Research On Network Worm Detection And Prevention System Model

The rampant spread of Internet worms seriously occupy host resources,consume network resources,use up a lot of network bandwidth,cause serious economic losses.In order to reduce economic losses brought by network worms,it is emergent to build a real-time,accurate,high- efficient network worm detection and prevention system to prevent worm spread.In this paper,firstly,introduce the definition of worms,functional structure of the worm and its working mechanisms.Against attacking characteristic analyze its spread strategy and attack method this text systematically analyzes typical attacking process of worm on the basic principles of buffer loopholes,and provides a theoretical basis for worm propogation.Then,the thesis proposes network worm detection prevention model on the basis of relevant research,Model composed detector,decision-making console,isolation and central database.Secondly,based on relevant research,a network worm detection prevention model is brought forward which is composed of four parts,including detector, decision-making console,isolation and central database.Thirdly,combining the advantages of misuse detection and anomaly detection,a new method to detect worm automatically is proposed which uses anomaly detection model to find out the abnormal data set,does character abstract automatically and update character database to process character detection to realize the detection of unpredicted worms.This method can find out new epidemic situation effectively,which is the base to prevent worms automatically.In this paper,we propose a new way of worm automatically detecting,that is the detecting method of,specially taking advantage of both modes in the detector module, anomaly detection module is used to screen out network data set,and signature extraction is processed,then this signature is updated to the signature based detection module.The whole system acts as the base of worm automatic defense system,which can early warn the epidemic situation effectively and detect the unknown worm.Fourthly,a worm detection and prevention system is designed and realized in this paper which includes design of communication protocol among various modules,design and realization of decision-making console and design of database.Considering decision-making console should make decision after receiving alarming information, this paper apply classification algorithm to find out the host infected.On the basis of the model,this paper design and realize worm detection and prevention system.The paper included design of communication protocol among various modules,the design and realization of decision-making console,and the design of database.Considering decision-making console to make decision after receiving alarming information,the paper highlighted C4.5 optimizing decision tree classification algorithm,the effective decision-making algorithm can accurately judge the worm infected host.At last,a real network testing environment is built,functional test of detection and prevention of worms is processed according to testing solutions,which proves worm detection and prevention system is usable,real-time.A real network testing environment was built,and worm detection and real-time response system was tested.The test results verified the correctness,real-time and availability of the system.Finally,the research work was summarized and the existing problems were analyzed.Furthermore,future work was proposed as well.