Cellular automata malware propagation model for WSN based on multi‐player evolutionary game
2018; Volume: 7; Issue: 3 Linguagem: Inglês
10.1049/iet-net.2017.0070
ISSN2047-4962
AutoresYilin Wang, Donghui Li, Na Dong,
Tópico(s)Network Security and Intrusion Detection
ResumoIET NetworksVolume 7, Issue 3 p. 129-135 Research ArticleFree Access Cellular automata malware propagation model for WSN based on multi-player evolutionary game Yilin Wang, Corresponding Author Yilin Wang wangyilin1109@tju.edu.cn School of Electrical Engineering and Automation, Tianjin University, Tianjin, People's Republic of ChinaSearch for more papers by this authorDonghui Li, Donghui Li School of Electrical Engineering and Automation, Tianjin University, Tianjin, People's Republic of ChinaSearch for more papers by this authorNa Dong, Na Dong School of Electrical Engineering and Automation, Tianjin University, Tianjin, People's Republic of ChinaSearch for more papers by this author Yilin Wang, Corresponding Author Yilin Wang wangyilin1109@tju.edu.cn School of Electrical Engineering and Automation, Tianjin University, Tianjin, People's Republic of ChinaSearch for more papers by this authorDonghui Li, Donghui Li School of Electrical Engineering and Automation, Tianjin University, Tianjin, People's Republic of ChinaSearch for more papers by this authorNa Dong, Na Dong School of Electrical Engineering and Automation, Tianjin University, Tianjin, People's Republic of ChinaSearch for more papers by this author First published: 01 May 2018 https://doi.org/10.1049/iet-net.2017.0070Citations: 19AboutSectionsPDF ToolsRequest permissionExport citationAdd to favoritesTrack citation ShareShare Give accessShare full text accessShare full-text accessPlease review our Terms and Conditions of Use and check box below to share full-text version of article.I have read and accept the Wiley Online Library Terms and Conditions of UseShareable LinkUse the link below to share a full-text version of this article with your friends and colleagues. Learn more.Copy URL Share a linkShare onFacebookTwitterLinkedInRedditWechat Abstract When wireless sensor network (WSN) is running, it needs data acquisition, fusion, and transmission, which makes the attacker distribute the malware code to the network to destroy the normal operation of the network. In this study, an improved two-dimensional (2D) cellular automata model and a multi-player evolutionary game model are proposed to describe the propagation process of malware propagation, aiming at the shortcomings of research on malware propagation in WSN. First, the authors introduce the node diversity model according to the difference between the cluster-head node and the terminal node in WSN. Then, based on the existing 2D cellular automata malware model, an improved mechanism of epidemiological transmission is improved. To make the model more complete, a multi-player evolutionary game model is established according to the different attack methods and the different coping strategies adopted by the cluster-head node and the terminal node in WSN. The replication dynamic equation of the strategy evolution is also given. Simulation results show that the proposed model can accurately describe the propagation behaviour of malware in WSN and provide a basis for security defence research of WSN. 1 Introduction Wireless sensor network (WSN) consists of a large number of sensor nodes with finite power supply, computing, and wireless communication ability. The data collected by the sensor nodes are broadcasted in the form of multi-hop in the whole network. With the increasing sensitivity and value, the security of WSN is becoming more and more important [1-4]. Since the sensor nodes have weak self-protection ability and isomorphism, when a node is threatened, a large number of sensor nodes can easily be compromised by the same malware which will affect the confidentiality and the stability of WSN [5]. Therefore, research on malware propagation in WSN is considered to be one of the hotspots to realise WSN security. Malware embeds the code into the normal programme without any note, resulting in at least three kinds of security problems in WSN, namely confidentiality, availability, and integrity [6, 7]. At present, there are two types of researches on malware. One is to establish a malware model, and then study the law of the malware propagation, so as to achieve the purpose of controlling the malware propagation [8-14]. The other is study of suppressing the propagation mechanism of malware, by installing security patches and increasing the immunity of the sensor nodes to the same kind of malware. However, the process of installing a security patch will consume network bandwidth, which will lead to abnormal data transmission [5]. So, it is a challenge of WSN to guarantee the normal communication while reducing the damage to the sensor node of the malware. Therefore, in this