| Recently, the frequent breakouts of Internet worm result in tremendous economic destruction, worm's threat to security of computer system and security of network increases day by day. Traditional anti-virus technologies cannot quarantine the propagation of internet worm effectively. Because of the huge damage of internet worm epidemics, how to detect and response internet worms has become an important task in computer network security field.Propose the new and precise definition of Internet worm by analyzing the district between internet worm and computer virus. Had the outbreak of the worm's behavior analysis, given the worm's six functional modules.Analyze the worm's propagation policy; point out the best way of worm propagation is that using both routable scan and random scan. Epidemic behavior between worm and biological virus is similar, so it would be possible to apply the mathematical models of biological viruses spread to computer worm propagation model research. Propose the epidemic model of Internet worm propagating, including SI model, SIS model and SIR model, and simulate the model using network simulation software SSFNet. The result of the simulation shows that: Worm propagation have three obvious stages: beginning of the free dissemination stage, dissemination limited stage, prevention and cure phase. These three stages correspond to the SI, SIS, and SIR model.Bring forward a new approach to automatically detect worms. Data stream based anomaly detection is used to screen out anomalous network data flow, subsequently, the signature is extracted. After analyzed, the signature is updated to the misuse detection pattern. Based on an automatic worm defense, a system could discover an epidemic situation effectively and detect an unknown worm.Finally, have a discussion of how to take advantage of Internet worm. Internet worm can be used on many beneficial aspects, such as anti-worm worm, network detection agents, generic patch tools, distributed computing applications and so on. Indicate that the overall development trends of internet worm are: more intelligent, more concealment. |
PDF Full Text Request