Qiang Fu ,Jun Wang,⋆ ,Changfu Si and Jiawei Liu

1College of Computer Science and Technology,Shenyang University of Chemical Technology,Shenyang,110142,China

2College of Computer Science and Engineering,Northeastern University,Shenyang,110169,China

ABSTRACT As industrialization and informatization become more deeply intertwined,industrial control networks have entered an era of intelligence.The connection between industrial control networks and the external internet is becoming increasingly close,which leads to frequent security accidents.This paper proposes a model for the industrial control network.It includes a malware containment strategy that integrates intrusion detection,quarantine,and monitoring.Based on this model,the role of key nodes in the spread of malware is studied,a comparison experiment is conducted to validate the impact of the containment strategy.In addition,the dynamic behavior of the model is analyzed,the basic reproduction number is computed,and the disease-free and endemic equilibrium of the model is also obtained by the basic reproduction number.Moreover,through simulation experiments,the effectiveness of the containment strategy is validated,the influence of the relevant parameters is analyzed,and the containment strategy is optimized.In other words,selective immunity to key nodes can effectively suppress the spread of malware and maintain the stability of industrial control systems.The earlier the immunization of key nodes,the better.Once the time exceeds the threshold,immunizing key nodes is almost ineffective.The analysis provides a better way to contain the malware in the industrial control network.

KEYWORDS Key nodes;dynamic model;industrial control network;simulation

Nomenclature

1 Introduction

1.1 Motivation

In the past decade,the number of industrial control security incidents has been increasing.In 2010,the Stuxnet worm targeted the Bushehr nuclear power plant in Iran [1].Since then,there have been many malware targeting Industrial Control System(ICS)networks,such as Night Dragon[2],Flame[3],Duqu/Duqu2.0[4],Blaster[5],and BlackEnergy[6].The typical Programmable Logic Controller(PLC)worm Blaster can only exist in PLC,and it has the potential to propagate via Siemens SIMATIC S7-1200’s control system.PLC Blaster can scan the ICS networks to find new targets,then it will attack PLCs and replicate in the infected PLCs.Some new types of malware can spread not only in Personal Computer(PC)networks but also in industrial control networks.In 2012,Russian security experts discovered the Flame virus spreading widely in the energy industry in the Middle East[7].In 2016,the Mirai botnet attack occurred,and in 2020[8],Israel’s water supply system was invaded by malware[9].Malware plays an important role in frequent industrial control security incidents,posing a huge threat to the security of industrial infrastructure.The industrial control network is generally composed of industrial control equipment with different characteristics,and it is often coupled and connected with other networks to form a complex network.Therefore,establishing a propagation model to describe the propagation behavior of malware in industrial control networks and proposing effective containment strategies have become an urgent problem that needs to be solved.

At present,the vulnerabilities are used to spread the PLC worm in Supervisory Control and Data Acquisition(SCADA).Fovino et al.used the MalSim simulator to conduct similar attack experiments and achieved obvious attack effects [10].It is evident that defending against this malware variant poses greater challenges,and its potential for harm is considerably more severe.Some malware can spread across the network through the interaction of the subnets.Therefore,a coupled network can better describe the actual propagation behavior of malware.The industrial control coupled network is composed of two layers of subnets,and the network topology is shown in Fig.1.The upper subnet is a PC network composed of PCs and servers(the blue nodes),and the lower subnet is an ICS network composed of industrial control equipment (the purple nodes) such as SCADA,Object Linking and Embedding (OLE),OLE for Process Control (OPC),Human Machine Interface (HMI),and PLC.Different nodes in the network have different degrees,and a server host in the upper network will be connected to many PC hosts.Similarly,in the lower ICS network,the SCADA control center will collect data from a lot of PLCs for analysis and monitoring.The PLCs may be distributed in different sites,which means that SCADA will have a connection relationship with many PLCs.When the industrial controller communicates with equipment,it must pass through the OPC server,so the OPC server will also have a connection relationship with many industrial control equipment.An HMI is often connected to many industrial control equipment such as PLCs and displays the operating status of these PLCs.The general layout of an ICS has been summarized by Kheddar et al.,as it is shown in Fig.2[11].In other words,for an industrial control coupled network,the characteristics of different nodes are different.Certain nodes exhibit a high degree,whereas others possess a low degree.

