| With the explosive growth of network applications and complexity, the threat of Internet worms against network security becomes increasingly serious. Especially under the environment of Internet, the variety of the propagation ways and the complexity of the application environment result in worm with much higher frequency of outbreak, much deeper latency and much wider coverage, and Internet worms have been a primary issue faced by malicious code researchers. What's more, research on worm detection is the core.In this paper, definition of worms, exploration function component and execution mechanism are first presented. We show how severe Internet worms intrusion result in the loss using number in order to illuminate the necessity of worm research. Then we discuss research situation of Internet worms, propose the importance of research on worm detection. Some critical techniques of Internet worm prevention are given. Meanwhile we analyze the advantage and disadvantage of these methods in order to find how to improve the capability of worm detection system. On the base of techniques and methods of IDS, we propose a model about worm detection system using anomaly detection and explain the every module of this model in detail.We design the model to protect a local network by detecting anomaly data transfers. On one hand, it is responsible for detecting anomaly data from inside to outside and finding the worm in the local network as soon as possible to avoid worm spread further more. On the other hand, it is in charge of detecting anomaly data from outside to inside for preventing the local network from outside worm intrusion. What's more, this system can detect both known worms and unknown worms. |
PDF Full Text Request