| Worm is always served as one of the most serious threaten of the Network, andresearch on how to detect and clear them from computers and networks is a hot areain the field of network security. Researchers all over the world have proposed lots ofapproaches to detect and clear the worms, and all of these methods have achievedgood results. The proposed benign-worm-anti-worm methods have taken a new pathfor detecting and clearing the worms. Better Results have been achieved by using it tocompete with the worms in the network.This paper designs and implements an industrial universal anti-worm frameworkwith producing benign-worm based on the idea of benign-worm. In order to acceleratethe propagation of the benign worms inside the network, a multi-threaddivide-and-conquer strategy is adopted. In order to improve the transmission speed,the generated benign worms without anti-worm programs are downloaded from theserver in a C/S structure. The frameset is implemented with Python language and runson Linux platform. This frameset can support for detecting and clearing both knownworms and unknown worms. Lastly, we make some tests for the proposed framesetand the benign-worm generated by the frameset. Experimental results show that theproposed frameset is correct, and its generated benign-worm can spread fast in thenetwork and detect and clear worms efficiently.There are mainly three aspects of the proposed frameset for detecting andclearing worms:(1) For known worms, we store the killing program in the killing database, sothat uses only need to choose to kill any kind of worms.(2) For unknown worms, we firstly determine the way the worm stores and runsin the system. Then, users can choose the corresponding killing sub-item inthe frameset. After determining the type of loophole utilized by the worm, the corresponding vulnerability scanning program and vulnerability exploitationprogram are chosen in the vulnerability database.(3) As a frameset, it is extensible. So that users can add the database of itsvulnerability scanning, vulnerability exploitation, vulnerability fixes, wormskilling and killing sub-item.The proposed framework could efficiently detect and clear worms withoutclient-side. It possesses some application value, however, the usage is still complex,and should be improved to be user-friendly. |
PDF Full Text Request