| The last few years have demonstrated that worm is a serious and growing threat. The traditional anti-virus technologies don't currently scale to deal with the worm threat, and the special countermeasures lag far behind. The former researches centralized on the behavior, the structure, the propagation strategy and the de-infection of some special worms, but the worm defenses, especially the proactive defenses, were absent.Internet worms are difficult to eliminate because Internet is an open and complex scale-free system, and there are a mass of vulnerable nodes, which are absent of managing and defending. If these nodes are infected with worms, worms will be left on them and may attack the other nodes on Internet. The existing host-based prevention technology can do nothing to prevent these infected nodes, and the quarantine mechanism can only limit the propagation range and can't eliminate all of the worms. Consequently, how to prevent the dispersed nodes from infecting is the key to dominate the worm epidemic situation. In this dissertation, we make comprehensive researches on network worm containment technologies based on active countermeasure.Firstly, we have a review of the Internet worm history, and propose the definition of friendly worm. Moreover, the entity construction (including probe model, penetrating model, immunity model, transmitting model, recovering model, self-removing model, communication model, and remote control model) and working mechanism are given. We also present a Centralized Containment Model (CCM) to manage a small local network; an Active-Spreading based Containment Model (ASCM) to contain the worm propagation scope; and an Interception Guided Containment Model (IGCM) to eliminate the remaining worms after the epidemic situation. An epidemic model of friendly worm counter-attacking network worm is proposed based on two-factor model, with the conditions that the machine number of the network is fixed during propagation. And then the worm epidemic situation curves are depicted with different parameters, from which we make some detail studies on the impacts of the parameters (including the friendly worm propagation rate, the friendly worm number, the vicious worm propagation rate and the vicious worm number). The results supervise the actual researches on active counter-attack mechanism based on friendly worm.
|
PDF Full Text Request