Malicious software propagation control method and device based on ternary association graph detection

Abstract

The invention belongs to the technical field of network security control, and particularly relates to a malicious software propagation control method and device based on ternary association graph detection. The method comprises the following steps: acquiring data source information of malicious software, a user node and a propagation path, and preprocessing the data source information; establishing a ternary association graph; based on a weight matrix of edges in the ternary association graph, calculating scores of malicious software, propagation paths and user nodes according to a cross iterative scoring mechanism; performing unified quantification by using multiple linear regression scores, and calculating the influence of the user nodes; establishing an infectious disease SIHR propagation model based on the score value and a hotspot infection driving mechanism, and calculating a propagation state and a propagation trend of a driving factor pair; and according to a result of the propagation model, cutting off a malicious software propagation path at the next moment, and isolating user nodes. According to the method disclosed in the invention, the malicious software is broadcasted, the propagation path of the malicious software is effectively cut off, and infected users are isolated, so that the safety of the users is improved.

Description

technical field [0001] The invention belongs to the technical field of network security control, in particular to the analysis of malicious software propagation in the Internet, and in particular to a method and device for controlling the propagation of malicious software based on ternary correlation graph detection. Background technique [0002] With the rapid development of network technology in the past few decades, malicious software like viruses and worms is a serious threat to the reliability, integrity and availability of computers. For example, malware can spread through the Internet and infect millions of computers and mobile phones. Malware often spreads through diffusion or infection in the network, which will cause huge loss of the network. Therefore, in today's increasingly sophisticated network attacks and Internet security threats, the analysis of malware propagation is particularly important. It has a positive effect on the public sector's control of network...

AI Technical Summary

Problems solved by technology

Some scholars extract different malware characteristics for propagation analysis. The advantage is that they can analyze the malware propagation mode from different angles, so as to predict the malware propagation trend, but they have not extracted the relevant factors.

Some scholars quantify the influence and driving force of malware propagation through network topology, user behavior or propagation path, but the quality of index quantification has a direct impact on the propagation results, and these studies have not provided a suitable method for multiple drivers. multivariate quantification

There are also some scholars who have considered the polymorphism of malicious software. For example, the Chinese invention patent CN108667833A applied by Zhang Yuanchao et al. provides a coupling-based communication system malware propagation modeling and optimal control method, which focuses on simultaneous propagation in computer networks. The one-way coupling between the two malicious software A and B, using the SIS model to establish the respective propagation dynamic models of A and B, although this method has a certain analysis of the propagation dynamics, it lacks the extraction and analysis of multivariate effective features

In addition, malware is a constantly evolving process in the process of spreading, and no effective control measures are provided for the constantly evolving situation

Images