Research Of Worm_warned Model Based On Abnormal Traffic

Internet worm against network security has always grown day by day. There is a challenge faced the traditional worm defense technology based on signature. Single firewall strategy and detection method used by IDS has not supported the applications in sensitive network security. It is important for market value and study that assure usability of the network bandwidth and detect worm virus automatically without virus sample database.This paper provides a worm_warned model based on abnormal traffic , which depends on network traffic characteristic resulted from worm eruption. In order to detect unknown worm and lower worm prevalence risk, the Model aims to detect worm without virus sample databases, to evaluate network risk, and to interact with firewall under security policy.This paper describes the development and research of worm, and states particularly worm propagate model and main detection methods. The article explains and compares signature match and protocol analysis technology, and sum up the network traffic abnormity by illogical protocol when worm erupts.A project frame on the model is designed for the Intrusion Detection System against worm. The paper presents functions and discusses the process of every module in the frame. The implementation of the interaction by using open interfaces between the firewall and the model is described, and a specific communications is given.In this paper, it builds a worm warned model based on overview. It goes further to propose the key algorithms on nonstationary traffic and Worm Eruption.