paper, the malware propagation model is established for the attacking strategy, and the impact on WSN is analysed objectively and comprehensively from two different attack modes. The evolutionary game has the characteristics of bounded rationality and dynamic evolution. It can reflect on its own behaviour, learning, and imitation based on past experience. In the process of the repeated dynamic game, the participants constantly modify and improve their strategies, and finally, make the whole reach a basic stable state. At present, the evolutionary game has been used in energy consumption optimisation and trust mechanism of WSN. In this paper, an epidemic model based on two-dimensional (2D) cellular automata (CA) can only reflect the attack state of malware propagation, and cannot reflect the malware's gain and loss of network attacks. Therefore, the evolutionary game theory is used to study the dynamic characteristics of the malware propagation model. In this paper, we analyse the way that malware attacks the network. We know malware can not only attack some vulnerable sensor nodes, thus use these infected nodes to spread malware, but also can directly attack the sensor node to be in an instantaneous failure state. Since we study WSN, we should consider the difference of nodes when constructing the model of malware propagation. The evolutionary game theory is used to reflect the advantages and disadvantages of different strategies for sensor nodes for the damage of cluster-head nodes and terminal sensor nodes. The other part of this paper is organised as follows. Section 2 is related work. Section 3 is the algorithm description of the model. We validate the proposed model by two experiments in Section 4. Finally, Section 5 concludes this paper. 2 Related work In recent years, many researchers have carried out a lot of research, simulation, and experiment on the malware propagation of WSN. Feng et al. [8] proposed a susceptible-infected-removed (SIR) improved epidemic model based on worm propagation communication radius and node distribution density, which used the differential dynamic theory to analyse the dynamic process of worm propagation in WSN. However, the author did not consider the random attacks of worms in WSN. To solve this problem, Khanh [9] proposed a susceptible-infectious-quarantine-recovered model to describe dynamics of worm propagation with quarantine, which focused on the global stability of the equilibrium point by using Lyapunov function method and geometric method. However, the established epidemiological model did not consider the node's death state. Srivastava et al. [10] proposed the susceptible-infected-removed-dead (SIDR) model by introducing the concept of dead nodes that nodes cannot be recharged because of being located in harsh areas, which describe the non-linear dynamics of a susceptible, infectious, dead, and recovered class of nodes to analyse the entire dynamic process of worm propagation. In view of the traditional worm propagation model and defence strategy without considering the spread of mobile worms, Wang et al. [11] proposed a microscopic mathematical model to describe the propagation dynamics of sensor worms in wireless sensor and actuator networks. The above literatures are aimed at the study of worm propagation, and the following are the studies of other malicious programmes. Yang et al. [13] proposed a malware propagation model based on the 2D CA, which introduced the medium access control (MAC) contention mechanism and the neighbourhood communication distance factor. It described the impact of node diversity on the spread of malware in WSN. However, the state of the epidemic model of malware propagation was not considered sufficiently in the course of the study. Shen et al. [15] proposed a more complete epidemic model, and considered the decision-making problem between the WSN system and the malware as the optimal control problem using the differential game theory. The optimal control strategy of WSN system was obtained under the premise that the malware dynamically changed its strategy. However, this model still did not consider the difference between nodes; there were limitations for the time and space characteristics of the network. Wang et al. [14] proposed a reaction-diffusion equation theory of malware propagation model in mobile WSN. The model effectively predicted the time-to-live behaviour and spatial distribution of malware propagation time, so as to facilitate targeted immunisation at the infected nodes. The model improved the shortcomings of the existing malware propagation model, which can only predict the temporal dynamic behaviour and cannot predict the time distribution of malware propagation. In [16], a state feedback controller was used to describe the process of malware propagation in mobile WSN, that is, a delayed reaction-diffusion model, which was successfully used to control unstable