期刊文献+

Contagion蠕虫传播仿真分析 被引量:7

Contagion Worm Propagation Simulation and Analysis
下载PDF
导出
摘要 Contagion蠕虫利用正常业务流量进行传播,不会引起网络流量异常,具有较高的隐蔽性,逐渐成为网络安全的一个重要潜在威胁.为了能够了解Contagion蠕虫传播特性,需要构建一个合适的仿真模型.已有的仿真模型主要面向主动蠕虫,无法对Contagion蠕虫传播所依赖的业务流量进行动态模拟.因此,提出了一个适用于Contagion蠕虫仿真的Web和P2P业务流量动态仿真模型,并通过选择性抽象,克服了数据包级蠕虫仿真的规模限制瓶颈,在通用网络仿真平台上,实现了一个完整的Contagion蠕虫仿真系统.利用该系统,对Contagion蠕虫传播特性进行了仿真分析.结果显示:该仿真系统能够有效地用于Contagion蠕虫传播分析. Although active worms have great spread speed, they usually stir anomalous traffic pattern during targets discovery, which make them easy to he detected. Thus, worm authors turn to increasing the stealth of worms to make them propagate more effectively. Contagion worm is a typical paradigm of stealth worms. It takes advantage of the normal Internet operation traffic to propagate through the Internet, thus it can spread faster than the traditional passive worm, and evinces almost no peculiar communication patterns. Because of its spread speed and stealth, Contagion worm is becoming an immediately security threat on Internet. In order to get insight into Contagion worm propagation, it is necessary to construct a suitable simulation model. Unfortunately, all existing simulation models are constructed for active worms, and can't dynamically simulate the network traffic that is necessary for Contagion worm simulation. Here, a dynamic operation traffic simulation model is presented to adapt for Contagion worm simulation. Through selective abstraction, the scalable bottleneck of packet level worm simulation is broken and a complete Contagion worm simulation system is implemented based on the general network simulator. A series of analyses experiments are conducted by this simulation system to analyze the Contagion worm propagation. Simulation results indicate that the simulation method is very effective in Contagion worm study.
出处 《计算机研究与发展》 EI CSCD 北大核心 2008年第2期207-216,共10页 Journal of Computer Research and Development
基金 国家自然科学基金项目(60573015)
关键词 Contagion蠕虫 仿真 流量模型 Power—Law分布 选择性抽象 Contagion worm simulation traffic model power-law distribution selective abstraction
  • 相关文献

参考文献20

  • 1D Moore, C Shannon, K Claffy. Code-red: A case study on the spread and victims of an Internet worm [C]. The 2nd Internet Measurement Workshop, Marseille, France, 2002.
  • 2D Moore, V PaxsOn, S Savage, et al. Inside the slammer worm [J]. IEEE Magazine of Security and Privacy, 2003, 1(4): 33 -39.
  • 3D Moore, C Shannon. The Spread of the Witty Worm [OL]. http://www. caida. org/analysis/securit y/witty, 2006-12-14.
  • 4CERT. CERT Advisory CA-1999-04 Mdissa Macro Virus [OL]. http://www. cert. org/advisoriedca- 1999-04. html, 2006-12-14.
  • 5Lidong Zhou, Lintao Zhang, Frank McSherry, et al. A first look at peer-to-peer worms: Threats and Defense [C]. The 4th Int'l Workshop on Peer-to-Peer Systems, Ithaca, NY, 2005.
  • 6卿斯汉,王超,何建波,李大治.即时通信蠕虫研究与发展[J].软件学报,2006,17(10):2118-2130. 被引量:17
  • 7Jamie Twycross, Matthew M Williamson. Implementing and testing a virus throttle [C]. The 12th USENIX Security Symp, Washington, DC, 2003.
  • 8Jintao Xiong. ACT: Attachment chain tracing scheme for email virus detection and control [C]. 2004 ACM Workshop on Rapid Malcode, Washington, DC, 2004.
  • 9Stuart Staniford, Vern Paxson, Nicholas Weaver. How to own the Internet in your spare time [C]. The 12th USENIX Security Symp 2002, San Francisco, CA, 2002.
  • 10S MeCanne, S Floyd. The LBNL network simulator [OL]. http://www. isi. edu/nsnam/ns/, 2006-12-17.

二级参考文献55

  • 1杨峰,段海新,李星.网络蠕虫扩散中蠕虫和良性蠕虫交互过程建模与分析[J].中国科学(E辑),2004,34(8):841-856. 被引量:27
  • 2王佰玲,方滨兴,云晓春,张宏莉,陈博,刘乙璇.基于平衡树的良性蠕虫扩散策略[J].计算机研究与发展,2006,43(9):1593-1602. 被引量:8
  • 3Hindocha N, Chien E. Malicious threats and vulnerabilities in instant messaging. 2005. http://www.symantec.com/avcenter/reference/malicious.threats.instant.messaging.pdf
  • 4IMlogic Threat Center. 2005 real-time communication security: The year in review. 2005. http://www.imlogic.com/pdf/2005ThreatCenter_report.pdf
  • 5CN/CERT. CN/CERT China Network Security Research Annual Report. 2005. http://www.hais.org.cn/doc/2005CNCERTCC AnnualReport_Chinese.pdf
  • 6Nazario J, Anderson J, Wash R, Connelly C. The future of Internet worms. Blackhat Briefings, 2001. http://www.crimelabs.net/does/worm.html
  • 7Zheng H. Intemet worm research [Ph.D. Thesis]. Tianjin: Nankai University, 2003 (in Chinese with English abstract).
  • 8Messenger APIs. http://msdn.microsoft.corn/downloads/list/messengerapi.asp
  • 9ICQ APIs. http://www.icq.com/api/
  • 10W32.Choke.Worm. http://securityresponse.symantec.com/avcenter/venc/data/w32.choke.worm.html

共引文献31

同被引文献106

引证文献7

二级引证文献28

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
使用帮助 返回顶部