| With the rapid development of Internet, the whole society depends on computer network more than ever. Meanwhile, network security becomes a critical issue. According to "Analysis Report of information security and computer virus of whole country in 2006", computer virus, worm and Trojan horse, which occupied 84% of all security issues, are the most critical network security issues. For network administrators, it is in urgent need to strengthen dectection of network virus. Network administrators urgently need one kind of tool, which displays real-time distribution of network viruses and their trend of spread. Thus, according to the profile of network administrators'requirment, a detailed description is performed on the investigation and implementation of a distributed network virus detection system. First, a brief introduction on the concept and characteristics of network virus is conducted at the beginning stage; followed by the current research situation of network virus detection techonoloy; followed by an introduction of a distributed network virus detection system and some key technologies in this system. The article covers following items:1) An introduction on the research meaning of network virus detection system is given, followed by a brief introduction on the definition of computer virus and its classification and the research state-of-the-art of network virus detection. At last, a brief introduction of main research results in this paper is given.2) More research on network virus detection is done in this part. First, some analyses work on typical network virus, like worm, Trojan horse, maliciousness codes and botnet is introduced with examples. Then, the spread modes of network virus are investiaged in details, followed by detailed research work on both traditional virus detection technology and network-based virus detection technology.3) In this part, first, analysis on requirements of network virus detection system is given, followed by detailed design of the distributed architecture of the system and every module in it. Finally, solutions to technical difficulties in this system are proposed, including the implementation of a real-time stream-based data flow scanning technology, a network-based parallel algorithm for application layer data inspection (Parallel Application layer Inspection Algorithm, PAIA), and the data flow distributing mechnism.4) Finally a summary and outlook of the thesis is proposed. |
PDF Full Text Request