基于多测度约束的快速蠕虫传播源定位算法研究

近年来频繁爆发的大规模网络蠕虫对Internet的整体安全构成了巨大的威胁，已经造成了巨额的经济损失，新的变种仍在不断出现。目前对于蠕虫的监测与响应都是事后与人工的。本文提出了一种新的基于模式发现的多测度蠕虫快速定位方法，通过源地址活跃度、目标地址离散度和响应度准则等多个测度对监测目标网络已知和未知蠕虫的活动进行快速定位。基于本文的方法在应用中能以较低的资源代价发现未知的蠕虫传播并进行快速源定位。此外为提高算法的效率，本文研究了一种基于双页表结构的攻击树构建方法。

A New Fast Worm Source Tracing Algorithm of Multi-Constraints

The frequent explosion of massive worm propagation becomes a huge threaten to Internet security and caused countless losses, but endless novel worm species come one after another. Currently, worm monitoring and response are hysteretic and mainly operated artificially. As an improvement, this paper introduces a new fast tracing algorithm for worm infected hosts inside the object network. It uses source IP activity measure, dispersion measure and request response measure as a joint constraint to locate the hosts which have been infected by known and unknown worms. The three advantage of this algorithm is low cost, fast and the ability to detect unknown worm activities without any prior knowledge about the worm. To enhance the algorithm efficiency, a fast attack tree construction algorithm based on 2- page hash structure is proposed in this paper, and the further experiment results prove it can effectively improve the process efficiency.