共查询到20条相似文献,搜索用时 31 毫秒
1.
合理地建立蠕虫传播模型将有助于更准确地分析蠕虫在网络中的传播过程。首先通过对分层的异构网络环境进行抽象,在感染时间将影响到蠕虫传播速度的前提下使用时间离散的确定性建模分析方法,推导出面向异构网络环境的蠕虫传播模型Enhanced-AAWP。进而基于Enhanced-AAWP模型分别对本地优先扫描蠕虫和随机扫描蠕虫进行深入分析。模拟结果表明,NAT子网的数量、脆弱性主机在NAT子网内的密度以及本地优先扫描概率等因素都将对蠕虫在异构网络环境中的传播过程产生重要的影响。 相似文献
2.
Ting Liu Xiaohong Guan Qinghua Zheng Yu Qu 《IEEE network》2009,23(5):22-29
It is commonly believed that the IPv6 protocol can provide good protection against network worms that try to find victims through random address scanning due to its huge address space. However, we discover that there is serious vulnerability in terms of worm propagation in IPv6 and IPv4-IPv6 dual-stack networks. It is shown in this article that a new worm can collect the IPv6 addresses of all running hosts in a local subnet very quickly, leading to accelerated worm propagation. Similar to modeling the self-replicating behaviors of biological viruses, a Species-Patch model and a discrete-time simulator are developed to study how the dual-stack worm spreads in networks with various topologies. It is shown that the worm could propagate in the IPv6 and IPv4-IPv6 dual-stack networks much faster than in the current IPv4 Internet. Several effective defense strategies focusing on network deployment are proposed. 相似文献
3.
随着Internet的迅速发展,网络蠕虫已严重威胁着网络信息安全。现有的网络蠕虫传播模型仅仅考虑了网络蠕虫传播的初始阶段和达到稳定状态时的网络特性.不能刻画网络蠕虫快速传播阶段的网络特性。文章运用系统动力学的理论和方法.建立一种基于潜伏期的网络蠕虫传播模型,能够从定性和定量两方面分析和预测网络蠕虫传播趋势。模拟结果表明网络蠕虫潜伏期与免疫措施强度是影响网络蠕虫传播过程的重要因素。 相似文献
4.
Peer-to-peer (P2P) networking technology has gained popularity as an efficient mechanism for users to obtain free services without the need for centralized servers. Protecting these networks from intruders and attackers is a real challenge. One of the constant threats on P2P networks is the propagation of active worms. Recent events show that active worms can spread automatically and flood the Internet in a very short period of time. Therefore, P2P systems can be a potential vehicle for active worms to achieve fast worm propagation in the Internet. Nowadays, BitTorrent is becoming more and more popular, mainly due its fair load distribution mechanism. Unfortunately, BitTorrent is particularly vulnerable to topology aware active worms. In this paper we analyze the impact of a new worm propagation threat on BitTorrent. We identify the BitTorrent vulnerabilities it exploits, the characteristics that accelerate and decelerate its propagation, and develop a mathematical model of their propagation. We also provide numerical analysis results. This will help the design of efficient detection and containment systems. 相似文献
5.
6.
The monitoring and early detection of Internet worms 总被引:5,自引:0,他引:5
After many Internet-scale worm incidents in recent years, it is clear that a simple self-propagating worm can quickly spread across the Internet and cause severe damage to our society. Facing this great security threat, we need to build an early detection system that can detect the presence of a worm in the Internet as quickly as possible in order to give people accurate early warning information and possible reaction time for counteractions. This paper first presents an Internet worm monitoring system. Then, based on the idea of "detecting the trend, not the burst" of monitored illegitimate traffic, we present a "trend detection" methodology to detect a worm at its early propagation stage by using Kalman filter estimation, which is robust to background noise in the monitored data. In addition, for uniform-scan worms such as Code Red, we can effectively predict the overall vulnerable population size, and estimate accurately how many computers are really infected in the global Internet based on the biased monitored data. For monitoring a nonuniform scan worm, especially a sequential-scan worm such as Blaster, we show that it is crucial for the address space covered by the worm monitoring system to be as distributed as possible. 相似文献
7.
