nodes in the a network, j denotes the degree to which it is connected to nodes in the B network; for each node in the B network, the degree to which it is connected to other nodes is denoted by (k, l), k denotes the degree to which it is connected to other nodes in the B network, and l denotes the degree to which it is connected to nodes in the a network. The total number of nodes in the a network is set to N A =10000, and the total number of nodes in the b network is set to N B =100. Setting the minimum degree between the networks as m 11=m12=m21=m22 =1 and the maximum degree as n 11=n12=n21=n22 =10; the average degree of nodes between each network is < k 11>=<k12>=<k21>=<k22 > =4, each network node is randomly connected with other nodes under the condition that the degree satisfies the power law distribution, and the power law index is r=3.
Step two: based on the coupled P2P network topology, a SIUR model is utilized to establish a dynamic propagation process of industrial Internet network worms, node attributes in the coupled network topology model are changed according to worm propagation attributes in each unit time, and a dynamic network topology model of the coupled P2P network is established.
Is provided withIs the node number of the susceptible state, the malignant infection state, the benign infection state and the immune state marked by (i, j) at t in the A network, The number of nodes in the B network is the susceptibility state, the malignant infection state, the benign infection state and the immune state of the scale (k, l) at t. Setting the infection rate of malignant worms to be beta=1×10-5; the infection rate of benign worms was μ=5×10-6; the probability of a node in a susceptible state transitioning to a node in an immune state isThe probability of a node in immune state transitioning to a node in susceptible state is α=1×10-3; the probability of a node in a malignant infection state transitioning to a node in an immune state is γ=2×10-3; the probability of a node of benign infection state transitioning to a node of immune state is ω=2×10-3.
Considering the blocking effect of worm scanning on the network, the infection rate of worms is related to the number of worms in the P2P network, and the more the number of worms, the slower the scanning speed of the worms and the lower the infection rate. At this time, the infection rate of the malignant worm with time is:
The infection rate of benign worms over time is:
Where η 1 and η 2 are the infection rate adjustment coefficients of the malignant worm and the benign worm, respectively, and are set to η 1=η2 =3.
The contact infection rate was defined as: one neighbor of a node in the network is the probability of the node being in an infected state. The contact infection rates of malignant worms, which change with time, of the A network neighbors of the nodes in the A network, the B network neighbors of the nodes in the B network and the A network neighbors of the nodes in the B network are respectively as follows:
The benign worm contact infection rates of the A network neighbor of the node in the A network, the B network neighbor of the node in the B network and the A network neighbor of the node in the B network with time are respectively as follows:
Step three: the control process is divided into three stages: in the prevention stage, the early stage and the later stage of the countermeasure stage, different prevention and treatment modes are used according to the quantity of worms in the P2P network of the factory office network-production network coupling in different prevention and treatment stages, so that the worm prevention and treatment effect is achieved, and meanwhile, the consumption of industrial Internet network resources is reduced.
Wherein, the specific process of the "prevention stage" in the above step three is: benign worms are put on some nodes with larger degrees in the factory office network-production network coupled P2P network, the ratio is 0.1% of the total number of the nodes in the network, the quick spreading of the early benign worms is realized, the immune effect of a certain scale is achieved, and the spreading range of the malignant worms is limited. Fig. 2 is a diagram of a node state transition process in a preventative phase. The differential equation set in the node state transition process in the prevention stage is as follows:
The specific process of the "early stage of the countermeasure phase" in the step three is as follows: after 20 units of time of benign worms spread, malignant worms randomly appear in the network, accounting for 3% of the total number of nodes. When the benign worm detects the existence of the malignant worm, active and passive countermeasure strategies are adopted at the same time, so that the immune range is expanded, the initial spread of the malignant worm is restrained, and the later countermeasure pressure is relieved. FIG. 3 is a diagram of a node state transition process at the early stage of the challenge phase. The differential equation set of the node state transition process in the early stage of the countermeasure phase is as follows:
The specific process of the "late challenge phase" in the third step is as follows: when the front period of the countermeasure state lasts for about 45 rounds, most nodes in the P2P network of the factory office network-production network are infected by benign worms, and the malignant worms account for 10 percent of the total number of the nodes, the benign worms adopt passive countermeasure strategies, wait for the rest malignant worms to initiate attacks so as to destroy the rest malignant worms, and avoid the condition that the benign worms perform a large number of invalid scans so as to block the network. Fig. 4 is a diagram of a node state transition process at a later stage of the challenge phase. The differential equation set in the node state transition process in the later stage of the countermeasure stage is as follows:
FIG. 5 is a diagram showing the number of nodes in each state in the A network when the control method of the present invention is used; fig. 6 is a diagram showing the number of nodes in each state in the B-network when the control method according to the present invention is used. According to simulation results, the control mode disclosed by the invention is feasible. At the time point 100, the nodes in the malignant infection state are basically disappeared, the infection scale of malignant worms in the whole process is about 60 percent, the malignant worm transmission in the industrial Internet is effectively controlled, and an effective industrial Internet cooperative safety protection measure is established.