steady-state or periodic oscillation by state feedback method. Song and Zhang [17] proposed a new epidemic model of e-susceptible-exposed-infectious-recovered model to study the dynamics process of the spread of malware in WSN. The authors considered the multi-state antivirus measures and the temporary immunisation period to better predict the propagation behaviour of malicious software in WSN. However, the state of the epidemic model of malware propagation was not considered sufficiently in the course of the study. Aiming at the shortcomings of the above work, we propose a CA model of malware propagation in WSN based on multi-player evolutionary game, taking into account the node density in WSN topologies. To better describe the time–space interaction characteristics between nodes in WSN, a model based on node difference and an improved model of malware propagation in 2D CA are proposed. Compared to the previous 2D CA, this model can more completely describe the evolution of malware. According to the different methods of malware attacks on the network, we use the evolutionary game theory to analyse the relationship between the WSN system and the malware, so that the proposed model is more practical and the normal nodes are conducive to their own income, but also to suppress malicious nodes. The main contributions of this paper are as follows: We establish the difference model between the cluster-head node and the terminal node in WSN, which is the basis of the study of the malware propagation model in this paper. We construct the 2D CA model of SIR-dead (SIRD) in four different states of epidemiological propagation. According to the difference of nodes in WSN, the propagation process of malware of cluster-head nodes and terminal nodes is discussed in detail from three aspects: infection rate, immunity rate, and mortality rate. The evolution process fully reflects the space–time correlation of malware propagation in WSN. According to the difference of the malware attacks and the different strategies of susceptible cluster nodes and susceptible terminal nodes to malware, we build a multi-player evolutionary game model in order to realise the integrity of the model. 3 Algorithm description of the model This paper considers that the WSN model consists of n static sensor nodes, which are randomly and evenly distributed in the 2D region with the node density , and the maximum transmission distance r is for each sensor node. There are three types of nodes in the model: base station, cluster-head node, and terminal node [18]. The terminal node is responsible for collecting data and transmitting data to the cluster-head node for data fusion. The cluster-head node is generated by competition and is served by the node with relatively high trust value. It is responsible for transmitting the information data received in its jurisdiction area directly to the base station. The base station is the most powerful node in the network, which is responsible for controlling the network, collecting the data, and managing the trust value of the cluster-head node [19]. Therefore, the degree of a node in WSN leads to the difference of network node to a certain extent, thus we introduce the different models of nodes. 3.1 2D cellular automata malware spread epidemic model In this paper, 2D CA malware propagation model is established according to the node diversity model of WSN. CAs are represented by a quadruplet , where C is the cell space, P is the state set of the cell, N is the neighbourhood of the cell, and F is the cell state transition function [20-23]. The 2D cellular automata malware propagation model proposed in this paper includes the above four parts, which are expressed by the equation below: (1) Cell space: This represents a 2D grid of cells, and the position of the nodes in space can be represented by the horizontal coordinate i and the vertical coordinate j in the 2D grid (2) Cell state set: In addition to considering the state of the channel access, the model needs to consider the state of the node infected by the malware, so the cell state sets are and , where [23]. In this paper, the channel at the idle time is set to 0, that is, data communication is possible at this time. The busy channel is set to 1, that is, to wait for the channel is idle to communicate. Thus, the channel access state of any node in the 2D cell space coordinate system is (3) and the channel access state of the neighbour cell is (4) (3) (4) Cell neighbourhood: In this paper, the maximum transmission distance of each sensor node is r, so the neighbourhood of any node is (5)where x and y are the coordinates of a node C. Therefore, only the nodes belonging to the neighbourhood can communicate with each other in the established 2D CA model. Cell state transition function: On the basis of the epidemiological theory, this paper considers the nodes that die because of energy depletion. Therefore, the