共查询到20条相似文献,搜索用时 203 毫秒
1.
2.
提出一种新的网络蠕虫传播模型,并基于生物免疫原理提出了成熟良性蠕虫、记忆良性蠕虫和疫苗良性蠕虫新概念,建立了新的主机状态转移关系,运用系统动力学理论和方法,建立了一种新的网络蠕虫免疫模型,它能够从定性和定量两方面分析和预测网络蠕虫免疫过程,并能够深入刻画恶性蠕虫和良性蠕虫交互过程中的网络特性,为动态防治网络蠕虫提供了新的理论依据。模拟实验结果表明,引入的三种良性蠕虫是动态防御恶性网络蠕虫传播的重要因素。 相似文献
3.
为了更好地刻画良性蠕虫的传播过程,采用了离散时间模型。在离散时间下,考虑恶性蠕虫和良性蠕虫传播对网络的影响,对混合型良性蠕虫的传播过程进行分析和数学建模,通过仿真验证传播模型,并引入泰勒公式对关键参数进行分析比较。理论分析和仿真实验表明,在混合型良性蠕虫释放时间和网络性能一定的条件下,存在一个临界值使得切换时间最佳,而网络敏感度足够小时,不同的切换时间对感染类主机数量的变化几乎没有影响。 相似文献
4.
周奇 《电脑与微电子技术》2012,(1):3-11,18
使用微分方程来分析蠕虫扩散的情况.以达到描述蠕虫传播规律的目的。提出一种简单而且有效的ASIR模型来描述蠕虫和良性蠕虫的动态交互过程,详细论述ASIR模型的思想和属性.对该模型进行详细的理论分析,通过仿真试验和实际网络数据验证了该模型的有效性。 相似文献
5.
网络蠕虫攻击在各种网络安全威胁因素中位居首位,虽然现今已有一些成熟的入侵检测技术,但不足以应对复杂多变的蠕虫攻击。针对网络中蠕虫存在相互合作的复杂关系,该文提出了在僵尸蜜网的拓扑结构下,采用P2P技术的良性蠕虫对抗合作型蠕虫传播模型,良性蠕虫利用分片传输机制来实现自主、快速的查杀恶意蠕虫,为易感染主机修补漏洞。实验结果证明基于僵尸蜜网的良性蠕虫查杀合作型蠕虫的方法效果良好。 相似文献
6.
7.
研究电子邮件蠕虫传播行为真实仿真问题.电子邮件蠕虫是造成电子邮件垃圾邮件泛滥的最主要的原因之一,使得计算机网络效率急剧下降,系统资源遭到严重破坏.为了能更好的对电子邮件蠕虫行为进行仿真,提出了一种基于用户行为和电子邮件网络拓扑结构相结合的电子邮件蠕虫传播模型方法,通过用户打开和检查邮件的概率来描述电子邮件用户的行为.方法能准确仿真蠕虫在网络拓扑中的传播.仿真结果表明,提出的新的蠕虫传播行为仿真方法能更加有效检测蠕虫传播特性,并对比分析了几组因素对蠕虫传播的影响,对进一步研究蠕虫的防御具有重要的意义. 相似文献
8.
9.
由于良性蠕虫可以主动免疫主机,因此使用良性蠕虫来对抗蠕虫传播正成为一种新的应急响应技术.提出了混合的结构化良性蠕虫,设计了它的工作机制以及部署情况.基于传染病模型原理,用数学模型刻画了混合的结构化良性蠕虫对抗蠕虫的传播过程.最后,对于该模型进行了仿真试验.通过仿真结果,总结了影响混合的结构化良性蠕虫对抗蠕虫传播的四个因素:探针探测和探针的蠕虫检测的响应时间,探针的蠕虫检测率和探测率.混合的结构化良性蠕虫对抗蠕虫的传播模型可以使得人们更好地理解良性蠕虫对抗蠕虫的效果. 相似文献
10.
基于Two-Factor传播模型提出了一种新的QSIRV传播模型,该模型更合理地考虑了被免疫主机的失效性。通过仿真得出,QSIRV模型较Two-Factor模型能够更好地描述蠕虫的传播规律以及传播过程中网络流量和蠕虫流量之间的相互影响,尤其是对免疫后的主机数目变化的仿真更是符合实际情况,同时考虑了已隔离、免疫及被感染主机的数量的影响以及人们对蠕虫传播的警惕性的提高。对QSIRV模型进行了进一步的改进。仿真结果验证,改进后的模型可以更快地遏制蠕虫传播。 相似文献
11.
