基于SEIPQR模型的工控蠕虫防御策略

doi:10.11959/j.issn.2096-109x.2022032

摘要/Abstract

摘要：

随着社会的发展和技术的进步，计算机病毒也发生了进化，变得越来越复杂，越来越隐蔽。其中蠕虫病毒更是最早的计算机病毒发展进化成为可以在工控系统上感染并进行传播的工控蠕虫病毒，极大影响工业生产的安全。单一的网络隔离或者打补丁免疫，已经跟不上蠕虫病毒的传播速度。针对该现状，分析蠕虫病毒在工控系统上的传播方式以及特点，在原有网络隔离和补丁的基础上提出一种针对工控蠕虫的防御策略，以达到有效防御蠕虫病毒的目的。该防御策略基于传染病模型的基本思想提出了一个模拟蠕虫传播趋势的数学模型 SEIPQR。该模型包含易感染（susceptible）状态、暴露（exposed）状态、打补丁（patched）状态、感染（infected）状态、隔离（quarantine）状态以及免疫（recovered）状态 6 种状态，创建模型的 6 种状态转换图，对状态转换图得到微积分方程组，在系统设备数量一定的情况下，对方程组进行变换，通过求解基本再生数R0的方法对方程组进行求解，并分析当暴露主机和感染主机的数量为0时模型的6种方程表达式，根据Routh-Hurwitz准则得出当R₀＜1时，系统是渐进稳定的；当R₀＞1时，系统是不稳定的。通过数值仿真对比在不同打补丁概率、不同隔离率以及不同感染率3种情况下SEIPQR模型的动力学特性，并得到模型的无病平衡点和地方病平衡点。数据仿真结果表明，在整个系统感染蠕虫病毒时，对易感染设备及时地打补丁以及进行网络隔离可以有效抑制工控蠕虫的传播。

关键词: 工业控制网络, 工控蠕虫, 传染病模型, 数值仿真

Abstract:

Computer viruses keep evolving with the development of society and progress of technologies, and they become more complex and hidden.The worm virus is the earliest computer virus, which has evolved to an industrial control worm virus and caused a great impact on the safety of the industrial system.Neither the single network isolation nor the patching immunity is unable to keep up with the spreading of the worm virus.The propagation mode and characteristics of the worm virus in the industrial control system were analyzed.Based on the related works of network isolation and patching, a defense strategy against the worm virus was proposed.This strategy was originated from the fundamental infectious disease model, and then a mathematics model (SEIPQR) was proposed to simulate the trend of worm virus propagation.The model included six situations: Susceptible, Exposed, Infected, Quarantine and Recovered.The state transition diagrams of the model was created, and the calculus equations were obtained from the state transition diagrams.Under the condition that the number of system equipment is fixed, the equations were transformed.The equations were solved by solving the basic regeneration number R0, and six equation expressions of the model ware analyzed when the number of exposed hosts and infected hosts is zero.According to the principle of the Routh-Hurwitz, the system is asymptotically stable when R₀＜1, and unstable if R₀＞1.Then the dynamic characteristics of the SEIPQR model under different patching probability, different isolation rate and different infection rate were compared by numerical simulation.Furthermore, the disease-free equilibrium point and endemic equilibrium point of the model were obtained.The simulation results showed that, when the whole system is infected with worm virus, timely patching the susceptible devices and isolating the network can effectively inhibit the spread of industrial control worm virus.

Key words: industrial control network, industrial control worm, epidemic model, numerical simulation

中图分类号:

TP393

潘洁, 叶兰, 赵贺, 张鑫磊. 基于SEIPQR模型的工控蠕虫防御策略[J]. 网络与信息安全学报, 2022, 8(3): 169-175.

Jie PAN, Lan YE, He ZHAO, Xinlei ZHANG. Defense strategy of industrial control worm based on SEIPQR model[J]. Chinese Journal of Network and Information Security, 2022, 8(3): 169-175.