characteristics of nodes in WSN are divided into the following four states, as shown in Table 1. In this paper, 2D cellular automata model is proposed based on the node diversity model of WSN, so cluster-head nodes and terminal sensor nodes in WSN are analysed and discussed separately. In WSN, all adjacent sensor nodes that are not infected nodes are infected with malware. Only those sensor nodes that are susceptible to infection may be infected. In the discussion of this paper, the prerequisite for sensor node analysis is for susceptible sensor nodes. As the backbone node, the cluster-head node has stronger security protection and less probability of being infected. The probability of the cluster-head node being infected is . The terminal sensor node is easy to be attacked, and the probability of the terminal node being infected is . Similarly, the probabilities that the cluster-head nodes are transformed from the susceptible state to the recovered state and the dead state are and , respectively. The probabilities of terminal sensor nodes changing from susceptible state to recovered state and death state are and , respectively. Table 1. Improved epidemiological status parameters table Status symbols Means S sensor node is in a state of normal operation, but is susceptible to malware infection I sensor nodes have been infected by malware R Infected sensor nodes are transformed from the infected state after treatment D sensor nodes lose all of the features For the cluster-head node and the terminal sensor node in the infected state, the malicious nodes in this state are cleared by the security patch, so the probability of transition from the cluster-head node of the infected state to recovered state is . The probability of transforming from the terminal sensor node of the infected state to the recovered state is . The cluster-head node and the terminal sensor node in the infected state may also lose all functions because of the energy consumption or killing by the malware. In this case, the probability of the infected cluster-head node turning into death state is . The probability of an infected terminal sensor node becoming a dead node is . In the last state, the cluster-head node and the terminal sensor node in the recovered state die because of the depletion of energy, then the probability of the cluster-head node in the recovered state to death state is . The probability of the terminal node in the recovered state to death state is . 3.2 Multi-player evolutionary game model To make the model more practicable, two kinds of attack scenarios are considered in the evolutionary game model. One is the attack of the malware directly to the sensor nodes. The other is to infect the susceptible neighbour sensor nodes by means of the epidemic model by the infected nodes. For the malware attack, the sensor node adopts two kinds of strategies. One is a positive coping strategy, that is, according to the characteristics of a time slot to spread information, so that the nodes around the infected sensor nodes into the dormant state, making the malware not spread. The other is a negative coping strategy, which allows malware to spread epidemic model. Our proposed evolutionary game model is shown in Fig. 1. Fig. 1Open in figure viewerPowerPoint Multi-player evolutionary game model To facilitate the discussion, we introduce the symbol table, as shown in Table 2. Table 2. Symbol table Symbol Mean cost of communication between sensor nodes number of infected nodes in the neighbour node of the cluster-head node number of susceptible node in the neighbour nodes of cluster-head nodes anti-malware clears the proportion of infected neighbour nodes of a cluster-head node l loss caused by the communication between the infected node and the infected node infected sensor nodes interact with susceptible sensor nodes 3.2.1 Description of payment matrix According to the epidemiological theory described above, only the susceptible sensor nodes can be infected by malware, the normal node is not infected by malware, so only susceptible nodes are discussed here. In WSN, when the infected nodes interact with malware, different strategies will have different benefits. Here are the different scenarios: The cluster-head node communicates with the neighbour node When the sensor node communicates, the cost is generated. When there are infected nodes in the neighbour node, the cluster-head node will normally have loss and the infected neighbour node will have the benefit of . If the cluster-head node adopts the hibernation mechanism, the anti-malware software in the system will clear the malware. The number of neighbour nodes that cleared the cluster-head node is , and the number of remaining nodes is . After the cluster-head node is awakened, communication with the remaining malicious nodes will result in loss of . The un-cleared neighbour nodes still have ’s income. If the malware directly