| With the development of the Internet technology, the Internet has become an indispensable basic communication tool for studying, working and daily life. The security issues increasingly attracted considerable interests. Internet worm attacks, as a typical attack method of the Internet, with a wide range of attacks and difficult to remove, recently drew a high degree of attention.This article first introduces the basic concepts of network worms, and to present the significance of the research. Then a detailed analysis and summary of the latest achievements of the research on the Internet worm was carried out on several aspects, including worm propagation modeling, software simulation and detection technology. Next, the basic concepts and principles of the information entropy and algorithm entropy in information theory were introduced. As the results of analysis and research on the application of these two tools for network anomaly detection, this research points out the deficiency of existing studies.Based on the study and research of the basic knowledge, this article focuses on the information entropy-based worm detection algorithm. First, we analyzed the feasibility of applying information entropy in the detection of network worms and conducted related tests. Then we study the effects on the network packets with different characteristic values which was caused by the behaviors of worm propagation, and the change of entropy to select several important parameters. Thus two different worm detection methods were designed: the joint information entropy approach and the entropy vector space distance approach. Also their detection principles were described in detail. In order to eliminate the pre-deployment training phase, our detection algorithm uses forecasting methods to establish a set of adaptive detection mechanism, and gives the flow chart of this detection algorithm. Finally, this dissertation gives a detailed comparison and description between our new algorithm and existing algorithms.In order to verify the validity of the algorithm, this paper designed an experimental methods to apply the algorithm through the existing network worm propagation data to verify its effectiveness. The result of experiments shows that our adaptive worm detection algorithm can effectively detect the spread of network worms, and has a low false alarm rate and omission rate. Meanwhile, the adaptive algorithm can be easily applied into different networks for rapid deployment. Finally, we present a summary of the study of the paper, and provide a few suggestions for improvement for further research. |
PDF Full Text Request