Research Of Net Worm Detection And Control Technology

With the development of computer technology and Internet, computer virus and net worm have become the biggest trouble computer users faced. The breaking out of worm affected the normal function of computer and network seriously. The transmission of worm not only occupies the system resources but also affects the normal operation, occupies the network bandwidth, making net traffic even network break down threatening the people's regular life and social stability. So the most important thing is detecting and controlling the worm in time for the security of network.This paper reviews the appearance and development of net worm, presents the definition and working principles, some correlative content of in intrusion detecting technology, gives several examples about worm detecting technology and sums up the control technology of worm existed.Through out worm analysis and study, this paper puts forward the methods of detecting and controlling the worm crossing the WAN: (1) Sampling technology based on ICMP, this paper ascertains suspicious computers via statistics of ICMP implementing faster and higher-level efficiency detecting. (2) Detecting technology based on Bayes, this method uses the failed connection probability as the detecting index, judges whether the computer is infected by computing the failed connection probability, making the results even more precise with the consideration of history. (3) Multi-queues controlling technology based on token bucket, transmiting data packs sent by infected computer to different queues according to the port, because of high outburst of worm's attacking, the attacked port will have gusty queue for a long time, it will control the spread of worm that controlling the data pack sent from the port.This paper analyzed and designed a worm detecting and controlling system with the technologies all above in the campus LAN. This system includes sampling module, detector, controller and manager on the server, implements and validates the responsiveness and veracity.The result indicates that worm detecting and controlling technology studied in this paper could detect the worm in the high-speed network exactly and control it strictly, so this technology worth further study.