The Study Of Network Worms Detection Technologies

P2P network which uses point to point technology, makes directly share, retrieve and visit various resources among nodes in the network, and offers convenience platform for users. Along with P2P's popular, its user also becomes more and more. And IM-Instant Messaging is a special kind of special P2P network. Instant Messaging (IM) has become one of the most popular online communication tools among consumer. The increasing popularity and functionalities of IM and P2P programs have made it increasingly attractive for attackers, especially for worm makers.Instant communication list and the neighbor's node information in P2P network node offers worm an easy way to find potential victims so that the worm could achieve a surprising spreading speed.In this paper, we mainly focused on analyzing the propagation features of P2P worm and IM worm, and the technologies in detecting P2P worm and IM worm. The main contributions are as follows:1) The research for network worm spread model and detection methods. This paper starts with the spread model of network worm, then analyses the relation between scanning speed and worm infect ability which affects worm spread speed. According to the detailed analysis of P2P worm and IM worm, we elaborate its spread speed and safely threat level. For the confrontation of IM worm, the existent problem are explains, and then analyses the existent problem of worm detection methods in detecting P2P worm.2) Proposes the P2P worm detection method based on information relation. According the normal network behavior of P2P network combines P2P worm using neighbor's node information in order to propagate, we analyses the relation between different network behaviors. Then the paper proposes the P2P worm detection method based on information correlation.3) Proposes the IM worm detection method based on behavior analysis. After IM worm infects a computer successfully, the worm sends message to all people in IM connection list. Combine the behavior difference between IM user and IM worm, the paper introduce a new algorithm for detecting IM worms, which is based on the different behavior ability. Then, we discuss the possible improvement in realizing it.4) Simulation and results analysis. We construct P2P and IM network on the circumstance of NWS combined with PERL. The simulation results show that the proposed algorithm is of significant effect on detecting P2P and IM worm; the results also show some good conclusions.