Research Of Propagation Characteristics And Containment Strategy Of APT Malware

With the wide popularization and application, the diversified transmission way under the network environment and the complex application condition have provided the propagation of malware a great convenience, which threaten the security of the network system and hosts on the net enormously. It is an age of malware and antivirus' strategy game with each other presenting a tradeoff. The "Advanced Persistent Threat" (APT) is familiar with public gradually for its elusive characteristic and transmission capacity nowadays. The APT, which threatens the data security of the enterprises and governments, is the network attack and onslaught aimed to the clients by stealing core information for hackers.Through the study of APT malware, people find that APT is a complex and multidimensional network attack to the particular group. APT can make use of various means of attack, including all kinds of most advanced attacking techniques and social engineering methods, to get the permission to the internal organization. APT malware has highly latent and targeted characteristic as well as low speed transmission and so on. Accordingly, this thesis established APT malware propagation model (APT Double-Infection model).Because APT malware may be found during the long-term latent process, this thesis introduced the intrusion detection system and presented the isolation and suppression strategy to restrain the propagation of malware more effectively. Depending on the APT double infection propagation model, this thesis used the isolation strategy based on the hybrid intrusion detection system to establish the APT solation and suppression model. After that this thesis analyzed and compared the stability of these two models and proved the effectiveness of the isolation and suppression strategy.Furthermore, numerical simulation experiments were carried out in this thesis, and the results showed that the stable condition and isolation and suppression strategy of these two models can restrain the propagation of malware more effectively, which was consistent with the theoretical derivation.In the end, this thesis implemented the discrete time simulation of two worm propagation models and compared the simulation curve with the numerical curve. The two curves were virtually identical, which verified the correctness of the theoretical analysis and numerical simulation.