| With the popularity of network applications, network security is getting more serious. Because worms can spread automatically without human intervention, worms has become one of the most serious security threats to Internet. How to defense worms has become a very pressing task. Faced with spread of worm in a large-scale network, single technology is hard to be effective. This paper presents an agent based worm defense system and the propagation model, rapid vaccine distribution mechanism, route optimization algorithms and deployment strategy of vaccine repository nodes.First, we established worm propagation model based on integrated defense mechanism. By analyzing the mechanism, a worm propagation mathematical model is derived. We proposed several assessment indexes for the worm defense efficiency: the pervasion rate, the peak infection proportion and propagation period. Using this model on the analysis of various parameters, it is indicated that imuunization rate is important for worm defense's efficiency.Secondly, we proposed an Agent-Oriented worm defense system which integrates worm detection and defense technology. In this system, Agents operate independently as the basic unit for the respective worm detection, immunization, isolation, and decision-making tasks. They cooperate mutually to defense worm together. This system adopts a layering topology and increase augmentability. self-repairing mechanism for global coordination node and vaccine repository nodes enhanced the reliability. The system is flexible and reliable, responsive, and suitable for large-scale network.Thirdly, a fast vaccine distribution mechanism is researched. First we study worm spreading model to analyze effect of host immune rate in worm propagation. We suggest a rational distribution of a number of vaccine repository nodes in the network, vaccine will be rapidly installed on every host by Agent cloning. In large-scale network environment, by mobile properties of Agent, vaccine can be synchronized in a large number of nodes in a short time. Compared with the traditional downloading method, Vaccine distribution time can be greatly shortened. Fourthly, we studied path optimization algorithm for the vaccine distribution Agents. on the basis of analysis on Agent's movement distance, a path optimization algorithm can shorten the length of Agent's movement, to further reduce the distribution time and enhance the efficiency of the response. Effectiveness of the optimization algorithm is verified on test.Again, we present deployment strategy of vaccine repository nodes. From formal description of deployment strategy, we get an optimal deployment algorithm to set up the rational locations and numbers of vaccine repository nodes. Correct choice of vaccine nodes can further shorten the time for the distribution of vaccines. Test results verify this deployment strategy.Finally, a worm defense system is constructed and realized. It uses multi-agent system as basic application platform. Exclusive message protocol provides an effective communication mechanism. Trials under actual circumstance achieved good results.In short, this paper is a useful exploration in large-scale network worm defense technology and provides theoretical basis and practical experience to further construct an improved worm defense platform. |
PDF Full Text Request