Figure 1: Topology of industrial control coupled network

1.2 Related Works

The amount of connected edges of different nodes in the network is different,such as the red nodes in Fig.1 are connected to more edges.Different hosts in the PC network have different degrees,and the Server will connect to a large number of hosts.For the industrial control equipment in the ICS network,SCADA will control the operation of many PLCs,and OPC and HMI will have a connection relationship with many PLCs.These characteristics make the coupled network look like a complex network.Some researchers have studied the attributes of pivotal nodes within intricate networks[12–14].This research considers the differences in the characteristics of nodes in the coupled network,group the nodes with degrees,and define some of the nodes with the highest degree as the key nodes.That is to say,when the malware spreads in the coupled network,the ability of different nodes to spread the malware is different.For example,in Fig.3,both node A and node B are infected,and the other nodes are susceptible.Node A is connected to seven susceptible nodes,and node B is connected to three susceptible nodes.Node A has a greater impact on malware propagation than node B.This research will discuss the effect of the key nodes on malware propagation in detail in Section 5.

To study the effect of the key nodes on the malware dynamics in the industrial control coupled network,a dynamic model is proposed in the coupled network.The epidemic model is a method of quantitative research on the spread of infectious diseases because the spread of malware is very similar to the spread of infectious diseases[15],the epidemic model is used to study the propagation of malware.In the complex network,Rey et al.propose a malware propagation model based on random complex networks and cellular automata [16].Hosseini et al.establish a theoretical model for the spread of malware on scale-free networks and propose an ABM version of the model [17].Yuan simulate the propagation of worms in complex industrial networks based on the NS2 simulation system [18].Viswalingam et al.perform a new analysis of the SIR model in a two-layer coupled network [19].Dickison et al.study the SIR model in a two-layer coupled network and find that if the two subnets are strongly coupled,the malware can spread throughout the network,and if the network is weakly coupled,then the malware will only exist in one subnet[20].Masood et al.describe the characteristics of Stuxnet,and they investigate the spread of the virus in the regime of isolated industrial networks[21].Based on the difference between an intelligent device’s dissemination capacity and discriminant ability,Li et al.propose a dynamic malware propagation model in cyber physics systems [22].Shen et al.propose a two-layer malware model based on a hybrid patches distribution method [23].Based on an epidemic theory’s analysis framework and individual-group game theory,Wu et al.propose a virus spread model (STSIR) [24].Shen et al.present evolutionary privacy preservation learning strategies for an edge computing-based Internet of Things (IoT) data sharing scheme[25].Yu et al.propose an open-set solution called DC-IDS for Industrial Internet of Things(IIoT)based on deep reinforcement learning,and Deep Q-Network(DQN)is employed[26].Similarly,Shen et al.propose a heuristic learning intrusion detection system with DQN for edge-based Social Internet of Things (SIoT) networks [27],in addition,they propose a privacy-preservation signaling game for edge-computing-based IoT networks[28].The above studies provide an effective reference for getting deeper insights into the propagation of malware in the coupled network.However,most studies did not take into account the differences in characteristics between different nodes in the network.

Figure 2: General layout of an ICS[11]

1.3 Contribution

Building upon the aforementioned studies,a dynamic model is proposed in the industrial control network.The model includes a malware containment strategy that integrates detection,quarantine,and monitoring.On this basis,the role of key nodes in malware propagation is studied.By conducting comparative experiments on key nodes,it is concluded that infecting key nodes can significantly accelerate the speed of malware propagation.Therefore,immunizing key nodes is a more effective containment strategy.Based on detection,quarantine,and monitoring,selective immunity to key nodes can effectively suppress the spread of malware and maintain the stability of industrial control systems.The paper is organized as follows:Section 1 is the introduction;Section 2 is model formulation which describes how the model is proposed;Section 3 is the dynamics of the model,in this section,the basic reproduction number is obtained,and the dynamics of the model is analyzed;Section 4 shows the results of the simulation experiments;Section 5 shows the role of key nodes in malware propagation;Section 6 is Conclusion.

Figure 3: The key nodes in the network

2 Model Formulation

To analyze the effect of the key nodes,an epidemic model within a coupled is proposed in a coupled network that combines both PC and ICS networks.It is assumed that the industrial control equipment(PLC,SCADA,OPC,and HMI) and in the coupled network,the proposed model considers PCs as the nodes,where the links depict communication connections between these nodes.The network size remains constant,and the nodes are categorized into two groups: PCs and industrial control equipment,with their respective network sizes beingNUandNL.