attacks the cluster-head node, then when the cluster-head node will communicate with the neighbour nodes, the vulnerable node in the neighbour node will be infected. In addition to the cost of generating cost of the cluster-head node, there are gains. The neighbour node will have costs and l losses. The terminal node communicates with the neighbour node To clearly describe the node diversity model, we consider the terminal sensor node degree as 1 in this paper. When the neighbour node is a malicious node, if the terminal sensor can communicate normally, in addition to the cost of , there are losses caused by malware. If the terminal sensor node sleeps, the anti-malware software will clear the neighbour node. The proportion of malware in anti-malware removal system is , so the neighbour node is not necessarily clear. After the terminal sensor node is awakened, it communicates with the neighbour node. If the neighbour node enters the recovered state, the terminal sensor node only has the cost. If the neighbour node is still infected, the terminal sensor node will have loss, and now the neighbour node has the benefit of . If the terminal sensor node is directly attacked, when the other party is a susceptible node, the terminal sensor node will have a gain of , and the neighbour node will cause a loss of l. The payoff matrix of sensor nodes and malware in WSN is shown in Table 3. Table 3. Payoff matrix of a game Malware Epidemic model dissemination Directly attacking susceptible nodes cluster-head nodes terminal nodes 3.2.2 Stable evolution strategy description In WSN susceptible cluster-head node, let denote the mixing strategy at the time t, where is the proportion of nodes choosing a positive strategy, is the proportion of nodes choosing a negative strategy, and , where is abbreviated as . When the susceptible cluster-head node chooses the positive strategy, the expected payoff is as follows: (6)When the susceptible cluster-head node chooses the negative strategy, the expected payoff is as follows: (7)The average payoff of all the strategies of the susceptible cluster-head node is as follows: (8)Thus, the dynamic equation of the replication dynamics of the cluster-head nodes susceptible to WSN is as follows: (9)Let , the replication dynamic (9) has three stable states: (10) (11) (12)In WSN susceptible terminal sensor node, let denote the mixing strategy at time t, where is the proportion of nodes choosing positive strategy, is the proportion of nodes choosing a negative strategy, and , where is abbreviated as . When the susceptible terminal sensor node chooses the positive strategy, the expected payoff is as follows: (13)When the susceptible terminal sensor node chooses the negative strategy, the expected payoff is as follows: (14)The average payoff of all the strategies of the susceptible terminal sensor node is as follows: (15)Thus, the dynamic equation of the replication dynamics of the terminal sensor nodes susceptible to WSN is as follows: (16)Let , the replication dynamic (16) has three stable states (17) (18) (19)When the susceptible node (cluster nodes and terminal nodes) interact with the malware, it is necessary to make the infection susceptible to choose positive coping strategies, which can prevent the spread of malware. Owing to the bounded rationality of the participants, the initial value of the strategy is not a equilibrium point game, and it needs to converge to a stable state after a period of the evolutionary game. 4 Simulation Experimental network environment settings are as follows: sensor nodes are randomly distributed in the range of 500 m × 500 m in density . We select a node as the infected node in the experimental centre area. In the experiment, five rounds of cluster-head elections are conducted. After each cluster-head election, the malware spreads ten times in the form of CA. Experiment 1: The proposed model of CA malware propagation in WSN In this experiment, we mainly study the node diversity model in WSN and the influence of the CA malware propagation. First, the evolution curve of SIRD malware model is presented under the initial values of parameters in Table 4, as shown in Fig. 2. Then, we discuss the infection rate, recovered rate, and mortality of the cluster-head node and terminal node. To investigate the impact of malicious programmes on infected nodes, we analyse the mortality of infected nodes. Table 4. Symbol table in Fig. 2 Symbol Mean infection rate of each susceptible sensor node in time t susceptibility rate of each susceptible sensor node in time t recovery rate of each susceptible sensor node in time t death rate of each susceptible sensor node in time t Fig. 2Open in figure viewerPowerPoint Curves of malware model with time evolution characteristic To facilitate the discussion, we introduce the symbol table, as shown in Table 4. Fig. 2 shows the evolution of the malware model over time with the initial