| Now, more and more people log on the internet to chat with others, download files or read WebPages. The Internet becomes an important role for the economy of country and life of people. Once the network breaks down, it will cause an enormous economic loss. Abuse Resource attack can cause the network or end server break down. So more and more people and organizations pay attention to detect and defend against Abuse Resource attack. Based on the target of Abuse Resource attack, we can divided Abuse Resource attack into two categories: 1)class I attack; In this Abuse Resource attack, the target of Abuse Resource attack is router in network. 2) class II attack; in this Abuse Resource attack, the target of Abuse Resource attack is end server. Because of the worm attack is typical class I attack and the last few years have demonstrated that worm is a serious and growing threat. This paper presents an algorithm to defend against worm attack and class II attack of Abuse Resource attack.In order to defend against the worm threat, technology developers and researchers must have a better understanding of the common vocabulary for reasoning about the worm threat, and an operational understanding of how worms work. Further, having the means whereby developers and system defenders can evaluate worm conflict—both the offensive and defensive tactics and postures—will enable developers to identify requirements for defensive countermeasures and postures as well as evaluate those defenses before developing a prototype. Firstly, we analyze the worm general algorithm. And describe the worm propagation model on different scan strategy. And analyze the character of worm's traffic and descirbe the influence of other normal traffic when worm breaks out.Secondly, we present a method for early detection of worm based on wavelet analysis. Our early detection first gets the number of abnormal computers. Then based on wavelet analysis, we detect an unknown worm by using recursive least squares estimation.Thirdly, the worms have done serious harm to the computer and network systems due to its speed. The traditional anti-virus technologies don't currently scale to deal with the worm threat. In order to defend against worm effectively and timely, an effective worm defense system must be established. In this paper, we present an algorithm for defending against worm based on worm connection degree. The main task of defense mechanism is constrain the worm propagation and protect network from worm attack. We propose a distributed mechanism which is composed of two parts: a index server and distributed sensors for defending against worm attacks. These distributed sensors monitor the network and detect worm. Once a worm attack is detected, a dropping packet mechanism is used so that (1) the worm propagation is constrained, and (2) number of interference with normal activity is minimize. We report experimental results to prove the robustness and efficiency of the proposed defense mechanism.At last, we present a differential filtering against Abuse Resource attack on end server. In this method, we believe that there are two category users: 1)malicious attack users; 2) normal users. And Our algorithm can identification malicious attack users and control their flows. Through these means, our algorithm can protect end server from Abuse Resource attack and make normal users get effective service. |