共查询到20条相似文献,搜索用时 15 毫秒
1.
Although the frequency of Intemet worm's outbreak is decreased during the past ten years,the impact of worm on people's privacy security and enterprise's efficiency is still a severe problem,especially the emergence of botnet.It is urgent to do more research about worm's propagation model and security defense.The well-known worm models,such as simple epidemic model (SEM) and two-factor model (TFM),take all the computers on the internet as the same,which is not accurate because of the existence of network address translation (NAT).In this paper,we first analyze the worm's functional structure,and then we propose a three layer worm model named three layres worm model (TLWM),which is an extension of SEM and TFM under NAT environment.We model the TLWM by using deterministic method as it is used in the TFM.The simulation results show that the number of NAT used on the Intemet has effects on worm propagation,and the more the NAT used,the slower the worm spreads.So,the extensive use of NAT on the Internet can restrain the worm spread to some extent. 相似文献
2.
Tian-Yun Huang 《中国电子科技》2008,6(1):32-38
Internet worm is harmful to network security,and it has become a research hotspot in recent years.A thorough survey on the propagation models and defense techniques of Internet worm is made in this paper.We first give its strict definition and discuss the working mechanism.We then analyze and compare some repre-sentative worm propagation models proposed in recent years,such as K-M model,two-factor model,worm-anti-worm model(WAW),firewall-based model,quarantine-based model and hybrid benign worm-based model,etc.Some typical defense techniques such as virtual honeypot,active worm prevention and agent-oriented worm defense,etc.,are also discussed.The future direction of the worm defense system is pointed out. 相似文献
3.
Nowadays, the main communication object of Internet is human-human. But it is foreseeable that in the near future any object will have a unique identification and can be addressed and connected. The Internet will expand to the Internet of Things. IPv6 is the cornerstone of the Internet of Things. In this paper, we investigate a fast active worm, referred to as topological worm, which can propagate twice to more than three times faster than a traditional scan-based worm. Topological worm spreads over AS-level network topology, making traditional epidemic models invalid for modeling the propagation of it. For this reason, we study topological worm propagation relying on simulations. First, we propose a new complex weighted network model, which represents the real IPv6 AS-level network topology. And then, a new worm propagation model based on the weighted network model is constructed, which describes the topological worm propagation over AS-level network topology. The simulation results verify the topological worm model and demonstrate the effect of parameters on the propagation. 相似文献
4.
随着Internet的迅速发展,网络蠕虫已严重威胁着网络信息安全。现有的网络蠕虫传播模型仅仅考虑了网络蠕虫传播的初始阶段和达到稳定状态时的网络特性.不能刻画网络蠕虫快速传播阶段的网络特性。文章运用系统动力学的理论和方法.建立一种基于潜伏期的网络蠕虫传播模型,能够从定性和定量两方面分析和预测网络蠕虫传播趋势。模拟结果表明网络蠕虫潜伏期与免疫措施强度是影响网络蠕虫传播过程的重要因素。 相似文献
5.
Internet worm infection continues to be one of top security threats and has been widely used by botnets to recruit newbots. In order to defend against future worms, it is important to understand how worms propagate and how different scanning strategies affect worm propagation dynamics. In our study, we present a (stochastic) continuous-time Markov chain model for characterizing the propagation of Internet worms. The model is developed for uniform scanning worms, and further for local preference scanning worms and flash worms. Specifically, for uniform and local preference scanning worms, we are able to (1) provide a precise condition that determines whether the worm spread would eventually stop and (2) obtain the distribution of the total number of infected hosts. By using the same modeling approach, we reveal the underlying similarity and relationship between uniform scanning and local preference scanning worms. Finally, we validate the model by simulating the propagation of worms. 相似文献
6.
7.