value of the parameter. It can be seen from this figure that with the interaction between the susceptible node and the malicious nodes, the proportion of the number of susceptible node decreases rapidly from to , and starting at , the nodes are in a stable state. The proportion of the number of infected nodes with the spread of malicious programmes, the infected nodes first appear in an upward trend until at . As the late energy consumption is exhausted and the infected nodes are repaired, the proportion of the number of infected nodes becomes at . The proportion of recovered nodes shows a gradual upward trend, and is stable from to the end. The last state is the death state, from this figure we can see that the number of death nodes is increasing state from to the last. To analyse the effect of WSN node diversity model on the propagation of CA malware propagation, we change the infection rate of cluster-head nodes when other parameters are unchanged. The evolution curve of malware propagation model is shown in Fig. 3 a. It can be seen from the graph that the evolution curve of the infected cluster-head nodes when and are different, and the ratio of the number of nodes at reaching a peak falls faster than at . This is because as the infection rate of the cluster-head node increases, the number of the cluster-head nodes within the effective communication range increases more quickly. As time goes by, cluster-head nodes with high infection rates also have higher death rates than cluster-head nodes with low infection rates because of communication factors, so this leads to late differences in the graph. The evolutionary curve of the infected node with is the biggest difference from the infected node evolution curve with and . The evolutionary curve of reaches the maximum at . However, the infected cluster-head nodes in the interval from to present a slow-rising state. This is because the cluster-head infection rate is high, the number of infected cluster-head nodes increases rapidly, then the number of infected nodes is saturated in the short term. That is, when the cluster-head node infects the neighbour node, the neighbour node is in the infected state, making the cluster-head node in an invalid state. In addition, because the energy consumption of the nodes causes the infected cluster-head nodes to die, or the infected cluster-head nodes are repaired, the slow-down process of the infected cluster-head nodes is shown. The number of nodes increases slowly from to , and this is because, over time, a malicious programme infects the susceptible cluster-head node within the effective communication range, resulting in an increase in the number of infected nodes. Fig. 3Open in figure viewerPowerPoint Curves of infected cluster-head nodes and terminal nodes under different infection/recovered rates In contrast to cluster-head nodes, the infection rate of terminal nodes is higher than that of the cluster-head nodes. Since the head node's attack resistance is stronger than that of the terminal sensor node with a small degree of connection, we assume that the infection rate of terminal nodes is higher than that of cluster-head nodes. We set the initial value of the parameters unchanged, when the terminal sensor node infection rate changes, the evolution curve of the number of infected terminal nodes is shown in Fig. 3 b. It can be seen from this figure, when , the proportion of infected terminal nodes shows an increasing trend from to . From to , some of the infected terminal nodes become recovered nodes because of being repaired and some of the infected terminal nodes become dead nodes because of energy exhaustion, so the proportion of the number of infected nodes has a slow-down trend, which is also related to the cluster-head node infected at this time. The proportion of infected nodes increases again due to the increase of the number of infected cluster-head nodes from to . The terminal nodes infected have gradually descended trend, because of becoming an immune state or dead state from to . It can be seen from Figs. 3 a and b that the number of evolution curves of the infection rate of the infected cluster-head nodes is similar to the number of evolution curves of the infection rate of the infected terminal nodes. When t = 1, the evolution curve of the number of infected terminal nodes is similar to that of t = 2, and is related to the number of evolutionary curves of the infected cluster-head nodes. We analyse the different recovered rates of cluster-head nodes, as shown in Fig. 3 c. As can be seen from this figure, when , the evolution curve of the ratio of the cluster-head node to the recovered node is similar to the evolution curve of . The number of immune cluster-head nodes at is lower than those of and from to the end. This is because the ratio of the number of nodes that are susceptible to infection and the status of the infected cluster nodes is