| In recent years, the large-scale Internet network threats, such as network worms and botnets (Botnet), deeply affect normal activities. In order to deal with these threats, some data centers have been established to collect large-scale collection security logs from different networks and made them available among researchers.However, sharing security logs also introduces many challenges. To protect the privacy of log providers, it needs to anonymize sensitive information in those data.This thesis proposes a random trace-back method to trace the worm propagation based on the anonymous addresses in alert sets. After randomly select an alert during the worm propagating, we try to reconstruct the worm propagation network according to temporal relation. Then we locate the most possible source of the worm anonymous proportion, we design some experiment to validate the proposed method. We also conduct a simulation program to verify the proposed method. The experiment results show that the method cans effective trace the worm propagation when some addresses are anonymously. |
PDF Full Text Request