8.
In the last few years, the growing popularity of mobile devices has made them attractive to virus and worm writers. One communication channel often exploited by mobile malware is the Bluetooth interface. In this paper, we present a detailed analytical model that characterizes the propagation dynamics of Bluetooth worms. Our model captures not only the behavior of the Bluetooth protocol but also the impact of mobility patterns on the Bluetooth worm propagation. Validation experiments against a detailed discrete-event Bluetooth worm simulator reveal that our model predicts the propagation dynamics of Bluetooth worms with high accuracy. We further use our model to efficiently predict the propagation curve of Bluetooth worms in big cities such as Los Angeles. Our model not only sheds light on the propagation dynamics of Bluetooth worms, but also allows to predict spreading curves of Bluetooth worm propagation in large areas without the high computational cost of discrete-event simulation. 相似文献
9.
In recent years, fast spreading worm has become one of the major threats to the security of the Internet and has an increasingly fierce tendency.In view of the insufficiency that based on Kalman filter worm detection algorithm is sensitive to interval, this article presents a new data collection plan and an improved worm early detection method which has some deferent intervals according to the epidemic worm propagation model, then proposes a worm response mechanism for slowing the wide and fast worm propagation effectively.Simulation results show that our methods are able to detect worms accurately and early. 相似文献
10.
Nowadays, the main communication object of Internet is human-human. But it is foreseeable that in the near future any object will have a unique identification and can be addressed and connected. The Internet will expand to the Internet of Things. IPv6 is the cornerstone of the Internet of Things. In this paper, we investigate a fast active worm, referred to as topological worm, which can propagate twice to more than three times faster than a traditional scan-based worm. Topological worm spreads over AS-level network topology, making traditional epidemic models invalid for modeling the propagation of it. For this reason, we study topological worm propagation relying on simulations. First, we propose a new complex weighted network model, which represents the real IPv6 AS-level network topology. And then, a new worm propagation model based on the weighted network model is constructed, which describes the topological worm propagation over AS-level network topology. The simulation results verify the topological worm model and demonstrate the effect of parameters on the propagation. 相似文献
11.
12.
随着社交网络的普及,社交蠕虫已经成为了威胁社会的主要隐患之一.这类蠕虫基于拓扑信息和社会工程学在因特网中快速传播.先前的学者们对社交蠕虫的传播建模与分析主要存在两个问题:网络拓扑的不完整性和传播建模的片面性;因而导致对社交蠕虫感染规模的低估和人类行为的单一化建模.为了解决上述问题,本文提出了社交蠕虫传播仿真模型,该模型使用分层网络能更准确地抽象社交逻辑层与实际物理层之间的关系,以及利用人类移动的时间特性能更全面地刻画社交蠕虫的传播行为.实验结果表明,该仿真模型揭示了用户行为、网络拓扑参数以及不同的修复过程对社交蠕虫传播造成的影响.同时,文中对社交蠕虫的传播能力做出了定性分析,为网络防御提供了重要的理论支持. 相似文献
13.
Recently, there has been a constant barrage of worms over the Internet. Besides threatening network security, these worms create an enormous economic burden in terms of loss of productivity not only for the victim hosts, but also for other hosts, as these worms create unnecessary network traffic. Further, measures taken to filter these worms at the router level incur additional network delays because of the extra burden placed on the routers. To develop appropriate tools for thwarting the quick spread of worms, researchers are trying to understand the behavior of worm propagation with the aid of epidemiological models. In this study, we present an optimization model that takes into account infection and treatment costs. Using this model we can determine the level of treatment to be applied for a given rate of infection spread. 相似文献
14.
