| Nowadays, computer network has been developed greatly and it's security is the up most problem that people concerned. Different kinds of insecure factor have been an great obstacle which can block the development of network. Among the different kinds of insecure factor, network worm takes the first place because it can bring the greatest damage to network. As far as 1988 when Morris worm was brought to the Internet, many security specialists had paid great attention to it. Although in the following 10 years, the research of attack and defend about network worm had been in stagnancy, the outbreak of CodeRed and Nimda in 2001 calls the alarm for another time. After that, more and more fierce network worms attack the Internet time and time again. It not only causes great damage to the Internet, but also vibrates the people's convince of Internet very seriously.For many years, people had taken lots of research in defending network worm effectively, but all had failed to defeat worm thoroughly. In fighting against the worm, the defending side has always been in a passive position. In the beginning of this century, a new technology called honeypot have been developed and matured. It has caused a visible effect in many field of network security. Also, it is regarded as one of the key technology that converts the defending of network security from a passive position to an active one. The core idea of honeypot is to build an artificial network trap to lure attacker, then direct their time and resource to the tarp, thus can also reveal their attacking method and tools. Many researches and applications of honeypot have been paid to fight against the attacker who is sitting on the other side of the network and monitoring the network in real time, so the research of defending automated worm like attack is rare and there is far way to go. This paper has researched on the honeypot technology and, based on the worm's working mechanism, designs a defending system against network worm on Windows platform using WinPcap network development tool kits. This paper implements the key component of the system and experiments on it which comes out expected results. This honeypot combines the network cheating and data capture. It can restrain the worm's spread and tried to catch worm, in such way, the network worm can be defeated.Firstly, this paper introduces the honeypot theory and the related technology in detail. Then it discusses the network worm. After researching on various characters of network worms, this paper summarizes the general character. Then, this paper designs a network worm trap called "WormCatch" and implements its key component which has been experimented later. The result shows that the "WormCatch" can hold down the speed of worm's spreading in the early stage of its break and the necessary information of worm can be collected. At last, this paper presents the suggestions of developing the honeypot system and makes predicts of the prospect of honeypot against network worm.
|
PDF Full Text Request