Research And Implementation Of Computer Worm Detection Technology For LAN

With the fast development of network applications, the network security is threatened seriously. The population of malicious code, especially, poses an essential part of these threat sources. Of all the malicious codes, computer worm is capable of self-propagating without human intervention, which means more serious underlying disaster. The threat of computer worms against network security becomes increasingly serious. Therefore, how to detect from the network computer worm has been a much crucial research area of network security maintenance.This paper first reviews the development of computer worm and the damage caused by it, and then does a further study about it from following aspects:the definition of computer worm, its relationship with malicious code, the classification of worm, functional structure, working mechanism, behavior characteristics and means of attack, and so on.This paper makes an in-depth research about the computer worm detection technology andaa divides it into known worm detection technology and unknown worm detection technology. In the field of known worm detection technology, the author makes a systemic analysis of the feature matching worm detection method based on protocol analysis. The method adopts the protocol analysis technology and the regularity of TCP/IP protocol to analyze packets, so it can reduce the amount of calculation in the process of worm matching characteristic and improve detection rate.As far as unknown worm detection technology concerned, this paper discusses the worm detection algorithm of Bayesian based on probability and designs the lightweight worm detection method based on the honeypot technology. The former detects worm through Bayesian method which could judge whether failed linking probability exceeding worm detection threshold value in per unit time. The latter takes full advantage of honeypot trapping worm attack capacity, and only a small amount of Intranet traffic could detecting the worm.On the base of computer worm detection technology, this paper proposes a hybrid computer worm detection model focusing on the local network, and based on which the author builds a worm detection system, makes design and implementation of the key module. This paper builds an actual test environment under the real laboratory network environment and tests the function of worm detection system according to the test scheme. The test results verified the correctness and availability of the system.The worm detection system designed in this paper is featured of flexibility of arrangement and good expansibility. It not only can reduce the computer worm's impact of the internal network bandwidth, but also can curb the spread of computer worm from the source effectively. The existing problems were analyzed, and future work was proposed as well.