lower than the number of nodes with the high recovered rate. It is also found that with the decrease of recovered rate, the number of low-recovered nodes will always be less than the number of nodes with high immunity, and the different immunity curves of the terminal nodes also indicate this problem, as shown in Fig. 3 d. The number of terminal nodes is higher than the number of cluster-head nodes, and the anti-attack capability of terminal nodes is far less than that of the cluster-head nodes, so the impact of immunity on the end nodes is much larger than that of the cluster-head nodes. We analysed the infected cluster-head nodes at different dead rates, and according to the initial value of the parameter setting, the infection rate and the recovered rate have different effects on the dead rate, as shown in Fig. 4 a. It can be seen from this figure that the different dead rates do not change much in proportion to the number of infected cluster-head nodes. The number of cluster-head nodes under different dead rates shows a relatively rapid death trend from the beginning to . In different dead rates, the rising-rate of the curve of infected terminal nodes is different from the beginning to . The higher the dead rate is, the faster the number of dead nodes of the infected node rises, as shown in Fig. 4 b. From to , there are some significant differences in the number of infected terminal nodes at different dead rates. Fig. 4Open in figure viewerPowerPoint Curves of infected cluster-head nodes and terminal nodes under different dead rates Experiment 2: Multi-person evolutionary game model According to the value of evolution stabilisation strategy when the susceptible nodes (cluster-head nodes and terminal nodes) interact with malicious programmes, we set the following parameter values to describe the evolutionary process of malware propagation, as shown in Table 5. Table 5. Parameter values in evolutionary game model Parameters Values 5 1 3 0.5 l 8 1 0.1 0.3 As shown in Fig. 5, when the initial value of the replicated dynamic (9) is 0.681, that is, 68.1% of the WSN susceptible cluster-head nodes select negative strategies. As the infected node communicates with the susceptible cluster-head node according to the CA malware model, after about 33 games, the proportion of the cluster-head nodes that selects the negative strategy of malicious programmes is stable at . This indicates that the proportion of susceptible cluster-head nodes selecting negative strategies is <68.1%, the susceptible cluster nodes will eventually select negative strategies. When the initial value is 0.683, that is, 68.3% of the susceptible cluster-head nodes select positive strategies. The infection process of the infected nodes to the susceptible cluster-head nodes is about 38 times, the proportion of the final susceptible cluster-head node selection active strategy will be stabilised at . Fig. 5Open in figure viewerPowerPoint Evolutionary dynamics curves of susceptible cluster-head node infection As shown in Fig. 6, when the initial value of the replicated dynamic equation (16) is 0.293, that is, 29.3% of the WSN susceptible terminal nodes select negative strategies. As the infected node communicates with the susceptible terminal node according to the CA malware model, after about 39 games, the proportion of the terminal nodes that select the negative strategy of malicious programmes is stable at . This indicates that the proportion of susceptible terminal nodes selecting negative strategies is 29.5%, the susceptible terminal node will eventually choose positive strategies. Fig. 6Open in figure viewerPowerPoint Evolution dynamics curves of susceptible terminal node infection Experiment 3: Comparison of malware propagation models of WSN We compare the proposed model with the SIR of CA model proposed by Yang et al. [13], as shown in Fig. 7. As can be seen from this figure, we consider the way of malicious programmes to attack, as well as the different strategies of susceptible cluster nodes and susceptible terminal nodes to malware. Malicious programmes gradually spread over time, the number of nodes in the network reached the highest value at . Later, as the energy depleted nodes gradually die. Considering the diversity of nodes in clustered WSN, a 2D cellular automata SIRD propagation model is established, and the evolutionary game theory is used to analyse the model further, which is more objective and practical than the original model. Fig. 7Open in figure viewerPowerPoint Curves compared with the SIR of CA model 5 Conclusions In this paper, we study the malware propagation model of WSN. We analyse the model malware propagation from the point of WSN node difference. We have improved the existing 2D CA model, introduced the death state in the original malware propagation states. The different evolutionary processes of malware on the cluster-head node and the terminal node are analysed