随着社交网络的普及,社交蠕虫已经成为了威胁社会的主要隐患之一.这类蠕虫基于拓扑信息和社会工程学在因特网中快速传播.先前的学者们对社交蠕虫的传播建模与分析主要存在两个问题:网络拓扑的不完整性和传播建模的片面性;因而导致对社交蠕虫感染规模的低估和人类行为的单一化建模.为了解决上述问题,本文提出了社交蠕虫传播仿真模型,该模型使用分层网络能更准确地抽象社交逻辑层与实际物理层之间的关系,以及利用人类移动的时间特性能更全面地刻画社交蠕虫的传播行为.实验结果表明,该仿真模型揭示了用户行为、网络拓扑参数以及不同的修复过程对社交蠕虫传播造成的影响.同时,文中对社交蠕虫的传播能力做出了定性分析,为网络防御提供了重要的理论支持. 相似文献
8.
Detecting Internet worms at early stage 总被引:4,自引:0,他引:4
Managing the security of enterprise networks has emerged to be a critical problem in the era of Internet economy. Arising as a leading threat, worms repetitively caused enormous damage to the Internet community during the past years. A new security service that monitors the ongoing worm activities on the Internet will greatly contribute to the security management of modern enterprise networks. This paper proposes an Internet-worm early warning system that automatically detects concerted scan activities and derives possible signatures of worm attacks. Its goal is to issue warning at the early stage of worm propagation and to provide necessary information for security analysts to control the damage. It reduces false positives by filtering out false scan sources. The system is locally deployable or can be codeployed amongst a group of enterprise networks. We provide both analytical and simulation studies on the responsiveness of this early warning system. 相似文献
9.
In recent years, fast spreading worm has become one of the major threats to the security of the Internet and has an increasingly fierce tendency.In view of the insufficiency that based on Kalman filter worm detection algorithm is sensitive to interval, this article presents a new data collection plan and an improved worm early detection method which has some deferent intervals according to the epidemic worm propagation model, then proposes a worm response mechanism for slowing the wide and fast worm propagation effectively.Simulation results show that our methods are able to detect worms accurately and early. 相似文献
10.
11.
The monitoring and early detection of Internet worms 总被引:5,自引:0,他引:5
After many Internet-scale worm incidents in recent years, it is clear that a simple self-propagating worm can quickly spread across the Internet and cause severe damage to our society. Facing this great security threat, we need to build an early detection system that can detect the presence of a worm in the Internet as quickly as possible in order to give people accurate early warning information and possible reaction time for counteractions. This paper first presents an Internet worm monitoring system. Then, based on the idea of "detecting the trend, not the burst" of monitored illegitimate traffic, we present a "trend detection" methodology to detect a worm at its early propagation stage by using Kalman filter estimation, which is robust to background noise in the monitored data. In addition, for uniform-scan worms such as Code Red, we can effectively predict the overall vulnerable population size, and estimate accurately how many computers are really infected in the global Internet based on the biased monitored data. For monitoring a nonuniform scan worm, especially a sequential-scan worm such as Blaster, we show that it is crucial for the address space covered by the worm monitoring system to be as distributed as possible. 相似文献
12.
Peer-to-peer (P2P) networking technology has gained popularity as an efficient mechanism for users to obtain free services without the need for centralized servers. Protecting these networks from intruders and attackers is a real challenge. One of the constant threats on P2P networks is the propagation of active worms. Recent events show that active worms can spread automatically and flood the Internet in a very short period of time. Therefore, P2P systems can be a potential vehicle for active worms to achieve fast worm propagation in the Internet. Nowadays, BitTorrent is becoming more and more popular, mainly due its fair load distribution mechanism. Unfortunately, BitTorrent is particularly vulnerable to topology aware active worms. In this paper we analyze the impact of a new worm propagation threat on BitTorrent. We identify the BitTorrent vulnerabilities it exploits, the characteristics that accelerate and decelerate its propagation, and develop a mathematical model of their propagation. We also provide numerical analysis results. This will help the design of efficient detection and containment systems. 相似文献
13.
