| With the fast development of Internet, the scale of computer network and applications grows rapidly. At the same time, the events of network security emerge in an endless stream, among which, the threat of malicious code is more and more serious. Internet worms, as one kind of malicious code, have become one of the most active research topics in the field of network security, due to its fast propagation speed, high impaction, damage ability, and wide application. Researching scanning strategies, propagation model and corresponding defense technologies of worms has significant practical meanings for the network security area.With the imminent depletion of IPv4 address space, it is imperative to adopt the next generation Internet protocol IPv6. For the complexity of fully realization of IPv4-IPv6 transition, IPv4 and IPv6 will coexist for a long period of time. Compared with IPv4, IPv6 provides several enhancements, such as address space, quality of service, and security mechanisms. However, it does not mean that worms can not form large scale propagation in IPv6 network. Researching the worm’s scanning strategies and propagation models in IPv6 network is instructive for the defense of future worm’s outbreak.On one hand, this dissertation researches worm scanning strategies in IPv6 network and IPv4-IPv6 transition environment, proposes propagation models, and discuss several defense measures. On the other hand, on the basis of the AS-level network topology of IPv4 and IPv6, this dissertation researches a weighted network model, proposes a worm propagation model based on the weighted network model, and analizes two defense strategies. The major contributions and innovations of this dissertation are as follows.1)This dissertation describes current research status of worm propagation modeling and defense technologies in IPv4 and IPv6 network, compares and analyzes different scanning strategies and propagation models, and gives three worm instances that can spread fast in IPv6 network. Based on deeply understanding of worm propagation mechanisms and instances, researchers can study possible future worm propagation strategies, and lay a good foundation for worm defense.2) This dissertation researches worm scanning strategies in IPv6 network. Based on these strategies and P2P sharing mechanisms, a three layer worm propagation model (TLWPM) is proposed which is suitable for spreading in IPv6 network. The simulation shows that the TLWPM has high propagation speed, and can form large scale propgagation in IPv6 network. Therefore, the huge address space of IPv6 can not fully prevent worm from prevailing. Allow for the features of this kind of worm, corresponding counter measures and defense methods to DNS and local link are proposed.3) This dissertation discusses three IPv4-IPv6 transition technologies. For the address translation technology, worm propagation models (NATWM and NAT64WM) in the environment of NAT and NAT64 are proposed. The two models can well reflect real worm’s propagation trend. Based on the models, the impact of the number of NAT gateway on worm propagation is discussed. Finally, a validation of proposed propagation strategies in real NAT64 environment is given.4) This dissertation researches the deficiency of mean-field theory in analyzing worm propagation problem. And then, two weighted network topology models (WGLP and WCNM6) for IPv4 and IPv6 network AS-level are constructed. Based on Routing worm and its propagation characteristics, a worm propagation model based on weighted network model is proposed. Finally, this dissertation researches selective immunization and immunization strategy based on Graph Partitioning theory, and discusses effects of the two strategies on worm propagation.5) A large scale Internet worm propagation Demo system based on SSFNet is designed and developed. The system can not only demonstrate current worm propagation model dynamically, but also describe the propagation scenario, propagation curve, propagation process of AS-level worm visually. |
PDF Full Text Request