【作者】 李毅红；

【导师】 潘晋孝； 靳祯；

【作者基本信息】 中北大学 ， 信号与信息处理， 2013， 博士

【摘要】 现代信息网络中,网络蠕虫凭借自我复制的能力,以网络为传播媒介,成为目前互联网上最严重的安全威胁之一。为了有效防御网络蠕虫,降低其造成的危害,网络蠕虫传播机理及控制策略成为研究热点。目前,随着计算机网络技术的进步,网络蠕虫呈现出种类繁多、传播途径多样化等新的特点,简单套用传染病传播模型,泛泛地研究网络蠕虫,不具有针对性,很难反映蠕虫的传播特征。同时网络拓扑结构和用户行为等是蠕虫传播所依赖的关键因素,为了能更真实的反应蠕虫的传播机制,必须将这些因素考虑到特定蠕虫的传播模型中。因此如何刻画网络拓扑、用户行为对蠕虫的传播速度、范围及控制效果的影响是非常有意义且值得深入研究的。为此本文以email蠕虫、P2P蠕虫及随机扫描蠕虫为研究对象,根据其不同传播特征,建立相应蠕虫的动力学模型,并分析其传播动力学行为,得到蠕虫传播的关键阈值条件,为网络蠕虫的预防和控制提供理论依据。具体研究内容如下：针对email蠕虫传播所依赖的网络的特殊性,通过网络语言的抽象与刻画,建立了email蠕虫传播的离散模型,并将其转化为连续常微分动力系统,分析了系统的动力学性态,进一步通过构造Liapunov函数,估计出了平衡态的吸引域,为email蠕虫的控制提供了依据。针对P2P网络的无标度特性,利用良性蠕虫主动防御的特点,考虑P2P网络上的良性-恶意蠕虫对抗过程,建立了复杂网络模型,得到了蠕虫传播的有效再生数,证明了网络拓扑结构在蠕虫传播过程中的关键作用,分析了不同参数对恶意蠕虫控制的影响,比较了良性蠕虫不同投放策略的控制效果,并提出了可行的控制恶意蠕虫传播策略。针对用户行为与蠕虫传播之间相互作用、相互影响的特点,依据用户保护力度将脆弱主机进行划分,建立了耦合用户自适应保护行为的动力学模型,得到了用户行为修正的基本再生数,发现模型会出现后向分支等复杂的动力学性态,从而刻画了用户行为在蠕虫传播中的重要作用,并针对不同情况提出了合理的蠕虫控制策略。更多还原

【Abstract】 In the modern information and network security, internet worms have become one of the most serious security threats to the Internet. Internet worms take the network as a transmission medium and have self-replication capability. In order to effectively defense the internet worm attack and reduce the damage caused by them, the propagation mechanism and control strategies of internet worms have become active research topics. However, with the rapid development of the computer and network technologies, the internet worms have new characteristics such as wide varieties, multiple transmission routes. As a result, only utilizing the disease transmission model simply to analyze the internet worms has no pertinence. Meanwhile, it will be hard to reflect the transmission characteristics of the worms if do not consider the network topology and user behavior. Thus, this dissertation takes the email worms, P2P worms and random scanning worms as the research objects, and study the transmission and control model of the internet worms according to their different network topological structure and possible user behavior. By analyzing the transmission dynamic behaviors of the relative worms, the critical threshold condition which determines whether the worm can survive or not are given. This may contribute to defense and control the propagation of the internet worms. The detailed contents are as follows:Because the special characters of the logical network along which email worms spread,a discrete model of email worms spread are established utilizing the network terminology to abstract and characterize the logical network. By transforming the model to a continuous ordinary differential dynamical system, the dynamical features are analyzed. On the basis of the Liapunov function, the domains of attraction of equilibria are estimated, which provided theoretical guidance for the control of the email worms spread.Due to the scale-free characters of the P2P network and the active defense characters of the benign worms, a complex network model was proposed by analyzing the interactions between benign worms and malicious worms and the network node’s state transition process. Based on the dynamical analysis of the model, the effective reproduction number was obtained, which demonstrate the pivotal role of the network topological structure on the propagation of P2P worms. At the same time, the influences of the related parameters of network topology and worm propagation for the control of malicious worms’ propagation are studied. These results are confirmed by simulation experiment, further more we compared the control effect of different strategies of releasing benign worms and provided feasible control strategies of the worm propagation.In order to study the interactions between the user behaviors and the worm spread, the vulnerable computers were classified according to the corresponding user’s protection behaviors. And then a dynamical model that coupled the user’s adaptive protection behaviors was proposed. By analyzing the dynamics of the model, we obtained the basic reproduction number modified by user protection behaviors. It was shown that the model appears some complex dynamics, such as the backward bifurcation. These show that the user behaviors play an important role on the spread of worms rightly. Further more, reasonable control strategies are provided for different situations.更多还原