Research On Propagation And Warning Of Worms In Internet

Internet worms threaten to Internet continuously with the quick and various propagation modes. Compared with traditional host viruses, Internet worms have the better propagation and bring more damage. Therefore, it is very valuable to model the spread of Internet worms and study the warning system.Worm propagation models can be mainly divided into two types, which are the model with continuous time and the model with discrete time. The typical models with continuous time and the AAWP (Analytical Active Worm Propagation) model with discrete time are analyzed. Based on comparison between the two types of models, DTWP (Discrete Time Worm Propagation) model is proposed, which is the improvement of AAWP model and considers the situation of anti-worms. The simulation result in matlab suggests that Compared with AAWP model, DTWP model can provide better understanding and prediction of the upper propagation trend of Internet worms.Internet has the opening characteristic. There is no perfect prediction mechanism to assure that the nodes in Internet will not be attacked by unknown Internet worms. Thereby, traditional virus intrusion detections are not well-suited for the warning of Internet worms. Then, an Internet worms warning system based on P2P architecture is presented. The system uses the P2P architecture and all the nodes of the system have the same positions. So in our system, not only can the nodes add or quit flexibly, but also there is no computing bottleneck or single error problem, which should be considered by the security system. At the same time, the system analyzes TCP flows at the early time of worms appearing, gets suspicious flows, then does comparability analysis to these suspicious flows, and thus can warn the unknown worms. Additionally, the module of analyzing worm characteristic codes in the system can distill worm characteristic codes from suspicious flows, which makes the current unknown worm become the known one. In this way, it is intellective to warn worms in the system. Based on JXTA middleware, implementation of the system archetype is achieved in the Windows 2000 operation system. The testing result indicates that the system can warn the unknown worms in Internet.