网络病毒的求源问题

Tracing the Source of Net-Virus

现有的网络病毒方面的文章大都强调网络病毒与生物病毒的相似性,而生物病毒的寻源具有很多不确定因素,因此很少有人提出网络病毒寻源的理论。本文强调网络病毒的传播不同于生物病毒的传播,它的传播信息是可以通过网络获取的；病毒的求源虽然是病毒传播的逆过程,但它也不同于严格意义上的反问题。文章提出子网内病毒传播路径的始点即为子网的病毒源。指出病毒的传播引起的计算机结点的状态变迁是获取病毒实际传播路径的主要依据,而计算机感染病毒的诊断和清毒是获取该依据的重要手段。由此,文章建立了子网的状态变迁方程。结合实际的网络因素和实践,文章给出了一套求解的方法和步骤,反复求解子网的状态变迁方程即可求得病毒实际传播的路径,传播路径的始点即为病毒的一个源点。最后,文章对模型及其解法给出了模拟实验,实验证明了理论模型的正确性和求解方法的有效性。文章为建立网络病毒的求源理论打开了一定的思路。

As most papers about net viruses focus the similarity shared by net viruses and biological virus and the source tracing of the latter relies on many uncertain factors. Few paper establishes theory on the source tracing of net viruses. Different from those papers, this paper focuses on different spreading features of net virus compared with the biological virus, such as the spreading information of net virus can be recorded. Though tracing the source of virus is the inverse of the viruses＇ spreading, but the paper thinks that tracing the source is not the strict inverse problem so far. The paper presents the definition for the source of viruses in a sub net the start vertex of the spreading path of the virus. The paper points out that state changing of the vertices caused by the spreading of the virus is the important hints to tracing the spreading path of the virus. The scanning and cleaning are main methods to get these hints. Then the paper establishes the source tracing equations for the net virus. Combining with the practice, the paper presents the main steps and rnethods to get the solutions to the equations. Working out the equations repeatedly, the paper get the spreading path of the virus; thus the start vertex of the path is got which must be the source of the virus in the sub net. Finally, the paper carries out the simulation test on an email group net. The results of the test verify our tracing model and methods of working out the equations. Thus the paper opens a theoretic way to tracing the source of net viruses.