2.1 Intrusion Detection System

In the proposed model,an Intrusion Detection System(IDS)is used as a containment strategy.Different from passive defense methods,an IDS can actively discover abnormal intrusion behaviors in the network and give warnings,and it has been widely used in network security.With the development of intrusion detection technology,many different intrusion detection methods have emerged,which can be roughly divided into two categories: Misused intrusion detection and anomaly intrusion detection.

Misused detection is also called feature-based intrusion detection[29].This method maintains a signature database that describes various known intrusions.It will extract the feature value of the data to be detected,and match the extracted feature value with the signature database.If the matching is successful,it is determined that an intrusion has occurred,otherwise,it is considered that no attack event has occurred.The advantage of this detection method is high detection accuracy,but it cannot detect unknown worm attacks.Anomaly detection is also called behavior-based intrusion detection.It uses the idea of contradiction.This method does not depend on a specific system,it can be flexibly adjusted according to the actual situation,and it can detect worm attacks that have never occurred before.However,this behavior also has deficiencies.It is easy to define normal network activities as intrusions,which means that there is a false alarm.

Considering the effects of the intrusion detection methods,the dual intrusion detection method is used to detect worm attacks in the network.For the host in the PC network,anomaly intrusion detection is first used.If no abnormal behavior is found,it is considered that the host is not infected by the worm.If abnormal behavior is found,a second detection is performed.During the second detection,the frequency of abnormal behaviors is recorded.When the frequency is greater than the specified threshold,it is considered that worm attacks have occurred.For the industrial control equipment in the ICS network,the proposed model adopts anomaly intrusion detection to detect the traffic at first.If no abnormal behavior is found,it is considered that the industrial control equipment is not infected by the worm.If abnormal behavior is found,then it checks the operating status of the industrial control equipment.If the relevant value of the operating status of the equipment is within the legal range,it is considered that no attack event has occurred.Otherwise,it is determined that the device has been infected by malware.Thus the proposed model can ensure the normal operation of industrial control equipment to the greatest extent,and effectively detect malware attacks.

2.2 Containment Strategy

To suppress the spread of the malware,the general approach is to identify the hosts and industrial control equipment that have been infected,and then immunize the infected hosts and equipment.However,with the continuous increase of network bandwidth and the improvement of hacker technology,the spread of malware is getting faster and faster.A malware suppression strategy is proposed that integrates detection,quarantine,and monitoring to limit the spread of malware in ICS coupled network.

Based on the IDS,the hosts and industrial control equipment infected by the worm can be discovered.For the hosts in the PC network,when the infected hosts are detected,they will be immediately quarantined from the network by powering off,which can effectively prevent it from continuing to infect other hosts.At the same time,it provides advanced protection for hosts in a susceptible state.When the hosts are quarantined,immediately patch it and install anti-virus software to make it immune.

For the industrial control equipment,quarantine may cause a shutdown,which in turn affects the normal operation of the industrial production process.So the model filters the port traffic of industrial control equipment by a whitelist,which produces a similar quarantine effect.The specific method is to set up a whitelist for the industrial control equipment when the IDS finds that the port of the industrial control equipment generates abnormal traffic and determines that it is infected.The whitelist is set with strict filtering rules,and the generation rules are extracted from the historical traffic of the industrial control equipment.The rules only allow the normal part of the traffic in the industrial production process to pass,and filter out all other traffic.Although it will cause part of the normal traffic to be blocked and filtered,it effectively prevents the spread of malware in the industrial control network,and it can ensure the normal progress of the industrial production process,then the industrial control equipment will be patched to make them immune.

2.3 Intrusion Detection System

Based on the proposed malware containment strategy,the SIQMR model is proposed to analyze the dynamic of malware.Within the PC network,the proposed model categorizes PCs into four compartments based on their conditions during malware attacks:susceptiblestate (SU,vulnerable PCs),infectedstate (IU,infected PCs),quarantinedstate (QU,quarantined PCs),andrecoveredstate(RU,recovered PCs).During each time step the susceptible PCs can become infected by other PCs at a rateβ11and industrial control equipment at a rateβ21,respectively.Susceptible and infected PCs can achieve recovery by employing anti-malware software or applying patches,with ratesμandϕ1,respectively.The probability to be recovered isγ1.Occasionally,the applied patches may be temporary and could result in a loss of function.In such cases,the previously recovered PCs might transition back to susceptible status at a rateη1.

