面向多协议的恶意代码传播模型研究
|
摘要
融合网络未来发展的趋势是以IP为承载的综合业务平台。由于IP协议本身的缺陷,无法提供点到点的服务质量控制和安全机制,黑客等恶意蠕虫在融合网络有机可乘。以融合网络终端节点多样化,网络结构的复杂异构化,融合网络新形式业务为目标攻击的面向多协议的跨网传播的智能蠕虫,为融合网络的安全问题带来更为严峻的挑战。本文针对此安全问题,设计一种基础功能可实现的面向多协议的智能融合网络蠕虫,并针对此蠕虫的在多协议融合网络中的传播特性做了深入的研究,提出了相应的防御措施。
为了更好的研究和防范融合网络下的蠕虫,本文提出了一种融合网络下面向多协议的蠕虫,解决了蠕虫在融合网络中跨协议实现多网多平台传播的问题。研究了融合网络下的面向多协议蠕虫通过文件被动传播的可能行,实现了蠕虫的面向协议传播的基础功能与感染流程,并且基于此蠕虫建立了融合网络下的僵尸网络仿真测试平台。
为了更好的预防融合网络下的特定智能蠕虫,本文提出了融合网络下的面向多协议蠕虫的智能控制技术,解决了蠕虫针对用户安全意识的免杀问题。研究了用户安全意识在蠕虫复制阶段大量占用资源下的模型和蠕虫针对这一特征的智能控制转播,实现了蠕虫在具有一定的免杀能力下保证传播速率的特性。
为了更好的研究面向多协议的智能蠕虫在融合网络上的传播特性,本文提出了融合网络的拓扑模型,解决了蠕虫传播过程中的感染路径问题。研究了互联网与移动网络的拓扑特征,通过改进GLP模型,实现了互联网与移动网络的拓扑融合模型。
为了更好的检测融合网络下面向多协议的智能蠕虫,本文提出了面向多协议的智能蠕虫的传播模型,解决了传统传播模型不能针对终端设备多样化建模的缺点。研究了智能蠕虫在传播过程中的状态转移和融合网络防御措施多样化特征,通过矩阵计算实现了此模型。
本文通过实验仿真结果,研究了多协议融合网络下的蠕虫传播趋势,提出了蠕虫智能控制下保持高速感染的计算公式,给出了提高安全防御的意见。
The development of multi-protocol integrated network will be a multiple business platform based on IP-hosted. Due to the defects of the IP protocol itself, it cannot provide the point-to-point service quality control and safety mechanisms, hackers and other malicious worm take advantage of integrated networks. The intelligent worm being able to spread across various network and aim to the diversity of integrated network terminal node, the complexity and isomerization of the network structure, integrated networks new form of service will bring more severe challenges for the integration of network security. In order to solve this security problem, this paper designs a intelligent multi-protocol integration network worms which basic function can be realized, study the propagation feature of this worm and presents some defensive measures.
In order to better research and prevention integrated network worms, this paper presents an intelligent worms for multi-protocol which is able to spread cross-protocol multi-network, multi-platform communication. Multi-protocol oriented converged network worms passively spread through file may line the basic function of the spread of the infection process of worm-oriented protocol. This paper builds a botnet on integrated network by using this worm.
In order to better prevention specific smart worm in integrated networks, the paper proposes an integrated network-oriented, multi-protocol worms intelligent control technology, solve the worm problem for user safety awareness to avoid killing. Study the user safety awareness under the worm copying stage occupied by a large number of resources and worms propagation for this feature. Worms have the ability to avoid killing and keep a certain propagation speed.
In order to better study the intelligent multi-protocol-oriented worm propagation characteristics in the integrated network, the paper proposes an integrated network topology model, to solve the problem of infection path worm propagation process. The topological features of the Internet with the mobile network, through improved GLP model to achieve a fusion model of the Internet with the mobile network topology.
In this paper, in order to better detect integrated network for multi-protocol intelligent worms, this paper present a propagation model, solve the shortage of traditional propagation model which cannot be used for the diversification of the terminal equipment. The intelligent worm propagation process state transfer and integration of network defense measures diversification characteristics, this model through the matrix calculation.
In this paper, through the simulation results, study the multi-protocol integration of network worms spread trend, provide worms under intelligent control to maintain its high infection formula, give some advises to improve the security and defense.
