Institutional Repository
| 网络蠕虫机理及对抗技术研究 | |
| 王超 | |
| 2007-01-16 | |
| Degree Grantor | 中国科学院软件研究所 |
| Degree Level | 博士 |
| Place of Degree Grantor | 软件研究所 |
| Keyword | 网络蠕虫 良性蠕虫 即时通信蠕虫 传播模型 工作机理 对抗 |
| English Abstract | 本文针对日益严重的网络蠕虫问题,着重对网络蠕虫尤其是若干新型的网络蠕虫(包括良性蠕虫和即时通信蠕虫)的机理和对抗技术进行了研究,取得了如下几个方面的研究成果: (1)创新性的提出一种能够描述良性蠕虫与恶性蠕虫对抗过程的AWCW对抗模型,该模型分析了良性蠕虫自动修补漏洞和清除感染主机等对恶性蠕虫的影响,以及由于蠕虫传播所造成的网络阻塞对两种蠕虫传播的影响等因素,描绘了良性蠕虫与恶性蠕虫相互作用下的传播趋势。 (2)基于AWCW对抗模型,本文从理论上分析出当前良性蠕虫在与恶性蠕虫对抗过程中失败的原因,第一次针对困扰良性蠕虫的若干技术争议进行了系统讨论,并给出完整的结论。 (3)针对当前良性蠕虫的不足,提出了两种改进对抗机理后的良性蠕虫技术,分别为基于混和对抗机理的良性蠕虫和基于协同对抗的良性蠕虫,并通过仿真试验给予证明。 (4)针对现有良性蠕虫在控制管理技术方面的不足,提出了基于P2P网络的大规模良性蠕虫管理技术,通过构建数学模型和仿真试验,证明其比当前的蠕虫管理技术更加适应对大规模传播的良性蠕虫进行管理,能够解决良性蠕虫所面临的可控性问题。 (5)分析了网络蠕虫所主要采用的缓冲区溢出攻击理论,探讨DEP数据执行保护技术对网络蠕虫通过缓冲区溢出攻击实施主动传播的影响,研究网络蠕虫应对DEP技术的攻击方法。 (6)第一次归纳出了即时通信蠕虫的基本定义和功能结构,给出即时通信蠕虫与其他类型网络蠕虫的区别和联系,首次利用数学离散方程构建了即时通信蠕虫的IMWP传播模型,并以此为基础分析了即时通信蠕虫传播的主要技术细节。 (7)针对即时通信蠕虫的技术特点,提出了一种基于CIMW对抗技术的安全即时通信客户端实现方法,该方法通过对比正常即时通信信息流和即时通信蠕虫信息流之间的差异,对非常规的即时通信信息流进行扼杀。测试数据表明实现的原型系统能够及时地抑制即时通信蠕虫的攻击并阻止其大范围的扩散,是一种有效地对抗即时通信蠕虫的新方法。 总之,本文的研究工作对网络蠕虫机理和对抗技术进行了有益的探索,尤其是在良性蠕虫和即时通信蠕虫这两种新型的网络蠕虫的工作机理和传播模型等方面,为网络蠕虫的进一步研究提供了理论基础和指导依据。 |
| Abstract | With the increasingly serious problems caused by worms, research on worms, especially on several new types of worms including benign worms and instant messaging worms, and their propagation mechanism and countermeasure technology are studied in this paper. Several main principal achievements have been obtained: First, a new propagation model – AWCW model is presented. This model can precisely describe the process of benign worms confronting malicious worms. It analyze the effect of benign worm automatically repairing holes and removing malicious worm, discuss the relation of network choke with worms’ spreading, and also draw the spreading trend of both benign worm and malicious worm. Second, based on AWCW model, this paper analyze the reason of why current benign fail to confront malicious well, give a complex discussion about several hot technical disputes about confronting validity, resource consumption and controllability, and draw a complete conclusion on it. Third, in order to overcome the above deficiency of benign worm, this paper presents two kinds of benign worm with improved confronting mechanism, including hybrid confronting mechanism and cooperating confronting mechanism. Several simulation experiments show these improvements are promised. Forth, due to current benign worm management technology faces several problems like large cost of address maintenance, low management effectiveness and performance bottleneck, this paper presents a creative benign worm management technology based on p2p network. Through constructing mathematics model and simulation experiment, this technology is proved that it can overcome the above problems. Fifth, the fundamental definition, functionality structure, spreading mechanism, control policy, repairing and confronting mechanism of benign worm are given. And the application of using benign worm to confront malicious worms is discussed stressly. The thought that other reasonably applications of benign worm are presented, such as anti-worm, network detection agent, patching general holes and distributed computation, and can enhance system and network security. Sixth, the fundamental definition and functionality structure of instant messaging worm are first given and the difference between instant messaging worm and other types of worms are presented. Mathematics disperse model – IMWP model are constructed to present instant worm’s spreading trend. Based on this model, the factors affecting instant messaging worm spreading are discussed. Seventh, a new type of confronting method – CIMW method is given to fit instant messaging worm. New secure instant messaging client using this method can throttle the information flow caused by worms. Experiments show the prototype client system can restrain instant messaging worm’ spreading duly and is a new effective method to confront instant messaging worm. In a word, the work of this thesis is to positively explore worm’s mechanism and confronting techniques against worms, especially in work mechanism and propagation model of two kinds of worms such as benign worm and instant messaging worm. So this paper provides guideline and theoretical foundation to more research on worms. |
| Pages | 200 |
| Language | 中文 |
| Content Type | 学位论文 |
| URI | http://ir.iscas.ac.cn/handle/311060/5662 |
| Collection | 中科院软件所_中科院软件所 |
| Recommended Citation GB/T 7714 | 王超. 网络蠕虫机理及对抗技术研究[D]. 软件研究所. 中国科学院软件研究所,2007. |
| Files in This Item: | ||||||
| File Name/Size | DocType | Version | Access | License | ||
| 10001_20031801500101(1936KB) | 限制开放 | -- | Application Full Text | |||
Items in the repository are protected by copyright, with all rights reserved, unless otherwise indicated.
Edit Comment