基于SEIPQR模型的工控蠕虫防御策略

doi:10.11959/j.issn.2096-109x.2022032

Abstract

Abstract:

Computer viruses keep evolving with the development of society and progress of technologies, and they become more complex and hidden.The worm virus is the earliest computer virus, which has evolved to an industrial control worm virus and caused a great impact on the safety of the industrial system.Neither the single network isolation nor the patching immunity is unable to keep up with the spreading of the worm virus.The propagation mode and characteristics of the worm virus in the industrial control system were analyzed.Based on the related works of network isolation and patching, a defense strategy against the worm virus was proposed.This strategy was originated from the fundamental infectious disease model, and then a mathematics model (SEIPQR) was proposed to simulate the trend of worm virus propagation.The model included six situations: Susceptible, Exposed, Infected, Quarantine and Recovered.The state transition diagrams of the model was created, and the calculus equations were obtained from the state transition diagrams.Under the condition that the number of system equipment is fixed, the equations were transformed.The equations were solved by solving the basic regeneration number R0, and six equation expressions of the model ware analyzed when the number of exposed hosts and infected hosts is zero.According to the principle of the Routh-Hurwitz, the system is asymptotically stable when R₀＜1, and unstable if R₀＞1.Then the dynamic characteristics of the SEIPQR model under different patching probability, different isolation rate and different infection rate were compared by numerical simulation.Furthermore, the disease-free equilibrium point and endemic equilibrium point of the model were obtained.The simulation results showed that, when the whole system is infected with worm virus, timely patching the susceptible devices and isolating the network can effectively inhibit the spread of industrial control worm virus.

Key words: industrial control network, industrial control worm, epidemic model, numerical simulation

CLC Number:

TP393

Jie PAN, Lan YE, He ZHAO, Xinlei ZHANG. Defense strategy of industrial control worm based on SEIPQR model[J]. Chinese Journal of Network and Information Security, 2022, 8(3): 169-175.

Figures/Tables 8

References 20

[1]	TRAUTMAN L J , ORMEROD P C . Industrial cyber vulnerabilities:lessons from stuxnet and the Internet of Things[J]. Social Science Electronic Publishing, 2017,72: 767-769.
[2]	GEWIRTZ D . Night dragon:cyberwar meets corpoiate espionage,J.Counterter[J]. Homeland Secur Int, 2011,17(2): 6.
[3]	BENCSATH B , PEK G , BUTTYAN L ,et al. The cousins of stuxnet:Duqu,flame,and gauss,Future Int[J]. 2012,4(4): 971-1003.
[4]	MAYNARD P , MCLAUGHLIN K , SEZER S . Modelling duqu 2.0 malware using attack trees with sequential conjunction[C]// Proceedings of the International Conference on Information Systems Security and Privacy. 2016: 465-472.
[5]	SPENNEBERG R , BRUGGEMANN M , SCHWARTKE H . Plcblaster:a worm living solely in the PLC[C]// Black Hat Asia 16, 2016.
[6]	RAVAL S . Blackenergy a threat to industrial control systems network security[J]. International Journal of Advanced Research in Engineering ＆ Technologies. 2015,2(12): 120-125.
[7]	朱朝阳 . 委内瑞拉大停电事故的背后[J]. 国家电网, 2019(5): 72-74.
	ZHU C Y . Behind the blackout in Venezuela[J]. State Grid, 2019(5): 72-74.
[8]	LLOYD A L , MAY R M . Epidemiology:how viruses spread among computers and people[J]. Science, 2001,292(5): 1316-1317.
[9]	COHEN F . Computer viruses:theory and experiments[J]. Computers ＆ Security, 1987,6(1): 22-35.
[10]	STANIFORD S , PAXSON V , WEAVER N . How to own the internet in your spare time[C]// USENIX Security Symposium. 2002: 14-15.
[11]	MARTíN del R A , HERNáNDEZ G , BUSTOS T A ,et al. Advanced malware propagation on random complex networks[J]. Neurocomputing, 2021,423: 689-696.
[12]	HOSSEINI S , ABDOLLAHI A M , RAHMANI T A . Agent-based simulation of the dynamics of malware propagation in scale-free networks[J]. Simulation, 2016,92(7): 709-722.
[13]	KUPENNAN M , ABRAMSON G , NEWMAN M ,et al. Small world effect in an epidemiological model[M]// The Structure and Dynamics of Networks. Princeton University Press, 2011: 489-492.
[14]	AGIZA H N , ELGAZZAR A S , Youssef S A . Phase transitions in some epidemic models defined on small-world networks[J]. International Journal of Modern Physics C, 2003,14(6): 825-833.
[15]	YUAN L . The research on control strategy of worms spread in complex network in industry[J]. Advanced Materials Research, 2012,487: 758-763.
[16]	JUIL C M , LEGAND L B III , JOSEPH I Gill . Modelling the spread of mobile malware[J]. International Journal of Computer Aided Engineering and Technology, 2010,2(1): 3-14.
[17]	SHANG Y . Optimal attack strategies in a dynamic botnet defense model[J]. Applied Mathematics ＆ Information Sciences, 2012,6(1): 29-33.
[18]	KALE A R , SHIRBHATE D D . An advanced hybrid peer-to-peer botnet[J]. International Journal of Wireless Communication, 2012,2(1): 15-19.
[19]	苏飞, 林昭文, 马严 ,等. IPv6 网络环境下的蠕虫传播模型研究[J]. 通信学报, 2011,32(9): 51-60.
	SU F , LIN Z W , MA Y ,et al. Research on worm propagation model in IPv6 networks[J]. Journal on Communications, 2011,32(9): 51-60.
[20]	SEN M D L , NISTAL R , ALONSO-QUESADA S , ,et al. Some formal results on positivity,stability,and endemic steady-state attainability based on linear algebraic tools for a class of epidemic models with eventual incommensurate delays[J]. Discrete Dynamics in Nature and Society, 2019(7): 1-22.

Metrics

Recommended 0

No Suggested Reading articles found!

参数	数值
β	0.000 000 08
μ	0.000 5
p	0.2
γ	0.06
δ	0.000 000 1
σ	0.08
ω	0.000 000 08

Defense strategy of industrial control worm based on SEIPQR model

RichHTML

PDF下载

Knowledge

Abstract

Cite this article

share this article

Figures/Tables 8

References 20

Related Articles 1

Metrics

Recommended 0