基于SEIPQR模型的工控蠕虫防御策略

随着社会的发展和技术的进步，计算机病毒也发生了进化，变得越来越复杂，越来越隐蔽。其中蠕虫病毒更是最早的计算机病毒发展进化成为可以在工控系统上感染并进行传播的工控蠕虫病毒，极大影响工业生产的安全。单一的网络隔离或者打补丁免疫，已经跟不上蠕虫病毒的传播速度。针对该现状，分析蠕虫病毒在工控系统上的传播方式以及特点，在原有网络隔离和补丁的基础上提出一种针对工控蠕虫的防御策略，以达到有效防御蠕虫病毒的目的。该防御策略基于传染病模型的基本思想提出了一个模拟蠕虫传播趋势的数学模型 SEIPQR。该模型包含易感染（susceptible）状态、暴露（exposed）状态、打补丁（patched）状态、感染（infected）状态、隔离（quarantine）状态以及免疫（recovered）状态 6 种状态，创建模型的 6 种状态转换图，对状态转换图得到微积分方程组，在系统设备数量一定的情况下，对方程组进行变换，通过求解基本再生数R0的方法对方程组进行求解，并分析当暴露主机和感染主机的数量为0时模型的6种方程表达式，根据Routh-Hurwitz准则得出当R₀＜1时，系统是渐进稳定的；当R₀＞1时，系统是不稳定的。通过数值仿真对比在不同打补丁概率、不同隔离率以及不同感染率3种情况下SEIPQR模型的动力学特性，并得到模型的无病平衡点和地方病平衡点。数据仿真结果表明，在整个系统感染蠕虫病毒时，对易感染设备及时地打补丁以及进行网络隔离可以有效抑制工控蠕虫的传播。

Defense strategy of industrial control worm based on SEIPQR model

Computer viruses keep evolving with the development of society and progress of technologies, and they become more complex and hidden.The worm virus is the earliest computer virus, which has evolved to an industrial control worm virus and caused a great impact on the safety of the industrial system.Neither the single network isolation nor the patching immunity is unable to keep up with the spreading of the worm virus.The propagation mode and characteristics of the worm virus in the industrial control system were analyzed.Based on the related works of network isolation and patching, a defense strategy against the worm virus was proposed.This strategy was originated from the fundamental infectious disease model, and then a mathematics model (SEIPQR) was proposed to simulate the trend of worm virus propagation.The model included six situations: Susceptible, Exposed, Infected, Quarantine and Recovered.The state transition diagrams of the model was created, and the calculus equations were obtained from the state transition diagrams.Under the condition that the number of system equipment is fixed, the equations were transformed.The equations were solved by solving the basic regeneration number R0, and six equation expressions of the model ware analyzed when the number of exposed hosts and infected hosts is zero.According to the principle of the Routh-Hurwitz, the system is asymptotically stable when R₀＜1, and unstable if R₀＞1.Then the dynamic characteristics of the SEIPQR model under different patching probability, different isolation rate and different infection rate were compared by numerical simulation.Furthermore, the disease-free equilibrium point and endemic equilibrium point of the model were obtained.The simulation results showed that, when the whole system is infected with worm virus, timely patching the susceptible devices and isolating the network can effectively inhibit the spread of industrial control worm virus.