In the ICS network,the equipment can be segregated into four compartments based on their states:susceptiblestate (SL,susceptible industrial control equipment),infectedstate (IL,infected industrial control equipment),monitoringstate (ML,monitoring industrial control equipment),andrecoveredstate(RL,recovered industrial control equipment).The susceptible PLCs can be infected by the infected PCs and industrial control equipment at a rateβ12andβ22,respectively.When it is found that the industrial control equipment is infected,the port of the industrial control equipment is monitored through a whitelist,and the traffic is strictly filtered.The probability to be monitored and recovered areϕ2andγ2,respectively.The recovered industrial control equipment may change to be susceptible at a rateη2.

The model is assumed into a heterogeneous coupled network,the node degree distribution follows a power law(P(k)=k-γ),the joint degree distribution isPU(i,j)andPL(k,l),and the marginal degree distributions arePU(i,j)=andPL(i,j)=.At timet,the count of common nodes and honeypots within the network with a degree ofkis:

Then the following equations can be found:

The assumption here is that node connectivity is independent,and the probability for susceptible PCs to interact with infected PCs is:

and the probability of communicating with infected industrial control equipment is:

Similarly,the probability for susceptible industrial control equipment to communicate with infected industrial control equipment is:

and the probability of communicating with infected PCs is:

According to the previously established transition relationships and formulations,the diagram depicting the states of nodes in the two-layer connected network is presented in Fig.4,and the model can be expressed as the model (8).In the proposed model,the total number of PCs and industrial control equipment remains constant.The symbols utilized in the model are detailed in the nomenclature.

Figure 4: The transition diagram

3 Equations and Mathematical Expressions

In this section,the dynamic behaviors of model (8) are analyzed,and two important equilibria are identified:The disease-free equilibrium and the endemic equilibrium,which can indicate malware remains in epidemics or become extinct.This research then proceed to assess the local and global stability of these equilibria using the basic reproduction number,denoted asR0.

3.1 Disease-Free Equilibrium

The model Eq.(8)is set to be zero with(t)=0 for alliandj,and(t)=0 for allkandl.Then it has Θ11(t)=Θ12(t)=Θ21(t)=Θ22(t)=0,and

3.2 Endemic Equilibrium

The independence in the joint degree distributions is assumed as:

Fis the rate of new occurring infections andVis the rate of transferring individuals out of the original group,Γis a complex matrix.The matrix(12)can be simplified to:

Due to the independence of joint degree distributions in the model,matrix (13) can undergo further simplification to:

then it can get the characteristic equation,

The eigenvalues of the matrix are:

Theorem.1If the basic reproduction numberR0<1,the disease-free equilibriumE0is local asymptotically stable;ifR0>1,E0is unstable.

Proof.For a constant differential autonomous system,

4 Simulation Experiments

To test the efficacy of critical nodes and containment strategies,this research performs simulation experiments to simulate the malware propagation process within the industrial control network.In a discrete-time framework,simulation experiments are executed to collect a dataset representing the number of PCs (ICS equipment) in each state within the network,and the experimental results are drawn using MATLAB.

The experiments are divided into three parts:Disease-free equilibrium,endemic equilibrium,and the effectiveness of key nodes.The coupled network is assumed to exhibit a scale-free structure,with node degrees following a power-low distribution.The power-law index is setγ=3.

4.1 Disease-Free Equilibrium

Fig.5 shows the trend of the number of infected hosts in the PC network,and the parameters for the disease-free equilibrium are listed in Table 1.In the initial phase of the simulation,due to the rapid spread of the malware,the number of infected hosts increases rapidly and reaches a peak att=21.Afterwards,the count of infected hosts quickly begins to decline due to the containment strategy,and finally,the number decreases to zero.When the PC network reaches a disease-free equilibrium,there are no infected hosts,that is,the malware is eliminated.The number of recovered hosts in the network accounts for about 80%,indicating that the hosts in the network have been immunized in a wide range.