研究网络安全问题,网络蠕虫是当前网络安全的重要威胁。网络蠕虫传播途径多样化、隐蔽性强、感染速度快等特点。蠕虫模型以简单传染病模型进行传播,无法准确描述网络蠕虫复杂变化特点,网络蠕虫检测正确率比较低。为了提高网络蠕虫检测正确率,提出一种改进的网络蠕虫传播模型。在网络蠕虫传播模型引入动态隔离策略,有效切断网络蠕虫传播途径,采用自适应的动态感染率和恢复率,降低网络蠕虫造成的不利影响。仿真结果表明,相对于经典网络蠕虫传播模型,改进模型有效地加低了网络蠕虫的传播速度,提高网络蠕虫检测正确率和整个网络安全性,为网络蠕虫传播研究提供重要指导。 相似文献
12.
Benign worms have been attracting wide attention in the field of worm research due to the proactive defense against the worm propagation and patch for the susceptible hosts. In this paper, two revised Worm?CAnti-Worm (WAW) models are proposed for cloud-based benign worm countermeasure. These Re-WAW models are based on the law of worm propagation and the two-factor model. One is the cloud-based benign Re-WAW model to achieve effective worm containment. Another is the two-stage Re-WAW propagation model, which uses proactive and passive switching defending strategy based on the ratio of benign worms to malicious worms. This model intends to avoid the network congestion and other potential risks caused by the proactive scan of benign worms. Simulation results show that the cloud-based Re-WAW model significantly improves the worm propagation containment effect. The cloud computing technology enables rapid delivery of massive initial benign worms, and the two stage Re-WAW model gradually clears off the benign worms with the containment of the malicious worms. 相似文献
13.
主动良性蠕虫和混合良性蠕虫的建模与分析 总被引:3,自引:2,他引:3
自从1988年Morris蠕虫爆发以来,网络蠕虫就在不断地威胁着网络的安全.传统防范措施已不再适用于蠕虫的防治,使用良性蠕虫来对抗蠕虫正成为一种新的应急响应技术.良性蠕虫的思想就是将恶意的蠕虫转化成良性的蠕虫,而且该良性蠕虫还可以运用相同的感染机制免疫主机.这种方法可以主动地防御恶意蠕虫并且在没有传统的蠕虫防御框架下仍具有潜在的部署能力.首先,分别将主动良性蠕虫和混合良性蠕虫划分成3个子类;然后,基于两因素模型分别对主动良性蠕虫和混合良性蠕虫的3个子类进行建模,推导了在有延迟以及无延迟的情况下6类良性蠕虫的传播模型;最后,通过仿真实验验证了传播模型.更进一步,基于仿真结果讨论了每种良性蠕虫抑制恶意蠕虫的效果,并且得到如下结论:在相同的感染条件下,复合型的混合良性蠕虫抑制蠕虫传播的效果最好. 相似文献
14.
Contagion蠕虫传播仿真分析 总被引:2,自引:0,他引:2
Contagion 蠕虫利用正常业务流量进行传播,不会引起网络流量异常,具有较高的隐蔽性,逐渐成为网络安全的一个重要潜在威胁.为了能够了解Contagion蠕虫传播特性,需要构建一个合适的仿真模型.已有的仿真模型主要面向主动蠕虫,无法对Contagion蠕虫传播所依赖的业务流量进行动态模拟.因此,提出了一个适用于Contagion蠕虫仿真的Web和P2P业务流量动态仿真模型,并通过选择性抽象,克服了数据包级蠕虫仿真的规模限制瓶颈,在通用网络仿真平台上,实现了一个完整的Contagion蠕虫仿真系统.利用该系统,对Contagion蠕虫传播特性进行了仿真分析.结果显示:该仿真系统能够有效地用于Contagion蠕虫传播分析. 相似文献
15.
