| Internet worms spread very quickly, cause huge economic losses and are aserious and growing threat to network security. In recent years, the variety ofpropagation ways and the complexity of application environment cause internetworms have much higher frequency of outbreak, much deeper latency and much widercoverage, and there are more challenges on confronting internet worms.In order to defend against internet worms, various measures have been presented.However, most of measures based on anti-virus technology, intrusion detectiontechnology or firewall technology have trouble confronting internet worms. Based onthe philosophy of fighting fire with fire, there is the approach of confronting wormswith anti-worms in the network. Anti-worms spawn exactly as internet worms do. Fornow, there are two main kinds of anti-worms: the active anti-worm and the passiveanti-worm. The active anti-worm has the advantage of countering an internet wormattack very quickly. However, it involves a lot of scanning, and incurs large amounttraffic across the network which leads to undesirable congestion. On the other hand,the passive anti-worm minimizes extra network traffic but often has difficulty incountering against internet worms. The divide-and-rule hybrid anti-worm can avoidthe additional traffic generated by the anti-worms in the final stage of anti-wormscountering against worms. However, as the transformation mechanism is based on atimer, it is static and does not observe the actual situation in the network. In responseto this situation, the internet worm and the anti-worm were studied in this paper. Themain research contents include:The basic knowledge of internet worm and anti-worm was analyzed in detail.Some classic propagation models of internet worm were discussed. The real-timehybrid anti-worm was presented and then was classified into three subtypes: patchingtype, predator type and composition type. For three subtypes of real-time hybridanti-worm, their processes of countering internet worms were modeled under thecircumstance of time delay and no time delay. Through simulation, the functions ofthree subtypes of real-time hybrid anti-worm were compared. Finally, theperformances of composition real-time hybrid anti-worm on three factors wereestimated, which are its confronting validity against internet worms, its consumptionof network resources and its adaptability to network, and the time delay of composition real-time hybrid anti-worm was analyzed. The simulation experimentsshow that, the composition real-time hybrid anti-worm is the most effective approachfor confronting the propagation of internet worms under the same condition, and it hasdynamical adaptability and can reduce network resource consumption whilecountering worms effectively. The experiments also indicate that, for compositionreal-time hybrid anti-worm, the sooner for introduction, the better for the control ofinternet worms. |
PDF Full Text Request