基于异常检测的蠕虫检测系统模型设计-运筹学与控制论专业论文.docxVIP

Abstr删Abstract Abstr删 Abstract With the explosive growth of network applications and complexity,the threat of Internet wonns against network security becomes increasingly serious．Especially ．under the environment of Internet,the variety of the propagation ways and the complexity of the application environment reSult in worm with much higher frequency of outbreak,much deeper latency and much wider coverage，and internet worms have been a primary issue faccd by malicious code researchers．What’S more， research oll WOITn detection is the core． In this paper,definition ofworms，exploration function component and execution mechanism arc first presented．We show how severe Interact worms intrusion result ■；i≯ in the 10SS using number in order to illuminate the necessity ofworm research．Then we disouss research situation ofhltemet worms．propose the importance ofresearch on worm detection．Some critical techniques ofIutemet worm prevention are given． Meanwhile we analyze the advantage and disadvantage ofthese methods in order to find how to improve the capability ofworm detection system．0n the base of techniques and methods ofIDS。we propose a model about worm detection sTstem using anomaly detection and explain the every module ofthis model in detail． We design the model tO protect a local network by detecting anomaly data transfers． On one hand．it is responsible for debug anomaly data from inside to outside and finding the worm in the local network as soon as possible to avoid wonTI spread further more．On the other hand，it is in charge ofdetecting anomaly data from outside to inside for preventing the local network from outside wornl intrusion．What’S more, this system can detect both known worms and unknown worms． t％{#， Key Words：Intemet worms,anomaly detection,correlation analysis，worm detection 2 前言—1L—j_． 前言 —1L—j_． 月IJ 舌 早期恶意代码的主要形式是计算机病毒．近年来，恶意代码引发的安全事件 此起彼伏，大有愈演愈烈之势，从2001年爆发的CodcRed，Nimda到最近肆虐的 冲击波，无不有网络蠕虫的身影。网络蠕虫有别于计算机病毒。计算机病毒攻击 的主要是文件系统，在其传染的过程中，计算机使用者是传染的触发者，是传染 的关键环节