FIG. 7 is a graph showing the number of nodes in a malignant infection state in the A network according to the control mode and the countermeasure mode without the prevention stage of the invention; fig. 8 is a graph showing the number of nodes in a malignant infection state in a B-network using the control method of the present invention and the countermeasure method without the prevention stage. The countermeasure without the preventive stage does not put in the benign worms in the preventive stage, and starts to put in the benign worms in the early stage of the countermeasure stage. According to simulation results, compared with a countermeasure mode without a prevention stage, the prevention mode reduces the spreading range of malignant worms from 80% to 60%, the spreading of malignant worms in the industrial Internet is effectively controlled, and an effective industrial Internet cooperative safety protection measure is established.
FIG. 9 is a diagram showing the number of nodes in a malignant infection state in the A network according to the control mode and the whole course using a mixed countermeasure mode; fig. 10 is a diagram of the number of nodes in a network B in a malignant infection state using a control method according to the present invention and a mixed countermeasure method throughout the use. According to simulation results, compared with the traditional whole-course countermeasure mode, the control mode has basically the same effect, but the passive countermeasure strategy is adopted in the later period of the countermeasure stage, so that the blocking effect of invalid scanning of a large number of benign worms in the network on the industrial Internet is avoided, the consumption of the benign worms on the industrial Internet network resources is greatly reduced, and the industrial Internet cooperative security protection strategy is improved.
Comparison of the challenge stage benign worm challenge strategy is shown in the following table:
the consumption of network resources at the later stage of the challenge phase is shown in the following table:
FIG. 11 is a diagram showing the number of nodes in the network A in the state of malignant infection after entering the stage of fighting when the control mode of the present invention is used and the malignant worms account for 5%, 10%, 20% and 30% of the total number of nodes respectively; fig. 12 is a diagram showing the number of nodes in the network B in the state of malignancy infection after entering the stage of challenge when the control method of the present invention is used, and the ratio of the number of the nodes in the network B is 5%, 10%, 20% and 30% of the total number of the nodes. According to simulation results, the control mode of the invention enters the later stage of the countermeasure phase when the malignant worm accounts for less than 10% of the total number of nodes, and the infection duration of the malignant worm is similar and shorter, because the earlier the malignant worm enters the later stage of the countermeasure phase, the less the consumption of the industrial Internet network resources is, the later stage of the countermeasure phase is selected when the malignant worm accounts for 10% of the total number of nodes, and the industrial Internet network resources are saved.
FIG. 13 is a graph showing the number of nodes in a network A in a malignant infection state when the average coupling degree is 2,4 and 6 respectively by using the control mode of the invention; fig. 14 is a graph showing the number of nodes in a malignant infection state in a B network when the average coupling degrees are 2,4 and 6, respectively, by using the control method of the present invention. According to simulation results, the control mode provided by the invention has the advantages that the larger the coupling average degree is, the smaller the infection scale of malignant worms is, the shorter the infection time is, and the better the control effect is. The actual industrial Internet has larger coupling average degree, so that the control mode can generate good control effect, and the industrial Internet cooperative safety protection model is further perfected.
The above embodiments are only for illustrating the present invention and not for limiting the present invention, and various changes and modifications may be made by one skilled in the relevant art without departing from the spirit and scope of the present invention, so that all equivalent technical solutions fall within the scope of the present invention, which is defined by the claims. What is not described in detail in this specification is prior art known to those skilled in the art.
