Study On Propagation And Control Of Internet Worms

With the explosive growth of network applications and complexity, the threat of Internet worms against network security becomes increasingly serious. In recent years, the study on Internet worms has become one of the most active research topics in the field of network security and information security in the world. In order to restrain Internet worms, we should first analyze their structure, scanning strategy and attack methods. Moreover, the essential guarantee and kernel content of defending them is to estalish their propagation models and control strategies.To overcome the faultiness of the available propagation models and control strategies, by combining the control method of natural epidemic (SARS), we actually improve the traditional propagation models in this dissertation, and then propose a new worm propagation model based on quarantine strategy. In view of the control of the firewall to network worms under many subnets, we also propose a worm propagation and control model based on the firewall. The experimental results illustrate the effectiveness and good performance of our control strategies.In sum, the main research fruits achieved in this thesis are given as follows. By studying current Internet worm's definitions, it is found that the existing definitions are inaccurate; that is to say, these definitions neglect the human factors and can not generalize actual worms. Moreover, new technologies that worms use are ceaselessly appearing, and new characteristics of Internet worms may incidentally ceaselessly appear. However, their basic characteristics can not change, i.e. propagation through network and self-duplication.The propagation mechanism of Internet worms is analyzed minutely. The scanning and attack methods are carried through in-depth researches. By analyzing some representative worm cases, the entitative structure of worms is elicited, and prepares the base of cleaning and defending Internet worms.Two Internet worm propagation models based on the quarantine strategy are proposed. The first one, based on the classic Kermack-Mckendrick model, considers the recovery of susceptible hosts when we defend worms. The second one, based on the SEIR model, considers the birth rate and death rate of Internet worms.A worm control system of multi-level firewall enterprise network is proposed. This system installs multi-level firewall system respectively among the enterprise network edges, each subnets and terminals, and cooperates with worm detection and control system, network anti-virus system and so on to form the integrated worm control system.In view of the control of the firewall to network worms under many subnets, a model of the worm propagation and control model based on firewall is proposed. This model reduces the cross infection rate among subnets through the firewall and...