主动良性蠕虫和混合良性蠕虫的建模与分析

自从1988年Morris蠕虫爆发以来,网络蠕虫就在不断地威胁着网络的安全.传统防范措施已不再适用于蠕虫的防治,使用良性蠕虫来对抗蠕虫正成为一种新的应急响应技术.良性蠕虫的思想就是将恶意的蠕虫转化成良性的蠕虫,而且该良性蠕虫还可以运用相同的感染机制免疫主机.这种方法可以主动地防御恶意蠕虫并且在没有传统的蠕虫防御框架下仍具有潜在的部署能力.首先,分别将主动良性蠕虫和混合良性蠕虫划分成3个子类;然后,基于两因素模型分别对主动良性蠕虫和混合良性蠕虫的3个子类进行建模,推导了在有延迟以及无延迟的情况下6类良性蠕虫的传播模型;最后,通过仿真实验验证了传播模型.更进一步,基于仿真结果讨论了每种良性蠕虫抑制恶意蠕虫的效果,并且得到如下结论:在相同的感染条件下,复合型的混合良性蠕虫抑制蠕虫传播的效果最好.

Modeling and Analysis of Active-Benign Worms and Hybrid-Benign Worms

Since the Morris worm occurred in 1988, worms have threatened the network persistently, the traditional anti-virus technologies no longer scale to deal with the worm threat, and benign worms become a new active countermeasure. The idea of benign worm is to transform a malicious worm into an anti-worm which spreads itself using the same mechanism as the original worm and immunizes a host. This method allows for an active measure to malicious worms that can potentially be deployed with no additional infrastructure in place. First of all, an active-benign worm and a hybrid-benign worm are classified into three sub-types, respectively. Then, three sub-types of the active-benign worm and the hybrid-benign worm are modeled respectively based on the two-factor model, and the models of six types of benign worms are derived under the circumstances of no delay time and of delay time. Finally, the simulation validates the models. Furthermore, the effect of each type containing the spread of worms is discussed based on the results. And there comes the conclusion that a composition-hybrid-benign worm is the most effective approach for containing the propagation of worms under the same infectious condition.