Research On Worm Propagation And Control Based On Distributed Honeynet

In recently years, with the rapid development of Internet, more and more applications and services are provided through the network, at the same time the security of the network also faces the enormous challenge, it is threatened seriously, especially the population of malicious code poses an essential part of these threat sources. Of all the malicious codes, worms are capable of self-propagation without human intervention, which means that more serious underlying disaster. Therefore, how to defend network against worms effectively and prevent it from spreading in the network become a pressing work. In the study of worm, the analysis to worm structure, scanning strategy and attack method etc al is the precondition to prevent worms form spreading in network, establishing worm propagation model and control strategy is essential guarantee and kernel content of defending against worms.A large of research have been done on how to detect and prevent network worms effectively and security systems such as firewall, intrusion detection system and anti-virus defending system had been developed, however, all these systems mainly defend network against worms purposely based on known worm sample, so that they can do nothing when a new style worm arises. The presence of honeypot and honeynet tries to change the passive situation of traditional network security by making the security preventing to active; meanwhile, the discovery of Internet performs obvious scale-free characters in topology is of great significance to research the worm behaviors in depth, protect network from attack on purpose based on network topology, build up network concept in security and ensure network security.Honeypot is a security resource whose value lies in being probed, attacked and compromised. Distributed honeynet is gradually developed based on honeypot, it add up to the tool of date capture, data analysis and data control, which is a honeynet network structure that was make up of by honeypot hosts and honeynet under distributed system. This paper took research on worm propagation and control strategy based on distributed honeynet which has been deployed in the network to defend against worms and hackers etc al. In view of the special propagation mechanism, working of worms and the limitation of present worm propagation model and control strategy in describe worm spread and control, we bring distributed honeynet and anti-worm technology into together and present worm capture and control system based on distributed honeynet. This paper try to construct worm propagation model under distributed honeynet, bring foreword to corresponding worm control strategy and construct the deployment model of distributed honeynet mentioned based on the invulnerability of complex network. This paper is composed of three parts:First, we present a worm propagation model based on distributed honeynet. In view of the limitation of the present worm propagation model in describing worm spread in the reality networks, considering honeypot host perform obvious inveiglement to worms, can be infected by worms at first time and its data control policy-"come in easily, out strictly" under distributed honeynet and the scale-free characters in network topology, we also considers the immunization of host for it install security update in time and the lose of immunity for immunized host for aberrance or other causes, it become susceptible again etc al, we construct worm propagation model under distributed honeynet, validate it over simulation experiment, analysis the effect of network topology, the degree of cajolery for honeypot host and the number of honeypot host in worm spread.Second, we present a worm immunization and control strategy based on distributed honeynet. Based on the present immunity theory, considers honeypot host can act as "immunization agent" to dispense immunity information to its neighbor hosts, honeypot hosts share worm information over honeynet and deploying honeypot at network boundary or key location can dividing network into many parts for its data control policy-"come in easily, out strictly" under distributed honeynet, then we can prevent worm form spreading in large-scale network over control honeypot host; at last ,we give a reasonable scheme with distributed honeynet over analysis, then prevent worm from spreading in the network.Third, we present the deployment model of distributed honeynet and its scheme to realization. Since distributed honeynet can be used in constraining worm propagation and worm immunization, the deployment of distributed honeynet is of great significance in ensuring network security. This section present a deploy model of distributed honeynet and the scheme to realization based on the analysis to distributed honeynet in network dividing and its influence on network invulnerability for the change of microcosmic structure, constructing a deployment model of distributed honeynet, and give its detail scheme to realization; at last, we validate the correctness of the model over simulation experiment.