Research On Dynamical Interaction Models Of Network Virus And Its Defense Strategies

With the rapid growth of network applications, network security is becoming increasinglyserious and security events occur frequently, booming especially in recent years. Internetviruses, mainly including worm and botnet, have become one of the most serious securitythreats to the Internet due to their characteristics of fast propagating speed, complex andvarious invasion methods, significant damages. Furthermore, they can not only causetremendous damage to national economy but also bring threats to national political and militarysecurity. In recent years, the research on internet virus has been one of the most importantand active research topics in the fields of network security and military security in manycountries. How to contain internet virus has been an urgent issue.Internet viruses develop two new features when they increase dramatically during the lastfew years. One is that there are complex interactions among internet viruses and the other isthat the propagation and containment of internet viruses are closely related to user’s behavior.Analyzing and taking full advantage of these features may contribute to raise efficientcounter-virus methods. Thus, we analyze the interaction models among internet viruses and thecounter-virus methods based on user’s behavior and its regulation. The detailed contents of ourresearch are given below:1. A two-botnet static interaction model based on game theory and a botnet propagationdynamicsmodel are put forward. Based on the static interaction model, the replicator equationsare used to characterize the dynamical evolution of the strategies adopted by interacting botnetowners. Then，the evolutionary game dynamics which occurs at a fast time scale is coupled tothe botnet propagation dynamics model. Two stable equilibria of the fast evolutionary gamemodel and the thresholds below which two botnet owners will choose the competitive strategyare given. Additionally, we substitute the equilibria into the coupled model and get two reducedmodels. The thresholds which determine whether the botnet can survive or not in both reducedmodels are given. We also explore the influence of interaction parameters on the thresholds.2. The concept of altruistic worm is presented and the interactions between the altruisticworm and the other worms are analyzed. Then, we presented two interaction models. One includes the influence of adaptive human behavior and the other does not. For each model, twothresholds which determine whether the other worm (not the altruistic worm) can survive ornot are given. One is for the altruistic worm’s existence state and the other is not.Furthermore, we also explore the influence of parameters concerning adaptive human behavioron the thresholds.3. The propagation model of worm via both removable devices and internet is provided.Then, we give the threshold determining whether the worm can survive or not and explore theinfluence of the parameters concerning removable devices on the threshold.4. Inspired by the accumulation characteristic among the web sites scanned by localusers within a subnet, we propose the throttling method based on subnet. Then, we design thedeployment scheme of the throttling method at the edge router of subnet and analyze thethreshold used to detect the suspicious subnet in the throttling method.