Table 1: Parameters for the disease-free equilibrium

Figure 5: The propagation of PCs(disease-free equilibrium)

Next,an experimental analysis of the malware propagation is conducted in the ICS network.In Fig.6,it is shown the propagation trend of the infected industrial control equipment.The number of monitored and recovered industrial control equipment increased and then decreased,and finally,the number became zero.The number of susceptible industrial control equipment reaches the minimum value of 800 att=40,then it starts to increase slowly.Finally,all industrial control equipment in the network is in a susceptible state.From the experimental results of the ICS network,it can be concluded that when the system is finally at a disease-free equilibrium,there is only susceptible industrial control equipment in the network.

Figure 6: The propagation of industrial control equipment(disease-free equilibrium)

4.2 Endemic Equilibrium

The parameters corresponding to the endemic equilibrium are presented in Table 2.Fig.7 shows the curves of PC hosts in the PC network.In the beginning,a large number of susceptible PC hosts are infected,leading to a rapid rise in the number of infected hosts,reaching a peak aroundt=20.Afterward,due to the containment strategy,the infected PC hosts are monitored and then recovered.The number of infected PC hosts began to decrease and eventually became stable.When the system reaches a diseased equilibrium state,only 15%of the PC hosts are infected,and the number of recovered hosts accounts for 40%.The experimental results prove that the containment strategy effectively can limit the spread of malware in the network.

Table 2: Parameters for the endemic equilibrium of the SIQMR model

Fig.8 shows the propagation of the industrial control equipment in the ICS network.In the beginning,the susceptible industrial control equipment is quickly infected,the number increases rapidly and reaches a peak soon.Subsequently,the number of monitored and recovered industrial control equipment gradually increases,and the number of infected industrial control equipment begins to decrease.Finally,the industrial control equipment reaches a stable state.The figure illustrates that after the system is stabilized to an endemic equilibrium state,22%of the industrial control equipment is infected,while the proportion of monitored and recovered equipment is 35%and 30%,respectively.The simulation experiments have proved that the SIQMR model has a noteworthy inhibitory effect on the spread of malware in the industrial control network.

Figure 7: The propagation of PCs(endemic equilibrium)

Figure 8: The propagation of industrial control equipment(endemic equilibrium)

4.3 Comparisons of Relevant Parameters

To examine the impact of the parameters on malware propagation,some parameter comparative experiments are conducted on these parameters.Fig.9 shows the influence ofβ11andβ21on the speed of malware propagation.It can be seen from Fig.9 that whenβ21remains unchanged andβ11increases to three times the original,the number of infected hosts has increased significantly.Whenβ11remains unchanged andβ21is increased by three times,although the number of infected hosts will also increase,the increase is relatively small.It can be concluded that when the malware spreads in the industrial control coupled network,the influence of the infection rate(β11)within the subnet is greater than the infection rate(β21)which crosses the subnet.

Fig.10 shows the influence of the quarantine rateϕ1of infected PCs (in the PC network) of infected PCs on malware propagation.In Fig.10a,it is apparent that the greater the quarantine rateϕ1of infected PCs,the smaller the number of infected PCs.It shows that improving the intrusion detection efficiency and timely isolating the infected PCs from the network can effectively suppress the propagation of malware.However,in Fig.10b,the quarantine rateϕ1of infected PCs has little influence on industrial control equipment.It means that changes in the quarantine rate can only affect the spread of malware within the same subnet.The same comparison on the monitored rateϕ2(in the ICS network)is conducted,it can get similar results,and it is shown in Fig.11.

Figure 10: Comparison of infected hosts with different quarantine rates ϕ1

Figure 11: Comparison of infected hosts with different monitored rates ϕ2

5 Discussion about the Key Nodes

To verify the duty of key nodes in the malware propagation,an experimental analysis is conducted on key nodes in the coupled network.The connection matrix of the industrial control coupled network is shown in Fig.12.The number “1”in the matrix means that two nodes are connected.Firstly,the degree of each node in the network is calculated according to the connection matrix and then sort all the nodes according to the degree.In this paper,the key nodes are the nodes with the larger degree value,and the sequence count of the key nodes in the network can be easily obtained according to the sorting result.

Figure 12: Connection matrix of coupled network

According to the theoretical analysis in Section 3,the greater the degree of a node,the more other nodes it can infect per unit time.The critical network node has a higher degree value.If the critical node is infected,the malware will erupt more quickly.Firstly,the key nodes in the two subnets are infected by malware.The experiment assumes that the number of key nodes in the PC network and the ICS network are both 20.Then in another experiment,40 nodes are randomly selected for infection,and compared the results of the two simulation experiments.

