Benign Worms P2p Worm Defense Mechanism And Its Simulation Analysis Study

With the popularity of network applications, Internet worm has been one of the greatest threats of network security and the study of worms becomes one of the most emergent and popular research theme of Internet security research. As a new emergency of vicious worm, P2P worm is the variation of Internet worm in P2P network and the impact and damage of which will be far better than the existing traditional Internet worm if large-scale outbreak in recent years. Meanwhile, the deferences of propagation network environment between Internet worm and P2P worm has made trational defend mechanism can not defend effectively against P2P worm attacks,and thus can not achieve the desired results.In this paper, through analysis of characteristics of traditional Internet worm and the topolopy characteristics of P2P network. The main contents are given as the follows:Firstly, through analysis of characteristics of P2P worm, the analysis of the working mechanism and characteristics as well as the defense status of P2P worms are given as well.Secondly, according to the non-scanning and unstructured characteristics of P2P worm, a defense strategy which is the Hybrid Confront Policy Based on Friendly Worm of Trace Label (HCPBFWTL) is proposed: Proactive confronting policy based on friendly worm of trace label is brought out in the early period of P2P worm outbreak, which both defend the propagation of P2P worm effectively and reduce the consumption of network resource at the same time; Passive counterattack confronting policy based on friendly worm is carried out in the later period of P2P worm outbreak,which stops its continuing attacks on P2P network. Then through constructing a confronting model of friendly worm, this defense technology is analyzed.At last, a defensive model for proactive and unstructured worms based on HCPBFWTL is proposed, and a more detailed simulation and analysis of this model is given. The experimental results show that HCPBFWTL policy has the feature of which can both defend the propagation of P2P worm effectively and reduce the consumption of network resource at the same time, so HCPBFWTL policy has achieved the design goal which has the features of less consumption of resource and good adaptability and more effectively defenses.