| With the rapid development of computer technology, people who get benefit from it meanwhile suffer the troubled of all kinds of malicious code. According to the CN Cert.'s report Worm Virus have become the biggest How to inhibit the worm virus has become a most critical problem in the area of information security.This paper combine the theory that endpoint is the source of security with worm transmission features, presents an approach to restricting this high speed propagation automatically. The approach is based on the observation that during virus propagation, an infected machine will connect to as many different machines as fast as possible. An uninfected machine has a different behavior: connections are made at a lower rate, and are locally correlated (repeat connections to recently accessed machines are likely). This paper describes a simple technique to limit the rate of connections to "new" machines that is remarkably effective at both slowing and halting virus propagation without affecting normal traffic.After that, this paper introduces the implementation of the model in the Windows system. Based on Windows NDIS and TDI, corporation with application, it can detect the worm virus and try to kill it. At last, I test this system, and find it effective to inhibit the worm virus. |
PDF Full Text Request