基于混合对抗技术的对抗性蠕虫

作为对抗网络蠕虫的一种技术手段,对抗性蠕虫正在引起恶意代码研究领域的关注。然而当前对抗性蠕虫所采用的主动对抗技术和被动对抗技术存在若干缺陷,无法全面有效抑制网络蠕虫的传播。为此提出一种改进的基于混合对抗技术的对抗性蠕虫,通过构建蠕虫对抗模型以及仿真实验对其进行分析,并表明其能够在有效抑制网络蠕虫传播的同时降低对网络资源的恶意消耗。     

网络蠕虫预警与隔离控制方法研究

随着互联网的迅速发展,蠕虫对于网络安全的威胁日益严重。本文介绍了蠕虫的相关概念、传播方法、特点及其危害,分析了当前针对网络蠕虫的主要预警检测方法,探讨了网络蠕虫的隔离控制方法。     

网络蠕虫病毒防御方法研究

网络蠕虫通过自我复制,破坏目标系统,拥塞网络,对互联网络安全构成巨大威胁。本文通过对蠕虫病毒程序的传播流程及行为特征的分析,提出一种基于实时监测检测机制的防御网络蠕虫攻击的新方法。这种方法在操作系统底层函数被调用的时候就能及时地发现网络蠕虫攻击并阻止网络蠕虫的进一步扩散。     

蠕虫早期检测系统研究

网络蠕虫对Internet造成了极大的危害。在分析了蠕虫的传播原理和经典传染模型原理,以及蠕虫传染早期扫描阶段ICMP和TC协议的状态后,本文基于协议状态和传染模型的思想提出了一个蠕虫早期检测方法及其系统实现框架,该系统架构无需改变现有网络结构既可全面监说蠕虫的流量情况, 并可检测出真实的蠕虫扫描源。     

基于失败连接分析和P2P的未知网络蠕虫检测

针对现有的网络蠕虫检测系统大多不能有效快速检测慢速蠕虫的问题,本文提出使用本地失败连接分析(LF-CA)算法在蠕虫传播早期高效实时的检测本地局域网内的蠕虫,并在全局上建立可扩展性强非集中式的基于Chord算法的全网协作P2P检测机制,以信息共享的方式对慢速传播蠕虫进行检测。通过实验仿真验证了LFCA算法对本地网络的快速蠕虫有高效的检测效果和较低的误报率,证明了基于P2P技术进行信息共享协同检测比单点检测能更快更有效地检测到慢速蠕虫。     

基于暗网的早期检测技术在专用网络中的应用

为了早期检测网络蠕虫,设计实现了一个基于暗网的可视化蠕虫早期检测系统,并在某专用网络中进行了对比实验。结果显示,该系统在专用网络中比传统入侵检测系统能更早发现蠕虫等网络攻击,且时间提前量十分可观,说明基于暗网的早期检测技术在专用网络中有良好的应用前景。     

基于随机进程代数的P2P网络蠕虫对抗传播特性分析

 研究P2P网络中良性蠕虫和恶意蠕虫在对抗传播过程中的特性,可为制定合理的蠕虫对抗策略提供科学依据.提出一种基于随机进程代数的P2P网络蠕虫对抗传播的建模与分析方法.首先,分析了传播过程中蠕虫之间的对抗交互行为以及网络节点的状态转换过程;然后,利用PEPA语法建立了恶意蠕虫初始传播阶段与蠕虫对抗阶段的随机进程代数模型;最后,采用随机进程代数的流近似方法,推导得到能够描述蠕虫传播特性的微分方程组,通过求解该方程组,分析得到P2P蠕虫的对抗传播特性.试验结果表明,良性蠕虫可以有效遏制P2P网络中的恶意蠕虫传播,但需要根据当前的网络条件制定科学的传播策略,以减少良性蠕虫自身的传播对网络性能的影响.     

分布式蠕虫流量检测技术

分析了网络蠕虫病毒的传播特点和已有的检测方法,针对慢速传播蠕虫病毒,提出了基于流量异常传播序列的检测算法,并通过分布式系统结构,综合多个子网的检测结果,进一步提高检测准确率。模拟实验证明：该算法可以根据流量特征,在蠕虫病毒慢速传播的早期检测到该病毒的传播行为,并获得传播所用网络协议和目标端口。     

网络蠕虫的扫描方法分析

对网络上计算机系统的扫描是网络蠕虫传播的第一步,网络蠕虫扫描算法是研究蠕虫传播特性的一个基础环节。通过对常见的网络蠕虫扫描算法的研究,将其进行了分类,并对每一种扫描方法的基本原理及特点进行了分析。     

对抗网络蠕虫的良性蠕虫的设计

网络蠕虫能利用系统漏洞自动传播,造成网络拥塞,具有极大的破坏性。利用良性蠕虫(WAW)对抗恶意蠕虫是一种新技术,它具有速度快、针对性好、自动化程度高等优点,但是现有良性蠕虫技术的研究刚开始,目前出现的几种所谓的良性蠕虫在安全性、可控性、有效性方面还存在很大缺陷。针对这种情况,本文提出了一种设计良性蠕虫的具体方案,并对其对抗效果进行了简要分析。     

