大规模蠕虫在线追踪培养皿

提出了一个用于反向追踪大规模网络蠕虫传播的虚拟实验环境，能够用于网络蠕虫检测和防御实验。实验环境使用虚拟机技术，虚拟大量主机和网络设备参加，尽量符合网络实际。在可控的范围内，使用真实的感染代码引发大规模蠕虫的爆发，观测蠕虫的传播过程。实验环境中可以发现蠕虫的传播特性，实时收集网络蠕虫的流量数据和感染过程。

Online tracing Petri dish of large scale worm

Breaking out of network worms brings a tremendous damage to the Internet. Launch the worm defense and response can improve network anti-strike capability. Tracing worm propagation path after its outbreak can reconstruct not only the earliest infected nodes but also the timing order of victims been infected. For the detection and defense of large scale Internet worm outbreaks, a convenient and safety experimental environment that capable of running real worm become an important work to observe large scale worm infection, intrusion and propagation, it can be a large scale worm testbed for forensic evidence. This paper presents a large-scale worm propagation experiments environment for tracing algorithm, which is an isolation environment that can run related experiments. To conform as much as really to the actual network, the experimental environment use virtual machine technology, simulate a large number of hosts and network equipments attend. According to the actual worm, this environment can trigger large-scale worm outbreaks within the controllable scope of human, observe propagation process of the worm, experiment detection and defense techniques, discover worm propagation characteristic such as scanning method and propagation process, real-time collect network traffic and propagation process, investigate network traffic, launch speculate algorithm for reconstructing out patient zero and propagation path of the worm. Then actual worm propagation process can be captured and compared with the results using tracing algorithm.