| With the continuous development of Internet, Network Security has now become increasingly highlighted. Internet worms, for its high frequency outbreak, wide involving of the hosts, significant harm, have been thought as the most significant problem of the Internet security issues and aroused extensive concern among researchers.Various Algorithms have been developed to detect the outbreak of Internet worms, including host based detection and network based detection. Internet worm, for its nature pf propagation through networks, bring some distinct attributes to overall network traffic flow. In this paper we develop a new strategy to detect the occurrence of network anomalies, especially Internet worm, using PCA decomposition algorithm. This algorithm can make full use of the overall network flow features to accurately detect and locate the position of worm.In order to effectively control the spread of worms, we propose a hybrid worm control strategy in this paper which is called"Monitor-and-CounterAttack"(MCA). This strategy, which is based on the action of"patching to remove worm"in Internet nowadays, proposes an anti-worm approach using a kind of"patch"instead the old one. While the traditional worm propagation models were founded with their study object confined to the susceptible host groups, we extended our study object to all the hosts connecting to the Internet, including the susceptible host group and the normal host group. Simulation results of this worm propagation model show that our worm control strategy can effectively restrain the Internet worm propagation, providing a new idea on developing counter-worm approaches. |
PDF Full Text Request