| With the broader application of the Internet technology, more attention has been put on the area of Internet security. The network worm, with the long latent period and wide coverage, has been more and more a serious stress on the Internet security since its first broke up. Therefore, how to detect and defend from the network worm has been a much crucial research area of Internet security maintenance.Firstly, the thesis has made a general summary of the basic concept, structure and function, as well as the current research and future research prospectus of the internet worm. Secondly, a technique of how to detect the worm specifically the detect method technique based on the flow of Internet has been dissertated. The key topic of this thesis is how to detect network worm more efficiently based on the existing technique.On the basis of characteristics of network worm attack, the distinctly change of the failed connection of network is considered. We detect network worm by analyzing the exception of failed connection flow(FCT). The concept of FCT was introduced, then the FCT time series was builted to measure the failed connection of network. Based on the wavelet packet analysis of FCT time series, this method computed the energy associated with each wavelet packet of FCT time series, transformed the FCT time series into a series of energy distribution vector on frequency domain, then a trained K-nearest neighbor (KNN) classifier, a Support Vector Machine(SVM) classifier and their coalesced was applied to identify the worm. All three algorithms detect the worm by a threshold, which is set by training the data of the failed connection collected. Then we compared the SVM algorithm with the traditional BP neural net algorithm. The experiment results show that all the three methods can detect network worm effectively. |
PDF Full Text Request