from the aspects of infection rate, immunity rate, and mortality rate, so that the analysis of malicious communication is more comprehensive. To make the model more complete, aiming at the attack way of the malware to WSN and the different strategies adopted by the cluster-head node and the terminal node, We have established a multi-player evolutionary game model and listed the replicative dynamic equations of cluster-head and terminal node selection strategies to deal with malware, which provides a theoretical basis for finding the optimal evolutionary and stable strategy. Finally, three sets of experiments are conducted to verify the rationality of the proposed model and the importance of improving the security performance of WSN. 6 References 1Al-Tabbakh, S.M., Shaaban, E.: ‘Energy aware autonomous deployment for mobile wireless sensor networks: cellular automata approach [C]’. Int. Conf. Applied Physics, System Science and Computers, Cham, 2017, pp. 87– 99 2Cui, J., Wang, Z., Zhang, C. et al: ‘Message passing localisation algorithm combining BP with VMP for mobile wireless sensor networks [J]’, IET Commun., 2017, 11, (7), pp. 1106– 1113 3Rey, A.M.D., Peinado, A.: ‘ Mathematical models for malware propagation in wireless sensor networks: an analysis [J]’ ( Springer, 2018) 4Ab Razak, M.F., Anuar, N.B., Salleh, R. et al: ‘The rise of ‘malware’: bibliometric analysis of malware study [J]’, J. Netw. Comput. Appl., 2016, 75, pp. 58– 76 5Hosseini, S., Azgomi, M.A., Rahmani, A.T.: ‘Malware propagation modeling considering software diversity and immunization [J]’, J. Comput. Sci., 2016, 13, pp. 49– 67 6del Rey, A.M., Guillén, J.D.H., Sánchez, G.R.: ‘Modeling malware propagation in wireless sensor networks with individual-based models [C]’. Conf. Spanish Association for Artificial Intelligence, 2016, pp. 194– 203 7Dadlani, A., Kumar, M.S., Murugan, S. et al: ‘System dynamics of a refined epidemic model for infection propagation over complex networks [J]’, IEEE Syst. J., 2016, 10, (4), pp. 1316– 1325 8Feng, L., Song, L., Zhao, Q. et al: ‘Modeling and stability analysis of worm propagation in WSN [J]’, Math. Probl. Eng., 2015, 2015, (1), p. 8, Article ID 129598 9Khanh, N.H.: ‘Dynamics of a worm propagation model with quarantine in wireless sensor networks [J]’, Appl. Math. Inf. Sci., 2016, 10, (5), pp. 1739– 1746 10Srivastava, A.P., Awasthi, S., Ojha, R.P. et al: ‘Stability analysis of SIDR model for worm propagation in wireless sensor network [J]’, Indian J. Sci. Technol., 2016, 9, (31), pp. 1– 5 11Wang, T., Wu, Q., Wen, S. et al: ‘Propagation modeling and defending of a mobile sensor worm in wireless sensor and actuator networks [J]’, Sensors, 2017, 17, (1), p. 139 12Cao, Y.L., Wang, X.M., Zao-Bo, H.E.: ‘Optimal security strategy for malware propagation in mobile wireless sensor networks [J]’, Acta Electron. Sin., 2016, 44, (8), pp. 1851– 1856 13Yang, X., Zhu, Y., Zha, Z. et al: ‘Investigation of malware propagation model over WSN based on node's diversity [J]’, Appl. Res. Comput., 2012, 29, (1), pp. 316– 321 14Wang, X., He, Z., Zhang, L.: ‘A pulse immunization model for inhibiting malware propagation in mobile WSN [J]’, Chin. J. Electron., 2014, 23, (4), pp. 810– 815 15Shen, S., Li, H., Han, R. et al: ‘Differential game-based strategies for preventing malware propagation in WSN [J]’, IEEE Trans. Inf. Forensics Sec., 2014, 9, (11), pp. 1962– 1972 16Zhu, L., Zhao, H., Wang, X.: ‘Bifurcation analysis of a delay reaction–diffusion malware propagation model with feedback control [J]’, Commun. Nonlinear Sci. Numer. Simul., 2015, 22, pp. 747– 768 17Song, L.P., Zhang, R.P.: ‘Dynamical analysis for a malware propagation model in wireless sensor network [J]’, J. Meas. Sci. Instrum., 2016, 7, (2), pp. 136– 144 18Rao, P.C.S., Jana, P.K., Banka, H.: ‘A particle swarm optimization based energy efficient cluster head selection algorithm for wireless sensor networks [J]’, Wirel. Netw., 2017, 23, (7), pp. 1– 16 19Liu, X.: ‘Atypical hierarchical routing protocols for wireless sensor networks: a review [J]’, IEEE Sens. J., 2015, 15, (10), pp. 5372– 5383 20Truong, T.P., Pottier, B., Huynh, H.X.: ‘Parallel cellular automata based simulation of radio signal propagation [J]’, Int. J. Comput. Sci. Inf. Secur., 2016, 14, (10), p. 467 21Byun, H., Yu, J.: ‘Cellular-automation-based node scheduling control for wireless sensor networks [J]’, IEEE Trans. Veh. Technol., 2014, 63, (8), pp. 3892– 3899 22Queiruga-Dios, A., Encinas, A.H., Martín-Vaquero, J. et al: ‘Malware propagation models in wireless sensor networks: a review [C]’. Int. Conf. European Transnational Education, 2016, pp. 648– 657 23López, M., Peinado, A., Ortiz, A.: ‘A SEIS model for propagation of random jamming attacks in wireless sensor networks [C]’. Int. Conf. European Transnational Education, 2016, pp. 668– 677 Citing Literature Volume7, Issue3May 2018Pages 129-135 FiguresReferencesRelatedInformation
Referência(s)