| With the development of computer technologies and applications of the Internet, malicious codes, such as virus and network worms, have become a common problem for all computer users. Network worms can not only exhaust system resources of infected hosts and damage them, but also occupy network bandwidth and thus jam network, even disrupt whole network. Because of the huge damage of network worm epidemics, how to detect and response network worms has become an important task in computer network security field.Firstly, the appearance and development of computer virus and network worms were reviewed in this thesis, followed by the definition of network worm. The state of arts of intrusion detection and worm detection was described.Secondly, after analyzing the mechanism of network worms, two network worm detection methods were proposed: 1) Bayesian-based network worm detection method, which considered the failed connection probability as detection index. When the failed connection probability is larger than worm threshold, the host is regard as an infected host. Otherwise the probability will be used in next computation as earlier probability. This method keeps down the empress of history network behavior. 2) Entropy-based network worm detection method, which considered the distribution of destination IP addresses in connections as detection index. When the entropy of destination IP addresses is larger than worm detection threshold, the host will be regard as an infected host. The two methods were validated by experiments and the results showed the effectiveness.Thirdly, based on the above researches, a network worm detection system was designed and implemented. The system includes three components: network worm detection component, monitor and management component, and database. The system provided the function of real-time alarming, as well as modification of detection policies and query of alarm records for network administrator and other users.Finally, the research work was summarized and the existing problem was analyzed. The future works were proposed also. |
PDF Full Text Request