So it can be concluded that infecting key nodes will cause the malware to infect the network at a faster rate.If a hacker obtains the topology data and attacks the key nodes (such as SCADA and HMI),then the malware will rapidly spread within the network and very little reaction time will be left for security personnel.Once a key node is infected,it will instantly infect many susceptible hosts and equipment,it is like a“superinfected node”.However,if the pivotal role of key nodes is used in the network,it can get a more effective malware containment strategy.The experimental analysis is conducted about the inhibitory effect of recovered key nodes.

In Fig.13,the key nodes in the PC network and the ICS network are selectively immunized att=1,that is,implement measures such as early protection and patching on the key nodes.Then the same number of nodes are randomly selected for early protection and patching,and the outcomes of both experiments are contrasted.Fig.14 displays the comparative experimental consequences,it becomes evident that vaccinating pivotal nodes can lead to a further reduction in the count of infected nodes,effectively curbing malware propagation.

Figure 13: Crucial infection and random infect

Figure 14: Crucial immune and random immune

Fig.15 shows the effect of immunizing key nodes at different times.It is clear that the earlier the key node immunization is adopted,the lower the count of infected hosts.Aftert=10,the sum of infected hosts remains nearly the same.It shows thatt=10 is a threshold,beforet=10,the earlier key node immunization is carried out,the more effective.

To further verify this result,the crucial immune and random immune are compared att=10,the result is shown in Fig.16.It can be seen that att=10,there is no obvious difference between the effects of crucial immune and random immune.Therefore,the earlier the immunization of key nodes,the better.After the malware spreads in the network,selecting key nodes for immunization will not have a significant effect.

In addition,a comparison experiment is conducted to validate the impact of the containment strategy,the SIQMR model is compared with the classic SIR model.The experimental findings are depicted in Fig.17.The number of infected equipment in the SIQMR model has been significantly reduced.Therefore,it can be proved that the containment strategy has an effective inhibitory effect on the spread of malware.

Figure 15: Impact of the immune time

Figure 16: Crucial immune and random immune at t=10

Figure 17: Comparison between SIR model and SIQMR model

6 Conclusion

In industrial environments,the industrial control network is often connected to other networks.To understand how malware spreads in this network,this research proposes a malware propagation model with a containment strategy.This strategy involves quarantining PCs and monitoring industrial control equipment.By analyzing the dynamics of the malware system,the proposed model identifies a disease-free equilibrium and an endemic equilibrium and calculate the basic reproduction number.Then simulation experiments are conducted to study the spread of malware and analyze the impact of various parameters.Additionally,this research examines the role of key nodes in the interconnected network.The findings lead to the following conclusions:

1.Key nodes are crucial in the network.If attackers target and infect these key nodes,the malware can rapidly propagate to numerous PC hosts and industrial control equipment.

2.Key nodes can be effectively utilized to suppress malware.Immunizing key nodes in advance can effectively inhibit the spread of malware.

3.Timely immunization of key nodes is crucial.Once the threshold is exceeded,immunizing key nodes becomes almost ineffective.

The analysis provides valuable insights for suppressing malware in industrial control networks,highlighting the importance of quarantine and monitoring as containment strategies.This research also recommends leveraging key nodes for defense against malware.Comparative experiments validate the viewpoints.The future research is to incorporate dynamic network topology structures and parameters that align better with real-world scenarios.Furthermore,actual industrial datasets will be used to verify the reliability of the proposed model.

Acknowledgement:This paper was supported by Scientific Research Project of Liaoning Province Education Department,and Liaoning Province Nature Fund Project.The authors also acknowledge with thanks to the“Ditecting Laboratory”of Northeastern University.

Funding Statement:This paper was supported by Scientific Research Project of Liaoning Province Education Department,Code:LJKQZ20222457&LJKMZ20220781,and Liaoning Province Nature Fund Project,Code:No.2022-MS-291.

Author Contributions:The authors confirm contribution to the paper as follows: Study conception and design: Q.Fu,J.Wang;analysis and interpretation of results: C.Si,J.Wang;draft manuscript preparation:Q.Fu,J.Liu.

Availability of Data and Materials:This article does not involve data availability and this section is not applicable.

Conflicts of Interest:The authors declare that they have no conflicts of interest to report regarding the present study.