IPv4网络到IPv6网络的过渡过程中将出现两种网络协议将共同存在。研究了一种具有分层扫描策略的蠕虫——双栈蠕虫,该蠕虫利用多播扫描策略实现本地IPv6子网内主机的检测,利用IPv4随机地址扫描发现子网外的目标主机。通过在真实网络中进行传播测试和利用仿真程序模拟双栈蠕虫在大规模网络中的传播行为,发现双栈蠕虫可以在IPv4-IPv6双栈网络中快速传播。 相似文献
15.
Gou Xiantai Jin Weidong Zhao Duo 《电子科学学刊(英文版)》2006,23(2):259-265
Active worms can cause widespread damages at so high a speed that effectively precludes humandirected reaction, and patches for the worms are always available after the damages have been caused, which has elevated them self to a first-class security threat to Metropolitan Area Networks (MAN). Multi-agent system for Worm Detection and Containment in MAN (MWDCM) is presented to provide a first-class automatic reaction mechanism that automatically applies containment strategies to block the propagation of the worms and to protect MAN against worm scan that wastes a lot of network bandwidth and crashes the routers. Its user agent is used to detect the known worms. Worm detection agent and worm detection correlation agent use two-stage based decision method to detect unknown worms. They adaptively study the accessing in the whole network and dynamically change the working parameters to detect the unknown worms. MWDCM confines worm infection within a macro-cell or a micro-cell of the metropolitan area networks, the rest of the accesses and hosts continue functioning without disruption. MWDCM integrates Worm Detection System (WDS) and network management system. Reaction measures can be taken by using Simple Network Management Protocol (SNMP) interface to control broadband access server as soon as the WDS detect the active worm. MWDCM is very effective in blocking random scanning worms. Simulation results indicate that high worm infection rate of epidemics can be avoided to a degree by MWDCM blocking the propagation of the worms. 相似文献
16.
Wireless sensor networks (WSNs) encounter a critical challenge of ‘Network Security’ due to extreme operational constraints. The origin of the challenge begins with the entry of worms in the wireless network. Just one infected node is enough to spread the worms across the entire network. The infected node rapidly infects the neighbouring nodes in an unstoppable manner. In this paper, a mathematical model is proposed based on epidemic theory. It is an improvement of the Susceptible-Infectious-Recovered-Susceptible (SIRS) and Susceptible-Exposed-Infectious-Susceptible (SEIS) model. We propose Susceptible-Exposed-Infectious-Recovered-Susceptible (SEIRS) model that overcomes the drawbacks of existing models. The proposed ameliorated model includes a finite communication radius and the associated node density. We obtain basic reproduction number which determines the local and global propagation dynamics of worm in the WSNs. Also, we deduce expression for threshold for node density and communication radius. We investigated the control mechanism against worm propagation. We compare the proposed model with various existing models and evaluate its performance on the basis of various performance metrics. The study confirms melioration in the vital aspects (security, network reliability, transmission efficiency, energy efficiency) for WSNs. The proposed SEIRS model provides an improved technique to restraint worms’ transmission in comparison to the existing models. 相似文献
17.
18.
Although the frequency of Internet worm's outbreak is decreased during the past ten years, the impact of worm on people's privacy security and enterprise's efficiency is still a severe problem, especially the emergence of botnet. It is urgent to do more research about worm's propagation model and security defense. The well-known worm models, such as simple epidemic model (SEM) and two-factor model (TFM), take all the computers on the internet as the same, which is not accurate because of the existence of network address translation (NAT). In this paper, we first analyze the worm's functional structure, and then we propose a three layer worm model named three layres worm model (TLWM), which is an extension of SEM and TFM under NAT environment. We model the TLWM by using deterministic method as it is used in the TFM. The simulation results show that the number of NAT used on the Internet has effects on worm propagation, and the more the NAT used, the slower the worm spreads. So, the extensive use of NAT on the Internet can restrain the worm spread to some extent. 相似文献
19.