| With the development of the Internet and its increasing in complexity, Internet worms brought a lot of disasters to the network due to its high transmission speed and diversified modes of transmission through the world. Compared with the traditional host-virus, Internet worms have stronger ability to reproduce and destroying. Therefore, it is of very great significance to effectively model the Internet worms and research on the early warning mechanism. It is necessary for us to learn about the structure of Internet worms, its scanning strategy and its attack methods to guard against the spread with prerequisite.One of the characteristics of the Internet is open so that there is no perfect prediction mechanism to ensure that the Internet nodes are safe from an unknown Internet worms attacks. The traditional stand-alone virus prevention technology is not usable towards Internet worms on early warning. Therefore, the design of a distributed-based firewalls and intrusion detection system is necessary. Internet worms early warning system give out the early warning, while we can analyze the suspicious TCP traffic from the network, and give out the similarity analysis of suspicious traffic to predict the early warning of the unknown worms. Test results show that the system is able to pre-alarm the unknown network worms.First of all, this paper re-examined the existing definitions of Internet worms. It gave out a relatively strict definition of the worms. This paper analysed the details of an Internet worms propagation model, described every model of mathematical modeling. The graphical simulation experiments showed the worms spread speed under different models for each network.Secondly, in this paper, we did a research on a detailed analysis of the existing defense network worms' detection technology, and pointed out a clear conclusion from abnormal network behavior to analyze Internet worms' detection. We innovatively used the proposed PPM compression algorithms to predict and detect network worms. And we proposed the framework of PPM model to test. We proposed under the interference in the network worms, how to use PPM to carry out an Internet event sorting and filtering.At last, we used a network-based firewall to build the worms control system for detecting the subnet network environment of network worms' transmission, and put forward the model to reduce the various sub-networks of interaction between the worms' infections. At the same time we proposed a distributed intrusion detection system for the defense of Internet worms. We put the distributed firewall and intrusion detection systems combined, which greatly increased the probability of detecting network worms.The paper was derived from a part of the project of Huawei Co.'s, which is commissioned by the National Development and Reform Commission, "The integrated management of the information security uner wireless mobile environment."... |
PDF Full Text Request