| With the rapid development of Internet, people benefit from it more and more. But with the explosive growth of network applications and complexity, network security becomes more serious and Internet worms become a major threat to the network security, and the recent worm epidemics have caused more and more economic damage. How to quickly and effectively detect the worm in large-scale network has become an urgent problem to be solved.The main content of this paper is the technology of rapid worm detection in large-scale network. Firstly, it introduces the worm's definition, function structure and execute mechanism. Secondly it introduced some present technology and architecture of worm detection and analyzed their own fault. Then it proposed a distributed worm detection model based on DHT protocol in P2P and described the advantages of the model. After analyzing the kernel of Chord which is a routing algorithm based on DHT, it improved Chord's loop-up algorithm, bringing the length of searching path from O(log2N) to O(1). And the improvement made Chord more suitable for the distributed worm detection model.Finally, it presented the bottom-up description of the aspects of the model. First, it developed the traditional TCP/IP protocol stack into protocol stack with multithread, in order to implement the recover of large-scale network traffic and optimized the stack to reduce the impact of performance caused by worm's scan. Second, it implemented the automatic generation of the worm signatures with Rabin fingerprint. Third, it proposed the strategy of information communion based on distributed storing of the fingerprints of substring. Then the algorithm of worm detection in distributed system. And experiments were given in each aspect and then the conclusion was presented. |
PDF Full Text Request