Research And Implementation Of Computer Network Worm Defense Testing Technology

With the explosive growth of network applications and complexity, the threat of Internet worms against network security becomes increasingly serious. Especially under the environment of Internet, the variety of the propagation ways and the complexity of the application environment result in worm with much higher frequency of outbreak, much deeper latency and more wider coverage, and network worms have been a primary issue faced by malicious code researchers. In resent years, the governments of domestic and overseas all worked hard on the subjects of network worms and the corresponding anti-worm technique. But now most research about worms focus on the abstract theory of worm, litter research focus on the worm's detail technique, and the anti-worm technique was also covered by many anti-virus companies, these led to the result that many users don't evaluate the anti-virus software efficiency correctly. So this paper focuses on the detail technique of worm and anti-worm based on the attitude without fear or favor.In chapter 1, this paper introduced the meaning and importance of this subject. In chapter 2, this paper introduced the worm definition, classification, difference with computer virus and so on, made analysis of some typical worms which broke out at different time. Based on the analysis, the paper anticipated the worms' development trends.In chapter 3, this paper introduced the present situation and the development trends of software bugs, then analyzed the relationship with worms. After analyzing one server-model which had buffer overflow defect, the paper brought up a network worm model based on remote buffer overflow technique, then accomplished the probe module, attack module, transport module and extend module. Especially focus on the ShellCode programming of attack module. At last, the paper did some useful research on how to use worm in military affairs, attacking criminals and so on.In chapter 4, the paper analyzed the explosive growth model, then introduced the defense and detection against worms based on network. This referenced to the using router access lists, firewall protection, Network-Intrusion detection systems, honeypot systems, black hole monitoring, counterattacks and so on.In chapter 5, this paper presented the situation which the anti-worm technique was always after the worms' breaking out, then introduced the necessary of proactive defendse.Then the paper introduced some technique and content about real-time processes monitor system, analyzed the processes' hidden technique(especially the Rootkit technique), designed and accomplished the processes real-time monitor system in order to monitor the processes' birth, processes listing and calling functions refer to the processes.