| The diverse propagation way and complex application conditions bring worm eruption in frequency, latency and overcast, therefore the worm does very serious crisis to the network. The fact shows that, the traditional anti-virus technique cann't satisfy network wonn preventing and controlling. Constructing the security system in view of the worm attack characteristic is becoming one of the most important research objects.Aiming to improve the real-time of detection and defense, this dissertation focuses on the system countermeasures of worm detection and active defense. The necessary of anti-worm is expatiated. The method that resolves the adaptation of security system using obtained knowledge and decision-making, good worm is also included to construct a combat paltform.1 The macro model DPWPARRC is provided. Analysis results show that, this model supports active defense extensively and combines countermeasures theory. A new good worm model of SSIRA is obtained by simpling and improving the model SIRA, which is demonstrating by simulation experiment.2 An anomaly detection method based on HoneyPot is studied , and the traditional method of HoneyPot deploying is changed. Addressing on DHAS deploying method, the detection algorithm FPDS is impoted. The misdetect rate of distortion worms is reduced. A test on Sapphire SQL worms proved that this algorithm is effective.3 Counter-attack of using good worm is also discussed. The different solutions are brought forward between the known malice worms and the unknown malice worms. The policies of controls on good worms are also studied deeply. Demonstrating the necessaries for sub-periods scanning strategy and focusing on the latter part of the spread strategy, the dissertation presents a spread plan based on PCRD.4 Building the simulation test platform. By changing environmental parameters confrontation, the effects of different conditions on worm confrontation are examined, and comparative analysis of the test results is done. The platform forlarge-scale applications based on the system of confrontation provided valuable data and information programmes.Simulation experiments are used to verify the validity of Aegis. Experimental results show that the providing system is self-adaptive and open in architecture. Since the worm detection and active defense is combined efficiently in this system, it can achieve a high detection rate and very low false positive rate in worm detection, and can prompt effective guard against worm crisis actively. |
PDF Full Text Request