| Self-propagating code, also known as active worm, has been a persistent security threat on the Internet. Since the propagation of worm is using the system's or software's vulnerabilities, the most effective way to protect a host from worm is to patch. Recent passive network security counter-measurements are poor effect on patching hosts which are absent of manual management.This paper considers a new active counter-measurement called anti-worm which is also a kind of self-propagating code that can travel over the computer networks to fight against malicious worm.Firstly, four characteristics are given to evaluate the anti-worm by summarizing the active defense researching field. And this paper proposes a new kind of anti-worm called P2P anti-worm which propagates using P2P techniques. In this propagation method, the state that after P2P anti-worm enters a host is divided into ACTIVE and QUORANTEEN to make it propagate faster and do less harm to the network.Then, a mathematical analysis is presented using discrete time method of this new approach and the mathematical model of P2P anti-worm is given to analyze the propagation process.At last, we do simulation of the model with MATLAB and use SSFNET to simulate the P2P anti-worm vs. pure random scan worm. In the simulation experiment, the relation between the propagation speed and the parameters of P2P anti worm, such as P2P overlay average degree, the initial number of the anti-worm and the release time delay, are discussed. The results show that P2P anti-worm can slow down the speed of the malicious worm. |
PDF Full Text Request