期刊文献+

基于SEIPQR模型的工控蠕虫防御策略

Defense strategy of industrial control worm based on SEIPQR model
下载PDF
导出
摘要 随着社会的发展和技术的进步,计算机病毒也发生了进化,变得越来越复杂,越来越隐蔽。其中蠕虫病毒更是最早的计算机病毒发展进化成为可以在工控系统上感染并进行传播的工控蠕虫病毒,极大影响工业生产的安全。单一的网络隔离或者打补丁免疫,已经跟不上蠕虫病毒的传播速度。针对该现状,分析蠕虫病毒在工控系统上的传播方式以及特点,在原有网络隔离和补丁的基础上提出一种针对工控蠕虫的防御策略,以达到有效防御蠕虫病毒的目的。该防御策略基于传染病模型的基本思想提出了一个模拟蠕虫传播趋势的数学模型SEIPQR。该模型包含易感染(susceptible)状态、暴露(exposed)状态、打补丁(patched)状态、感染(infected)状态、隔离(quarantine)状态以及免疫(recovered)状态6种状态,创建模型的6种状态转换图,对状态转换图得到微积分方程组,在系统设备数量一定的情况下,对方程组进行变换,通过求解基本再生数R0的方法对方程组进行求解,并分析当暴露主机和感染主机的数量为0时模型的6种方程表达式,根据Routh-Hurwitz准则得出当R0<1时,系统是渐进稳定的;当R0>1时,系统是不稳定的。通过数值仿真对比在不同打补丁概率、不同隔离率以及不同感染率3种情况下SEIPQR模型的动力学特性,并得到模型的无病平衡点和地方病平衡点。数据仿真结果表明,在整个系统感染蠕虫病毒时,对易感染设备及时地打补丁以及进行网络隔离可以有效抑制工控蠕虫的传播。 Computer viruses keep evolving with the development of society and progress of technologies, and they become more complex and hidden. The worm virus is the earliest computer virus, which has evolved to an industrial control worm virus and caused a great impact on the safety of the industrial system. Neither the single network isolation nor the patching immunity is unable to keep up with the spreading of the worm virus. The propagation mode and characteristics of the worm virus in the industrial control system were analyzed. Based on the related works of network isolation and patching, a defense strategy against the worm virus was proposed. This strategy was originated from the fundamental infectious disease model, and then a mathematics model(SEIPQR) was proposed to simulate the trend of worm virus propagation. The model included six situations: Susceptible, Exposed, Infected, Quarantine and Recovered. The state transition diagrams of the model was created, and the calculus equations were obtained from the state transition diagrams. Under the condition that the number of system equipment is fixed, the equations were transformed. The equations were solved by solving the basic regeneration number R0, and six equation expressions of the model ware analyzed when the number of exposed hosts and infected hosts is zero. According to the principle of the Routh-Hurwitz, the system is asymptotically stable when R0<1, and unstable if R0>1. Then the dynamic characteristics of the SEIPQR model under different patching probability, different isolation rate and different infection rate were compared by numerical simulation. Furthermore, the disease-free equilibrium point and endemic equilibrium point of the model were obtained. The simulation results showed that, when the whole system is infected with worm virus, timely patching the susceptible devices and isolating the network can effectively inhibit the spread of industrial control worm virus.
作者 潘洁 叶兰 赵贺 张鑫磊 PAN Jie;YE Lan;ZHAO He;ZHANG Xinlei(China Mobile Group Design Institute Co.,Ltd.,Beijing 100080,China;China Mobile Group,Beijing 100032,China;China Mobile Procurement Shared Service Center,Beijing 100053,China)
出处 《网络与信息安全学报》 2022年第3期169-175,共7页 Chinese Journal of Network and Information Security
关键词 工业控制网络 工控蠕虫 传染病模型 数值仿真 industrial control network industrial control worm epidemic model numerical simulation
  • 相关文献

参考文献2

二级参考文献18

  • 1刘烃,郑庆华,管晓宏,陈欣琦,蔡忠闽.IPv6网络中蠕虫传播模型及分析[J].计算机学报,2006,29(8):1337-1345. 被引量:9
  • 2MOORE D, SHANNON C, CLAFFY K. Code-Red: a case study on the spread and victims of an Internet worm[A]. Proceedings of the Intemet Measurement Workshop[C]. Marseille, 2002.273-284.
  • 3MOORE D, PAXSON V, SAVAGE S. Inside the Slammer worln[J]. IEEE Security and Privacy, 2003, 1(4): 33-39.
  • 4PORRAS E SAIDI H, YEGNESWARAN V. A multi-perspective analysis of the storm (peacomm) worm. technical report[EB/OL]. http://www.cyber-ta.org/pubs/StormWornaJ, 2007.
  • 5NAZARIO J. The conficker cabal announced[EB/OL], http://www.asert. arbometworks.com/2009/02/the-conficker-cabal-announced/, 2009.
  • 6BELLOVIN S, CHESWICK B, KEROMYTIS A. Worm propagation strategies in an IPv6 Intemet[J]. The USENIX Magazine, 2006, 31(1):70-16.
  • 7KAMRA A, FENG H H, MISRA V. The effect of DNS delays on worm propagation in an IPv6 Intemet[A]. Proceedings of the IEEE INFOCOM[C]. 2005.2405-2414.
  • 8ZHENG Q, LIU T, GUAN X. A new worm exploiting IPv4-IPv6 dualstack networks[A]. Proceedings of the 2007 ACM Workshop on Recurring Malcode[C]. 2007.
  • 9LIU T, GUAN X, ZHENG Q. A new worm exploiting IPv6 and IPv4-IPv6 dual-stack networks: experiment, modeling, simulation, defense[J]. IEEE Network Magazine, 2009, 23(5):22-29.
  • 10SU F, LIN Z, MAY. Worm propagation modeling based on two-factor model[A]. Proceedings of 5th International Conference on Wireless Communications, Networking and Mobile Computing[C]. 2009.

共引文献22

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
使用帮助 返回顶部