Claims (3)
1. A method for controlling the spread of coupled P2P industrial internet worms using composite benign worms, characterized by the specific steps of:
step one: constructing an initial coupling P2P network topology, abstracting a coupling P2P network of a factory office network-a production network into a network topology model, taking a host and equipment in the coupling P2P network as nodes, abstracting connection between the host and the equipment into node connection edges, and establishing network topology in space;
Step two: based on the coupled P2P network topology, utilizing SIUR model to establish dynamic propagation process of industrial Internet network worm, changing node attribute in the coupled network topology model according to worm propagation attribute in each unit time, and constructing dynamic network topology model of coupled P2P network;
Step three: the control process is divided into three stages: in the prevention stage, the early stage and the later stage of the countermeasure stage, different prevention and treatment modes are used according to the quantity of worms in the P2P network coupled with the factory office network and the production network in different prevention and treatment stages, so that the worm effect of the coupled P2P network is prevented and treated, and meanwhile, the consumption of industrial Internet network resources is reduced;
The dynamic transmission process of industrial Internet network worms is established by utilizing SIUR model based on coupling P2P network topology, and the contact infection rate is defined as follows: a probability that one neighbor of a node in a network is a node in an infected state, the contact infection rate comprising: the method for calculating the malignant worm contact infection rate of the node in the A network along with the time change comprises the following steps of:
The contact infection rate includes: the method for calculating the benign worm contact infection rate of the node in the A network, the node in the B network and the node in the B network along with the time change comprises the following steps:
Wherein, The number of nodes in the A network, which are in the malignant infection state and the benign infection state, are marked as (i, j) at t time,/>, respectivelyThe number of nodes in the B network is the malignant infection state and the benign infection state marked by (k, l) at t, and N A、NB is the total number of nodes in the A network and the B network.
2. A method of controlling the spread of coupled P2P industrial internet worms using composite benign worms according to claim 1, wherein: in the constructing of the initial coupling P2P network topology, the coupling average degree is defined as follows: in a coupled network, an average degree of nodes between two networks, the average degree of coupling comprising: the average degree of coupling between the network A and the network B is less than k > 11, the average degree of coupling between the network A and the network B is less than k > 12, the average degree of coupling between the network B and the network B is less than k > 21, the average degree of coupling between the network B and the network A is less than k > 22, and the calculation method specifically comprises the following steps:
Wherein, the A network represents a factory office network, the B network represents a production network, which is a P2P network with two independent degrees, the degrees of nodes in each network follow power law distribution, for each node in the A network, the degree of connection of the node with other nodes is represented by (i, j), the degree of connection of the node with other nodes in the A network is represented by i, and the degree of connection of the node with the node in the B network is represented by j; for each node in the B network, the degree of connection of the node with other nodes is represented by (k, l), k represents the degree of connection of the node with other nodes in the B network, l represents the degree of connection of the node with other nodes in the A network, the minimum degree of connection of the node in the A network with other nodes in the A network is m 11, and the maximum degree is n 11; the minimum degree of connection between the nodes in the A network and the nodes in the B network is m 12, and the maximum degree is n 12; the minimum degree of connection between the node in the B network and other nodes in the B network is m 21, and the maximum degree is n 21; the minimum degree of connection between the node in the B network and the node in the A network is m 22, the maximum degree is n 22;PA (i,) represents the probability of occurrence of the node in the A network with the degree (i,), P A (·, j) represents the probability of occurrence of the node in the A network with the degree (·, j), P B (k,) represents the probability of occurrence of the node in the B network with the degree (k,), and P B (·, l) represents the probability of occurrence of the node in the B network with the degree (·, l);
The calculation method of P A(i,·)、PA(·,j)、PB(k,·)、PB (.l) is specifically as follows:
where r is the power law exponent of the power law distribution obeying the degree of the nodes in the network.
