共查询到20条相似文献,搜索用时 15 毫秒
1.
《Network Security》2000,2000(6):6
Probably the biggest impact a computer virus or worm has had globally comes with the worldwide spread of VBS.Loveletter.A. The worm, thought to originate in the Philippines, has been spreading on the Internet since early May using a variety of propagation methods and with multiple variants. The virus, which requires Microsoft Outlook to spread, clogs mail servers with thousands of messages. Files of the following types are destroyed on infected machines: .VBS, .VBE, .JS, .JSE, .CSS, .WSH, .SCT, .HTA, .JPG and .JPEG. The virus is sent via E-mail but a computer is not infected unless the attachment is opened. To avoid infection, delete the E-mail without opening the attachment. 相似文献
2.
4.
The spread of the worm causes great harm to the computer network. It has recently become the focus of the network security research. This paper presents a local-worm detection algorithm by analyzing the characteristics of traffic generated by the TCP-based worm. Moreover, we adjust the worm location algorithm, aiming at the differences between the high-speed and the low-speed worm scanning methods. This adjustment can make the location algorithm detect and locate the worm based on different scanning rate. Finally, we verified the validity and efficiency of the proposed algorithm by simulating it under NS-2. 相似文献
5.
The spread of the Witty worm 总被引:2,自引:0,他引:2
On Friday, 19 March 2004, at approximately 8:45 p.m. Pacific Standard Time (PST), an Internet worm began to spread, targeting a buffer overflow vulnerability in several Internet Security Systems (ISS) products, including its RealSecure Network, RealSecure Server Sensor, RealSecure Desktop, and BlackICE. The worm took advantage of a security flaw in these firewall applications that eEye Digital Security discovered earlier in March. Once the Witty worm - so called because its payload contained the phrase, "(,)insert witty message here (,)" - infects a computer, it deletes a randomly chosen section of the hard drive, which, over time, renders the machine unusable. We share a global view of the worm's spread, with particular attention to its features. 相似文献
6.
在对计算机蠕虫的研究中,常常借用传染病传播模型,通过研究双要素蠕虫传播模型,提出了一个改进的蠕虫传播模型,并通过Matlab仿真进行了相关试验,证明该模型可以更好地预测蠕虫传播的规模和速度。 相似文献
7.
Self-replicating code is a huge problem worldwide, with worms like SQL/Slammer becoming pandemic within minutes of their initial release. Because of this, there has been significant interest in worm spread and how this spread is affected by various countermeasures. However, to date, comparative analysis of spread has been carried out “by eye”—there exist no meaningful metrics by which one can quantitatively compare the effectiveness of different protection paradigms. In this paper, we discuss several possible metrics for measuring worm spread and countermeasure effectiveness. We note that the “correct” metric for comparative purposes will vary depending on the goal of the defender, and provide several different measures which can be used to compare countermeasures. Finally, we discuss the idea of significance—that is, what changes induced by worm design or countermeasures are actually meaningful in the real world? 相似文献
8.
The author examines self-replicating code and its associated challenges, His aim is to help demystify the topic as well as stimulate new research in a frequently mistreated subject. This is not overly ambitious in a short article: despite their patina of complexity, viruses and worms are fairly straightforward. The SQL.Slammer worm of 2003, for example, spread using packets that were only 376 bytes long. Compact and simple, such threats can spread worldwide in minutes. 相似文献
9.
10.
研究网络安全问题,网络蠕虫是当前网络安全的重要威胁。网络蠕虫传播途径多样化、隐蔽性强、感染速度快等特点。蠕虫模型以简单传染病模型进行传播,无法准确描述网络蠕虫复杂变化特点,网络蠕虫检测正确率比较低。为了提高网络蠕虫检测正确率,提出一种改进的网络蠕虫传播模型。在网络蠕虫传播模型引入动态隔离策略,有效切断网络蠕虫传播途径,采用自适应的动态感染率和恢复率,降低网络蠕虫造成的不利影响。仿真结果表明,相对于经典网络蠕虫传播模型,改进模型有效地加低了网络蠕虫的传播速度,提高网络蠕虫检测正确率和整个网络安全性,为网络蠕虫传播研究提供重要指导。 相似文献
11.
Contagion蠕虫传播仿真分析 总被引:2,自引:0,他引:2
Contagion 蠕虫利用正常业务流量进行传播,不会引起网络流量异常,具有较高的隐蔽性,逐渐成为网络安全的一个重要潜在威胁.为了能够了解Contagion蠕虫传播特性,需要构建一个合适的仿真模型.已有的仿真模型主要面向主动蠕虫,无法对Contagion蠕虫传播所依赖的业务流量进行动态模拟.因此,提出了一个适用于Contagion蠕虫仿真的Web和P2P业务流量动态仿真模型,并通过选择性抽象,克服了数据包级蠕虫仿真的规模限制瓶颈,在通用网络仿真平台上,实现了一个完整的Contagion蠕虫仿真系统.利用该系统,对Contagion蠕虫传播特性进行了仿真分析.结果显示:该仿真系统能够有效地用于Contagion蠕虫传播分析. 相似文献
12.
