| With the extensive use of the Internet, network security issues become increasingly prominent. With the powerful ability to replicate and continue to spread, the worm gives enormous pressure on the network. Hosts which were attacked were vulnerable (0-day vulnerability) or persistent un-patched. The un-uniform distribution of the persistent un-patched hosts or the hosts which have the0-day vulnerability leads to a wave of24hour cycle, which is called the diurnal pattern.By establishing the analyzing system, the Conficker dataset which is got by the Telescope (CAIDA UCSD (University of California’s San Diego) NETWORK TELESCOPE) of the CADIA (The Cooperative Association for Internet Data Analysis) is analyzed in this thesis to validate the existence of the diurnal pattern in the worm propagation. Based on the practical data got from the dataset, a diurnal forced model is presented in this thesis.This thesis first describes the characteristics of Internet worms and presents details of the Conficker. Then the Conficker dataset and the principles of the analysis are introduced and under the guidance of the principles the design of the analyzing system of Conficker is presented. By the analysis of results which were got from the analyzing system, this thesis validates the existence of diurnal pattern in worm propagation. Based on the model of infectious diseases and worms, the thesis presents a simple diurnal forced model and an improved model, which considers the results of the analysis of the dataset. Finally, the numerical curves and simulation curves are got from the two models and compared with the practical data. The results of comparison show that the improve model is better to describe the worm propagation. |
PDF Full Text Request