3. The method for preventing and controlling the spread of internet worms coupled to the P2P industry by using composite benign worms according to claim 1, characterized in that the preventing and controlling process is specifically as follows:
Stage one: the prevention stage comprises the following specific processes: putting benign worms on some hosts with larger degrees in a factory office network-production network coupled P2P network, realizing quick spreading of the early benign worms, achieving a certain-scale immune effect and limiting the spreading range of the malignant worms;
Stage two: the early stage of the countermeasure phase comprises the following specific processes: when the benign worm detects the existence of the malignant worm, the benign worm adopts active and passive countermeasure strategies simultaneously, so that the immune range is expanded, the early spreading of the malignant worm is restrained, and the later countermeasure pressure is relieved;
Stage three: the later stage of the countermeasure phase comprises the following specific processes: when the malignant worms in the P2P network of the factory office network-production network account for 10% of the total number of nodes, passive countermeasure strategies are adopted by the benign worms, and the rest malignant worms wait for launching attacks so as to destroy the malignant worms, so that the situation that the benign worms perform a large number of invalid scans so as to block the network and consume industrial Internet resources is avoided.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202211134586.1A CN115941238B (en) | 2022-09-19 | 2022-09-19 | Method for preventing and controlling coupled P2P industrial Internet worm transmission by using composite benign worm |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202211134586.1A CN115941238B (en) | 2022-09-19 | 2022-09-19 | Method for preventing and controlling coupled P2P industrial Internet worm transmission by using composite benign worm |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN115941238A CN115941238A (en) | 2023-04-07 |
| CN115941238B true CN115941238B (en) | 2024-06-25 |
Family
ID=86649546
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202211134586.1A Active CN115941238B (en) | 2022-09-19 | 2022-09-19 | Method for preventing and controlling coupled P2P industrial Internet worm transmission by using composite benign worm |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN115941238B (en) |
Family Cites Families (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102075579A (en) * | 2011-01-20 | 2011-05-25 | 西安海埔电子科技有限公司 | Peer-to-peer (P2P) power-law network worm propagation model and construction analysis method thereof |
| CN102404715A (en) * | 2011-11-18 | 2012-04-04 | 广东步步高电子工业有限公司 | Method for resisting worm virus of mobile phone based on friendly worm |
| KR101825911B1 (en) * | 2016-09-26 | 2018-02-07 | 국방과학연구소 | Worm attack modeling and simulation for data transport network having hierarchical structure |
-
2022
- 2022-09-19 CN CN202211134586.1A patent/CN115941238B/en active Active
Non-Patent Citations (2)
| Title |
|---|
| 基于良性益虫的对等网络蠕虫防御技术;周世杰;计算机科学;20110315;全文 * |
| 基于良性蠕虫对抗P2P蠕虫的策略研究;罗卫敏;计算机应用研究;20091215;全文 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN115941238A (en) | 2023-04-07 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN111431946B (en) | Mimicry router execution body scheduling method and mimicry router | |
| CN103152345B (en) | A kind of optimum attacking and defending decision-making technique of network security of attacking and defending game | |
| Yang et al. | Blockchain-based secure distributed control for software defined optical networking | |
| CN109714372B (en) | Network safety system and processing method based on block chain | |
| CN111045334B (en) | Active defense elastic sliding mode control method of information physical fusion system | |
| Yang et al. | Propagable backdoors over blockchain-based federated learning via sample-specific eclipse | |
| CN115941238B (en) | Method for preventing and controlling coupled P2P industrial Internet worm transmission by using composite benign worm | |
| CN111416810B (en) | Multi-security-component cooperative response method based on group intelligence | |
| Xu et al. | Attack identification for software-defined networking based on attack trees and extension innovation methods | |
| CN101005432B (en) | Network with distributed authentication control | |
| CN115811428B (en) | Defense method, system, equipment and storage medium for resisting DDoS attack | |
| Feng et al. | A Cross-domain Collaborative DDoS Defense Scheme Based on Blockchain-SDN in the IoT | |
| Hassan et al. | Performance-aware malware epidemic confinement in large-scale iot networks | |
| Gupta et al. | NeighborTrust: a trust-based scheme for countering Distributed Denial-of-Service attacks in P2P networks | |
| CN115065531B (en) | SDN-based mobile target defense method for IoT network sniffing attack | |
| Chen | Research on ARP attack principle and defense measures in LAN | |
| CN114244586B (en) | Self-adaptive mobile target defense method and system for Web service | |
| CN112448929A (en) | Dynamic side protection method and platform for communication network | |
| Kim et al. | Key node selection based on a genetic algorithm for fast patching in social networks | |
| Cao et al. | Secure virtual resource allocation in heterogeneous networks for intelligent transportation | |
| Lin et al. | Maximization of network survivability under malicious and epidemic attacks | |
| Zhou et al. | Breaking monocultures in P2P networks for worm prevention | |
| Wu et al. | Proactive worm prevention based on p2p networks | |
| CN116827634A (en) | Jump period adjusting system and method based on intrusion detection and electronic equipment | |
| Haghi et al. | Providing a model based on Poisson distribution for malware propagation assessment in peer-to-peer networks |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |