| With the explosive growth of Internet, network security has become increasingly serious with yearly growing security events. Among the malicious codes, Internet worms, represented by Flame, which attack national strategic infrastructure, have become complicated and intelligent. Traditional worm propagation model doesn’t work for the kind of intelligent worm. How to constrain the propagation of the kind of Internet worm effectively is an urgent issue confronted by defenders.By studying Flame worm, it’s found that the worm possess the characteristic of high latent and great risk. Flame appears to spread with various ways, including infecting the removable medium with the vulnerability of performing automatically. Due to wide application of removable medium, damage and economic loss caused by an explosion of the worm are unprecedented. According to the characteristics of Flame using removable medium, the dissertation constructs a Flame-type worm propagation model named SIRS, for analyzing and exploring the influence of removable medium.In order to constrain the propagation of the worm, the dissertation proposes a complete containment strategy, establishing the complete system with the corrective inhibition technology of worm detection, isolation, immunization, kill to constrain the propagation of Flame-type worm. On the basis of SIRS, a quarantine strategy is proposed based on a hybrid intrusion detection system (IDS). Among the hybrid IDS, anomaly detection system reduces the rate of false by setting the time window. Time window may lead to time delay. Therefore, the dissertation constructs a SIDQR worm propagation model with time delay and analyzes its stability and Hopf bifurcation. Through theoretical analysis, a delay critical value To of the SIDQR model is existence. When time delay is less than To, the worm propagation system is stable and easy to predict. The infectious hosts and removable medium will be diminished sharply; when it is equal to or more than τ0, Hopf bifurcation appears so that the system is out of control and the containment strategy doesn’t work. Therefore, time window of IDS must be controlled so that time delay is less than To, which ensures that the worm propagation system remains stable. In addition, the dissertation gives out the numerical curves corresponding to two models. The critical value τ0is verified by numerical results which is consistent with theoretical derivation. Finally, the simulations for two models with discrete-time are carried out. The comparative results demonstrate that numerical curves are almost consistent with simulation curves, the correction of theoretical analysis and numerical simulation is also verified. |
PDF Full Text Request