| The diverse propagation way and complex application conditions bring worm eruption in frequency, latency and coverage, therefore the worm definitely is a very serious crisis to the network. The fact shows that, the traditional anti-vims technique can not satisfy network worm preventing and controlling. Constructing the security system in view of the worm attack characteristic is becoming one of the most important research objects.Aiming to improve the Intranet for defensing the worm's attack, this dissertation focuses on the techniques of worm detection and the network isolation. The necessary of combining the network worm dissemination and the construction of Intranet is expatiated. The method that resolves the worm detection in the Intranet using communication features is described. Specifically speaking, the innovative research of this dissertation mainly includes the following several aspects:1. The difference between the worm behavior and ordinary network applications is studied in this dissertation, and the abstract model of typical network is used in data flow analysis of worms in the Intranet. This dissertation analyses the sensitivity and performance of the worm behavior detection under the difference frameworks of the Intranet, and the connection between the Intranet construction and its security.2. The research is suitable for local area network's worm examination algorithm in view of worm's anomalous propagation in network. The recognition of Worm takes the host as the recognition's main body, and traces it by worm infestations. The three risk level is identified at a progressive and vertical form, and the refinement is gradually to increase the accuracy of detection and operation of methods. Compared with the traditional extraction of scanning information, the extraction of the dual scan and the mode of propagation and response is better to have a more accurate reflection of the detail behavior of the worms' spreading. The comparison which is contrast to other algorithms based on worm behavior can enhance the completeness of worm detection. This will enhance both the accuracy of detection and effective response to the worms.3. This part explores the network isolation method in response to the worm in Intranet. The isolation strategy of Intranet based on the characteristics of communications is studied from the features of worm behavior. The simulation experiments verify the effectiveness of network isolation. Simulation experiments are used to verify the validity of network isolation. Experimental results show that the provided response is self-adaptive and open in composition. Since the worm detection and active defense is combined efficiently in this system, it can prevent the outbreak of worm promptly.The test results as well as the simulation experiment of worm response system verify the effectiveness of W-Aegis. The experiments show that the providing system is self-adaptive, and the combination of the worm detection and response can achieve a high detection rate in worm detection, and can prevent worm crisis promptly and effectively. |
PDF Full Text Request