Research On Virus Characteristic Code Based On Active Defense Mode

Worm virus is a virulent virus spreading through the network. Since the emergence of the first cases of worms, worms harm is growing in the global Internet. Therefore, Worm detection technology has become one of the most important topic researches by networkers.The key problems to defend the worm virus are how to detect the unknown worm and how to reduce the harm caused by the worm. This paper mainly did some research on the worm characteristic code detection technology through the data trick capture mechanism of the honeypot technology. Besides, the worm characteristic code detection technology based on the active defense mode is proposed, and the efficient Wu-Manber algorithm is applied to the worm virus characteristic code detection module.Firstly, the relevant technology of the worm characteristic code extraction has been analysised in this paper, from the researches of the worm defense technology and active defense technology. Besides, it also did some research on the current popular network trap technology, and the design scheme of worm signature detection system is also proposed, which is based on the active defense ideas. Secondly, some disadvantages about the algorithm of the current worm characteristic code detection after the full study has been proposed in this paper, for example, if the length of characteristic code's strings is more than 5000, the detection delay time will continue to rise. So the efficiency of the worm detection will be affected seriously.The Wu-Manber algorithm is applied to the characteristic code detection module, therefore, it can solve the problem that a large number of repeated strings appear in the end of the pattern string in the process of the network data transmission, so it will result in the module based on BM algorithm inefficient. Then, there are two experimental tests on the characteristic code module based on Wu-Manber algorithm and BM algorithm respectively, the results show that the detection efficiency are increased with the improved algorithm.Finally, the function of the active defense system is tested from the perspective of software testing, and this system has achieved effective and expected results from the specific experiment data. Besides, some solutions corresponding to the disadvantages are proposed in this paper.