Research On Containment Strategy Based On DDoS Malware

With the rapid development of the Internet,the human society has come into the information age which followed by more and more serious network security issues.In recent years,incidents of security increased year by year.Especially,the massive spread of the malware has caused a great loss whether to the country or the individual.Among the many malware security problems,the DDoS malware is undoubtedly one of the most important security threats to the Internet.Therefore,it's really an urgent problem that how to build a proper model to describe the propagation of DDoS malware.By studying the DDoS malware,it's found that DDoS malware possess the characteristic of latent,damaged,automation and remote.It's difficult to estimate the damage and economic loss when the DDoS malware outbreak because the DDoS malware can spread in large-scale through vulnerabilities.This dissertation constructs a model named SIRV in order to describe the propagation of DDoS malware.Besides,the stability of the disease-free equilibrium and the disease equilibrium point of the model is analyzed.In order to constrain the propagation of the DDoS malware,the paper proposed a complete containment strategy based on the model of SIRV.The isolation strategy is based on hybrid intrusion detection system.And the paper establish a complete system with the technology of detection,isolation,kill and immunization.A large time window may lead to time delay because the detection system improve the detection rate by setting a large time window among the hybrid intrusion detection system.So,the paper build a model named SIRDQV which has time delay.Besides,the stability of SIRDQV model and the Hopf bifurcation is analyzed.Then,there is a critical delay value ?0 in the SIRDQV model through theoretical analysis.The malware propagation system is stable when time delay is less than ?0.The containment strategy is effective at this moment.Otherwise,Hopf bifurcation appears and the system is unstable when time delay is equal to or more than ?0.The propagation of DDoS malware is out of control.Furthermore,the containment strategy is losing its effect.Therefore,it's necessary to set a little time window of IDS in order to constrain the propagation of malware of DDoS-type.Finally,the paper gives out the numerical curves and simulation curves corresponding to the SIRV model and SIRDQV model.The experimental results prove the validity of the proposed suppression strategy and verify the existence of the critical delay value ?0.Through the comparison of numerical curve and simulation curve,the two curves can be well fitted,and also prove the correctness of theoretical analysis.