图/表 8

图1

表1

图2

图3

图4

图5

图6

图7

参考文献 20

[1]	TRAUTMAN L J , ORMEROD P C . Industrial cyber vulnerabilities:lessons from stuxnet and the Internet of Things[J]. Social Science Electronic Publishing, 2017,72: 767-769.
[2]	GEWIRTZ D . Night dragon:cyberwar meets corpoiate espionage,J.Counterter[J]. Homeland Secur Int, 2011,17(2): 6.
[3]	BENCSATH B , PEK G , BUTTYAN L ,et al. The cousins of stuxnet:Duqu,flame,and gauss,Future Int[J]. 2012,4(4): 971-1003.
[4]	MAYNARD P , MCLAUGHLIN K , SEZER S . Modelling duqu 2.0 malware using attack trees with sequential conjunction[C]// Proceedings of the International Conference on Information Systems Security and Privacy. 2016: 465-472.
[5]	SPENNEBERG R , BRUGGEMANN M , SCHWARTKE H . Plcblaster:a worm living solely in the PLC[C]// Black Hat Asia 16, 2016.
[6]	RAVAL S . Blackenergy a threat to industrial control systems network security[J]. International Journal of Advanced Research in Engineering ＆ Technologies. 2015,2(12): 120-125.
[7]	朱朝阳 . 委内瑞拉大停电事故的背后[J]. 国家电网, 2019(5): 72-74.
	ZHU C Y . Behind the blackout in Venezuela[J]. State Grid, 2019(5): 72-74.
[8]	LLOYD A L , MAY R M . Epidemiology:how viruses spread among computers and people[J]. Science, 2001,292(5): 1316-1317.
[9]	COHEN F . Computer viruses:theory and experiments[J]. Computers ＆ Security, 1987,6(1): 22-35.
[10]	STANIFORD S , PAXSON V , WEAVER N . How to own the internet in your spare time[C]// USENIX Security Symposium. 2002: 14-15.
[11]	MARTíN del R A , HERNáNDEZ G , BUSTOS T A ,et al. Advanced malware propagation on random complex networks[J]. Neurocomputing, 2021,423: 689-696.
[12]	HOSSEINI S , ABDOLLAHI A M , RAHMANI T A . Agent-based simulation of the dynamics of malware propagation in scale-free networks[J]. Simulation, 2016,92(7): 709-722.
[13]	KUPENNAN M , ABRAMSON G , NEWMAN M ,et al. Small world effect in an epidemiological model[M]// The Structure and Dynamics of Networks. Princeton University Press, 2011: 489-492.
[14]	AGIZA H N , ELGAZZAR A S , Youssef S A . Phase transitions in some epidemic models defined on small-world networks[J]. International Journal of Modern Physics C, 2003,14(6): 825-833.
[15]	YUAN L . The research on control strategy of worms spread in complex network in industry[J]. Advanced Materials Research, 2012,487: 758-763.
[16]	JUIL C M , LEGAND L B III , JOSEPH I Gill . Modelling the spread of mobile malware[J]. International Journal of Computer Aided Engineering and Technology, 2010,2(1): 3-14.
[17]	SHANG Y . Optimal attack strategies in a dynamic botnet defense model[J]. Applied Mathematics ＆ Information Sciences, 2012,6(1): 29-33.
[18]	KALE A R , SHIRBHATE D D . An advanced hybrid peer-to-peer botnet[J]. International Journal of Wireless Communication, 2012,2(1): 15-19.
[19]	苏飞, 林昭文, 马严 ,等. IPv6 网络环境下的蠕虫传播模型研究[J]. 通信学报, 2011,32(9): 51-60.
	SU F , LIN Z W , MA Y ,et al. Research on worm propagation model in IPv6 networks[J]. Journal on Communications, 2011,32(9): 51-60.
[20]	SEN M D L , NISTAL R , ALONSO-QUESADA S , ,et al. Some formal results on positivity,stability,and endemic steady-state attainability based on linear algebraic tools for a class of epidemic models with eventual incommensurate delays[J]. Discrete Dynamics in Nature and Society, 2019(7): 1-22.

参数	数值
β	0.000 000 08
μ	0.000 5
p	0.2
γ	0.06
δ	0.000 000 1
σ	0.08
ω	0.000 000 08