本文从操作系统的结构性缺陷角度,阐述产生恶意代码的源头,指出当前通用PC操作系统把设备驱动、文件系统等功能都纳入系统内核,导致内核代码庞大,增加了系统保护工作的难度。并对计算机病毒的传播机理进行了形式化描述,研究了蠕虫程序的模块结构,建立了数据驱动型软件攻击的理论模型,分析了其构成威胁的本质原因。 相似文献
13.
A note on the spread of worms in scale-free networks. 总被引:2,自引:0,他引:2
Christopher Griffin Richard Brooks 《IEEE transactions on systems, man, and cybernetics. Part B, Cybernetics》2006,36(1):198-202
This paper considers the spread of worms in computer networks using insights from epidemiology and percolation theory. We provide three new results. The first result refines previous work showing that epidemics occur in scale-free graphs more easily because of their structure. We argue, using recent results from random graph theory that for scaling factors between 0 and approximately 3.4875, any computer worm infection of a scale-free network will become an epidemic. Our second result uses this insight to provide a mathematical explanation for the empirical results of Chen and Carley, who demonstrate that the Countermeasure Competing strategy can be more effective for immunizing networks to viruses or worms than traditional approaches. Our third result uses random graph theory to contradict the current supposition that, for very large networks, monocultures are necessarily more susceptible than diverse networks to worm infections. 相似文献
14.
Inside the Slammer worm 总被引:10,自引:0,他引:10
Moore D. Paxson V. Savage S. Shannon C. Staniford S. Weaver N. 《Security & Privacy, IEEE》2003,1(4):33-39
The Slammer worm spread so quickly that human response was ineffective. In January 2003, it packed a benign payload, but its disruptive capacity was surprising. Why was it so effective and what new challenges do this new breed of worm pose?. 相似文献
15.
16.
17.
Sellke S.H. Shroff N.B. Bagchi S. 《Dependable and Secure Computing, IEEE Transactions on》2008,5(2):71-86
Self-propagating codes, called worms, such as Code Red, Nimda, and Slammer, have drawn significant attention due to their enormously adverse impact on the Internet. Thus, there is great interest in the research community in modeling the spread of worms and in providing adequate defense mechanisms against them. In this paper, we present a (stochastic) branching process model for characterizing the propagation of Internet worms. The model is developed for uniform scanning worms and then extended to preference scanning worms. This model leads to the development of an automatic worm containment strategy that prevents the spread of a worm beyond its early stage. Specifically, for uniform scanning worms, we are able to 1) provide a precise condition that determines whether the worm spread will eventually stop and 2) obtain the distribution of the total number of hosts that the worm infects. We then extend our results to contain preference scanning worms. Our strategy is based on limiting the number of scans to dark-address space. The limiting value is determined by our analysis. Our automatic worm containment schemes effectively contain both uniform scanning worms and local preference scanning worms, and it is validated through simulations and real trace data to be nonintrusive. We also show that our worm strategy, when used with traditional firewalls, can be deployed incrementally to provide worm containment for the local network and benefit the Internet. 相似文献
18.
19.
20.
Internet worms are a significant security threat. Divide-conquer scanning is a simple yet effective technique that can potentially be exploited for future Internet epidemics. Therefore, it is imperative that defenders understand the characteristics of divide-conquer-scanning worms and study the effective countermeasures. In this work, we first examine the divide-conquer-scanning worm and its potential to spread faster and stealthier than a traditional random-scanning worm. We then characterize the relationship between the propagation speed of divide-conquer-scanning worms and the distribution of vulnerable hosts through mathematical analysis and simulations. Specifically, we find that if vulnerable hosts follow a non-uniform distribution such as the Witty-worm victim distribution, divide-conquer scanning can spread a worm much faster than random scanning. We also empirically study the effect of important parameters on the spread of divide-conquer-scanning worms and a worm variant that can potentially enhance the infection ability at the late stage of worm propagation. Furthermore, to counteract such attacks, we discuss the weaknesses of divide-conquer scanning and study two defense mechanisms: infected-host removal and active honeynets. We find that although the infected-host removal strategy can greatly reduce the number of final infected hosts, active honeynets (especially uniformly distributed active honeynets) are more practical and effective to defend against divide-conquer-scanning worms. 相似文献