摘要
Contagion蠕虫利用正常业务流量进行传播,不会引起网络流量异常,具有较高的隐蔽性,逐渐成为网络安全的一个重要潜在威胁.为了能够了解Contagion蠕虫传播特性,需要构建一个合适的仿真模型.已有的仿真模型主要面向主动蠕虫,无法对Contagion蠕虫传播所依赖的业务流量进行动态模拟.因此,提出了一个适用于Contagion蠕虫仿真的Web和P2P业务流量动态仿真模型,并通过选择性抽象,克服了数据包级蠕虫仿真的规模限制瓶颈,在通用网络仿真平台上,实现了一个完整的Contagion蠕虫仿真系统.利用该系统,对Contagion蠕虫传播特性进行了仿真分析.结果显示:该仿真系统能够有效地用于Contagion蠕虫传播分析.
Although active worms have great spread speed, they usually stir anomalous traffic pattern during targets discovery, which make them easy to he detected. Thus, worm authors turn to increasing the stealth of worms to make them propagate more effectively. Contagion worm is a typical paradigm of stealth worms. It takes advantage of the normal Internet operation traffic to propagate through the Internet, thus it can spread faster than the traditional passive worm, and evinces almost no peculiar communication patterns. Because of its spread speed and stealth, Contagion worm is becoming an immediately security threat on Internet. In order to get insight into Contagion worm propagation, it is necessary to construct a suitable simulation model. Unfortunately, all existing simulation models are constructed for active worms, and can't dynamically simulate the network traffic that is necessary for Contagion worm simulation. Here, a dynamic operation traffic simulation model is presented to adapt for Contagion worm simulation. Through selective abstraction, the scalable bottleneck of packet level worm simulation is broken and a complete Contagion worm simulation system is implemented based on the general network simulator. A series of analyses experiments are conducted by this simulation system to analyze the Contagion worm propagation. Simulation results indicate that the simulation method is very effective in Contagion worm study.
出处
《计算机研究与发展》
EI
CSCD
北大核心
2008年第2期207-216,共10页
Journal of Computer Research and Development
基金
国家自然科学基金项目(60573015)