14.
15.
The security threat posed by worms has steadily increased in recent years. This paper discusses the application of the optimal and sub‐optimal Internet worm control via Pontryagin's maximum principle. To this end, a control variable representing the optimal treatment strategy for infectious hosts is introduced into the two‐factor worm model. The numerical optimal control laws are implemented by the multiple shooting method and the sub‐optimal solution is computed using genetic algorithms. Simulation results demonstrate the effectiveness of the proposed optimal and sub‐optimal strategies. It also provides a theoretical interpretation of the practical experience that the maximum implementation of treatment in the early stage is critically important in controlling outbreaks of Internet worms. Furthermore, our results show that the proposed sub‐optimal control can lead to performance close to the optimal control, but with much simpler strategies for long periods of time in practical use. 相似文献
16.
合理地建立蠕虫传播模型将有助于更准确地分析蠕虫在网络中的传播过程。首先通过对分层的异构网络环境进行抽象,在感染时间将影响到蠕虫传播速度的前提下使用时间离散的确定性建模分析方法,推导出面向异构网络环境的蠕虫传播模型Enhanced-AAWP。进而基于Enhanced-AAWP模型分别对本地优先扫描蠕虫和随机扫描蠕虫进行深入分析。模拟结果表明,NAT子网的数量、脆弱性主机在NAT子网内的密度以及本地优先扫描概率等因素都将对蠕虫在异构网络环境中的传播过程产生重要的影响。 相似文献
17.
蠕虫有限繁殖技术在分布式计算应用和对抗蠕虫研究中具有重要的意义。文章在分析现有的有限繁殖算法研究基础上,提出集中受控式蠕虫有限繁殖算法,建立蠕虫有限繁殖的数学模型,并通过基于无尺度网络模型的蠕虫繁殖仿真验证了算法的正确性,最后进行了算法的性能比较。该算法提高了蠕虫有限繁殖的准确性,减小了蠕虫有限繁殖对网络的影响。 相似文献
18.
Qi Jing Athanasios V. Vasilakos Jiafu Wan Jingwei Lu Dechao Qiu 《Wireless Networks》2014,20(8):2481-2501
Internet of Things (IoT) is playing a more and more important role after its showing up, it covers from traditional equipment to general household objects such as WSNs and RFID. With the great potential of IoT, there come all kinds of challenges. This paper focuses on the security problems among all other challenges. As IoT is built on the basis of the Internet, security problems of the Internet will also show up in IoT. And as IoT contains three layers: perception layer, transportation layer and application layer, this paper will analyze the security problems of each layer separately and try to find new problems and solutions. This paper also analyzes the cross-layer heterogeneous integration issues and security issues in detail and discusses the security issues of IoT as a whole and tries to find solutions to them. In the end, this paper compares security issues between IoT and traditional network, and discusses opening security issues of IoT. 相似文献
19.
IPv6的安全机制及其对现有网络安全体系的影响 总被引:20,自引:1,他引:19
IPv6不但解决了当今IP地址匮乏的问题,并且由于它引入了加密和认证机制,实现了基于网络层的身份认证,确保了数据包的完整性和机密性,因此,可以说IPv6实现了网络层安全。但是,这种安全不是绝对的。并且由于IPv6的安全机制,给当前的网络安全体系带来了新的挑战,致使许多在现有的网络中对保护网络安全中起着重要作用的工具受到巨大的冲击,急需安全专家进一步研究和积累经验,尽快找出合适的解决方法。 相似文献
20.
网络安全协议(IPSec)和网络地址转换(NAT)是当前的热点技术,在因特网上都得到广泛应用,但两者在协议设计时存在的兼容性问题成为阻碍这两种技术得到进一步应用的关键问题。本文分别介绍了NAT和IPSec两种协议的基本原理,并对两者存在的不兼容性进行了详细的分析,最后给出了利用UDP封装ESP数据包的解决方案。 相似文献