一种基于本地网络的蠕虫协同检测方法 总被引:6,自引:0,他引:6
目前已有一些全球化的网络蠕虫监测方法,但这些方法并不能很好地适用于局域网.为此,提出一种使用本地网协同检测蠕虫的方法CWDMLN(coordinated worm detection method based on local nets).CWDMLN注重分析扫描蠕虫在本地网的行为,针对不同的行为特性使用不同的处理方法,如蜜罐诱捕.通过协同这些方法给出预警信息,以揭示蠕虫在本地网络中的活动情况.预警信息的级别反映报警信息可信度的高低.实验结果表明,该方法可以准确、快速地检测出入侵本地网络的扫描蠕虫,其抽取出的蠕虫行为模式可以为协同防御提供未知蠕虫特征.通过规模扩展,能够实施全球网络的蠕虫监控. 相似文献
16.
目前已有一些蠕虫检测系统利用蠕虫传播特性进行检测,误报率高,不能对大范围网络进行检测。为此,首先对蠕虫传播模型进行了分析和优化,提出了新蠕虫分布式传播模型。针对该模型提出了分布式蠕虫检测技术,亦即采用基于规则的检测方法监控网络蠕虫,控制台管理和协调多个检测端的工作。实验结果表明,该方法能够很好地预警蠕虫的传播行为并进行监控和报警,具有高检测率和低误报率。 相似文献
17.
A spatial stochastic model for worm propagation: scale effects 总被引:1,自引:0,他引:1
Markos Avlonitis Emmanouil Magkos Michalis Stefanidakis Vassilis Chrissikopoulos 《Journal in Computer Virology》2007,3(2):87-92
Realistic models for worm propagation in the Internet have become one of the major topics in the academic literature concerning
network security. In this paper, we propose an evolution equation for worm propagation in a very small number of Internet
hosts, hereinafter called a subnet and introduce a generalization of the classical epidemic model by including a second order
spatial term which models subnet interactions. The corresponding gradient coefficient is a measure of the characteristic scale
of interactions and as a result a novel scale approach for understanding the evolution of worm population in different scales,
is considered. Results concerning random scan strategies and local preference scan worms are presented. A comparison of the
proposed model with simulation results is also presented. Based on our model, more efficient monitoring strategies could be
deployed. 相似文献
18.
A number of worms, named P2P (peer-to-peer) passive worms, have recently surfaced, which propagate in P2P file-sharing networks and have posed heavy threats to these networks. In contrast to the majority of Internet worms, it is by exploiting users’ legitimate activities instead of vulnerabilities of networks in which P2P passive worms propagate. This feature evidently slows down their propagation, which results in them not attracting an adequate amount of attention in literature. Meanwhile, this feature visibly increases the difficulty of detecting them, which makes it very possible for them to become epidemic. In this paper, we propose an analytical model for P2P passive worm propagation by adopting epidemiological approaches so as to identify their behaviors and predict the tendency of their propagation accurately. Compared with a few existing models, dynamic characteristics of P2P networks are taken into account. Based on this proposed model, the sufficient condition for the global stability of the worm free equilibrium is derived by applying epidemiological theories. Large scale simulation experiments have validated both the proposed model and the condition. 相似文献
19.
Modeling and Simulation Study of the Propagation and Defense of Internet E-mail Worms 总被引:5,自引:0,他引:5
Zou C.C. Towsley D. Weibo Gong 《Dependable and Secure Computing, IEEE Transactions on》2007,4(2):105-118
As many people rely on e-mail communications for business and everyday life, Internet e-mail worms constitute one of the major security threats for our society. Unlike scanning worms such as Code Red or Slammer, e-mail worms spread over a logical network defined by e-mail address relationships, making traditional epidemic models invalid for modeling the propagation of e-mail worms. In addition, we show that the topological epidemic models presented by M. Boguna, et al. (2000) largely overestimate epidemic spreading speed in topological networks due to their implicit homogeneous mixing assumption. For this reason, we rely on simulations to study e-mail worm propagation in this paper. We present an e-mail worm simulation model that accounts for the behaviors of e-mail users, including e-mail checking time and the probability of opening an e-mail attachment. Our observations of e-mail lists suggest that an Internet e-mail network follows a heavy-tailed distribution in terms of node degrees, and we model it as a power-law network. To study the topological impact, we compare e-mail worm propagation on power-law topology with worm propagation on two other topologies: small-world topology and random-graph topology. The impact of the power-law topology on the spread of e-mail worms is mixed: E-mail worms spread more quickly on a power-law topology than on a small-world topology or a random-graph topology, but immunization defense is more effective on a power-law topology. 相似文献