Study And Application Research On The Detection Of Malware Propagation Based On The Contact Tracing

With the development of computer technologies and network applications, more attention has been paid by users and network managers. Malware has become the most serious threat to the internet, which can not only exhaust system resources of infected hosts and destroy them, but also occupy network bandwidth, and even disrupt the whole network. In recent years, research on malware detection and defense has become more and more popular in network security field. To improve the detection accuracy, in this paper, we presented several strategies on malware propagation detection, based on the analysis of malware behavior. To sum all, four principal achievements have been obtained:①A contact tracing algorithm based on"Single node detection-Multiple nodes tracing"pattern similar to the virus propagation is proposed. The single detection algorithms including difference entropy algorithm, EWMA algorithm and Kalman filter algorithm base on multiple characteristic are proposed to reduce false positive. To strike the balance between the accuracy and speed, we proposed three tracing algorithms: simple tracing algorithm, longest-chain tracing algorithm and causal chain algorithm. Through numerical simulations, multiple nodes tracing chain can reduce the false positive.②A detection algorithm based on dynamic accumulated violation is proposed. Through analyzing the relationship between detection accuracy and time window, an optimized algorithm is proposed to reduce the impact on detection accuracy.A algorithm integrating similarity rate algorithm and entropy algorithm is proposed to reduce the sensitivity of transient anomalies. In detecting the illegal traffic, a detection system needs to deal with various network conditions and dynamically changing attacks. Thus, a good detection system needs to have an"adaptive detection"functionality based on cost minimization—adaptively adjusting its configurations according to the network condition and attack severity in order to minimize the combined cost introduced by false positives and false negatives at any time.③To block the propagation of polluted files in the P2P file-sharing system, a detection system based on contact tracing tree is proposed and a combined scheme integrated"Soft Quarantine"and"Attack Diversion"is presented to block the DDOS attack appears in the P2P file-sharing system. ④A dynamic model based on contact tracing chain is proposed, by analyzing the simulation of dynamic model, some blocking strategies such as time-sharing blocking, dynamic quarantine and preferential immunization are presented. Through numerical simulations, we demonstrate that the proposed detection framework can quickly detect and block the propagation of malware, and strike the right balance between the detection speed and false positive.