集中受控式蠕虫有限繁殖算法

蠕虫有限繁殖技术在分布式计算应用和对抗蠕虫研究中具有重要的意义。文章在分析现有的有限繁殖算法研究基础上,提出集中受控式蠕虫有限繁殖算法,建立蠕虫有限繁殖的数学模型,并通过基于无尺度网络模型的蠕虫繁殖仿真验证了算法的正确性,最后进行了算法的性能比较。该算法提高了蠕虫有限繁殖的准确性,减小了蠕虫有限繁殖对网络的影响。     

物联网恶意代码传播模型研究

Nowadays, the main communication object of Internet is human-human. But it is foreseeable that in the near future any object will have a unique identification and can be addressed and connected. The Internet will expand to the Internet of Things. IPv6 is the cornerstone of the Internet of Things. In this paper, we investigate a fast active worm, referred to as topological worm, which can propagate twice to more than three times faster than a traditional scan-based worm. Topological worm spreads over AS-level network topology, making traditional epidemic models invalid for modeling the propagation of it. For this reason, we study topological worm propagation relying on simulations. First, we propose a new complex weighted network model, which represents the real IPv6 AS-level network topology. And then, a new worm propagation model based on the weighted network model is constructed, which describes the topological worm propagation over AS-level network topology. The simulation results verify the topological worm model and demonstrate the effect of parameters on the propagation.     

Research on the Propagation Models and Defense Techniques of Internet Worms

Internet worm is harmful to network security,and it has become a research hotspot in recent years.A thorough survey on the propagation models and defense techniques of Internet worm is made in this paper.We first give its strict definition and discuss the working mechanism.We then analyze and compare some repre-sentative worm propagation models proposed in recent years,such as K-M model,two-factor model,worm-anti-worm model（WAW）,firewall-based model,quarantine-based model and hybrid benign worm-based model,etc.Some typical defense techniques such as virtual honeypot,active worm prevention and agent-oriented worm defense,etc.,are also discussed.The future direction of the worm defense system is pointed out.     

Modeling and analysis of Internet worm propagation

Although the frequency of Intemet worm's outbreak is decreased during the past ten years,the impact of worm on people's privacy security and enterprise's efficiency is still a severe problem,especially the emergence of botnet.It is urgent to do more research about worm's propagation model and security defense.The well-known worm models,such as simple epidemic model (SEM) and two-factor model (TFM),take all the computers on the internet as the same,which is not accurate because of the existence of network address translation (NAT).In this paper,we first analyze the worm's functional structure,and then we propose a three layer worm model named three layres worm model (TLWM),which is an extension of SEM and TFM under NAT environment.We model the TLWM by using deterministic method as it is used in the TFM.The simulation results show that the number of NAT used on the Intemet has effects on worm propagation,and the more the NAT used,the slower the worm spreads.So,the extensive use of NAT on the Internet can restrain the worm spread to some extent.     

基于多播扫描机制的双栈蠕虫研究

IPv4网络到IPv6网络的过渡过程中将出现两种网络协议将共同存在。研究了一种具有分层扫描策略的蠕虫——双栈蠕虫,该蠕虫利用多播扫描策略实现本地IPv6子网内主机的检测,利用IPv4随机地址扫描发现子网外的目标主机。通过在真实网络中进行传播测试和利用仿真程序模拟双栈蠕虫在大规模网络中的传播行为,发现双栈蠕虫可以在IPv4-IPv6双栈网络中快速传播。     

Modeling and analysis of Intemet worm propagation

Although the frequency of Internet worm's outbreak is decreased during the past ten years, the impact of worm on people's privacy security and enterprise's efficiency is still a severe problem, especially the emergence of botnet. It is urgent to do more research about worm's propagation model and security defense. The well-known worm models, such as simple epidemic model (SEM) and two-factor model (TFM), take all the computers on the internet as the same, which is not accurate because of the existence of network address translation (NAT). In this paper, we first analyze the worm's functional structure, and then we propose a three layer worm model named three layres worm model (TLWM), which is an extension of SEM and TFM under NAT environment. We model the TLWM by using deterministic method as it is used in the TFM. The simulation results show that the number of NAT used on the Internet has effects on worm propagation, and the more the NAT used, the slower the worm spreads. So, the extensive use of NAT on the Internet can restrain the worm spread to some extent.     

企业内网蠕虫检测和控制研究

目前已有一些全球化的网络蠕虫监测方法,但这些方法并不能很好地适用于局域网.为此,文中提出一种使用本地网协同检测蠕虫的方法,该方法注重分析扫描蠕虫在本地网的行为,通过这些方法给出预警信息,以揭示蠕虫在本地网络中的活动情况。并针对不同的行为特性使用不同的处理方法.结果表明,该方法可以准确、快速地检测出入侵本地网络的扫描蠕虫。     

Internet worm early detection and response mechanism

In recent years, fast spreading worm has become one of the major threats to the security of the Internet and has an increasingly fierce tendency.In view of the insufficiency that based on Kalman filter worm detection algorithm is sensitive to interval, this article presents a new data collection plan and an improved worm early detection method which has some deferent intervals according to the epidemic worm propagation model, then proposes a worm response mechanism for slowing the wide and fast worm propagation effectively.Simulation results show that our methods are able to detect worms accurately and early.     

绕制精密螺旋线的系统技术

在螺旋线型慢波电路行波管中,精密螺旋线是重要的组成部分,由于精密螺旋线的绕制要求高（包括螺距精度、螺旋线形状）,行业研究机构、制造与使用单位、检测部门等在不断地进行系统研究和工艺试验。对绕制精密螺旋线系统的主要结构、控制方法进行了叙述,经实际应用证明了这种方法的可行性。