为了更好的研究和防范融合网络下的蠕虫,本文提出了一种融合网络下面向多协议的蠕虫,解决了蠕虫在融合网络中跨协议实现多网多平台传播的问题。研究了融合网络下的面向多协议蠕虫通过文件被动传播的可能行,实现了蠕虫的面向协议传播的基础功能与感染流程,并且基于此蠕虫建立了融合网络下的僵尸网络仿真测试平台。
为了更好的预防融合网络下的特定智能蠕虫,本文提出了融合网络下的面向多协议蠕虫的智能控制技术,解决了蠕虫针对用户安全意识的免杀问题。研究了用户安全意识在蠕虫复制阶段大量占用资源下的模型和蠕虫针对这一特征的智能控制转播,实现了蠕虫在具有一定的免杀能力下保证传播速率的特性。
为了更好的研究面向多协议的智能蠕虫在融合网络上的传播特性,本文提出了融合网络的拓扑模型,解决了蠕虫传播过程中的感染路径问题。研究了互联网与移动网络的拓扑特征,通过改进GLP模型,实现了互联网与移动网络的拓扑融合模型。
为了更好的检测融合网络下面向多协议的智能蠕虫,本文提出了面向多协议的智能蠕虫的传播模型,解决了传统传播模型不能针对终端设备多样化建模的缺点。研究了智能蠕虫在传播过程中的状态转移和融合网络防御措施多样化特征,通过矩阵计算实现了此模型。
本文通过实验仿真结果,研究了多协议融合网络下的蠕虫传播趋势,提出了蠕虫智能控制下保持高速感染的计算公式,给出了提高安全防御的意见。
The development of multi-protocol integrated network will be a multiple business platform based on IP-hosted. Due to the defects of the IP protocol itself, it cannot provide the point-to-point service quality control and safety mechanisms, hackers and other malicious worm take advantage of integrated networks. The intelligent worm being able to spread across various network and aim to the diversity of integrated network terminal node, the complexity and isomerization of the network structure, integrated networks new form of service will bring more severe challenges for the integration of network security. In order to solve this security problem, this paper designs a intelligent multi-protocol integration network worms which basic function can be realized, study the propagation feature of this worm and presents some defensive measures.
In order to better research and prevention integrated network worms, this paper presents an intelligent worms for multi-protocol which is able to spread cross-protocol multi-network, multi-platform communication. Multi-protocol oriented converged network worms passively spread through file may line the basic function of the spread of the infection process of worm-oriented protocol. This paper builds a botnet on integrated network by using this worm.
In order to better prevention specific smart worm in integrated networks, the paper proposes an integrated network-oriented, multi-protocol worms intelligent control technology, solve the worm problem for user safety awareness to avoid killing. Study the user safety awareness under the worm copying stage occupied by a large number of resources and worms propagation for this feature. Worms have the ability to avoid killing and keep a certain propagation speed.
In order to better study the intelligent multi-protocol-oriented worm propagation characteristics in the integrated network, the paper proposes an integrated network topology model, to solve the problem of infection path worm propagation process. The topological features of the Internet with the mobile network, through improved GLP model to achieve a fusion model of the Internet with the mobile network topology.
In this paper, in order to better detect integrated network for multi-protocol intelligent worms, this paper present a propagation model, solve the shortage of traditional propagation model which cannot be used for the diversification of the terminal equipment. The intelligent worm propagation process state transfer and integration of network defense measures diversification characteristics, this model through the matrix calculation.
In this paper, through the simulation results, study the multi-protocol integration of network worms spread trend, provide worms under intelligent control to maintain its high infection formula, give some advises to improve the security and defense.
引文
[1]刘其华.湖南广电三网融合下业务拓展研究[D].中南大学,2011.
[2]严霄凤.“震网”引发网络安全新思考[J].信息安全与技术,2011(2):17-19.
[3]sKyWIper Analysis Team. sKyWIper (a.k.a. Flame a.k.a. Flamer):A complex malware for targeted attacks. Laboratory of Cryptography and System Security (CrySyS Lab),2012
[4]马辉,代宏伟,翁越龙.三网融合下网络攻防分析[J].信息网络安全,2011(7):42-44.
[5]郝文江,马晓明.三网融合背景下信息安全问题与保障体系研究[J].信息网络安全,2010(009):13-15.
[6]W. Yang, D. Chakrabarti, W. Chenxi, and C. Faloutsos, "Epidemic spreading in real networks:an eigenvalue viewpoint," in Reliable Distributed Systems,2003. Proceedings.22nd International Symposium on,2003, pp.25-34.
[7]Y. Wei, Z. Nan,'F. Xinwen, and Z. Wei, "Self-Disciplinary Worms and Countermeasures: Modeling and Analysis," Parallel and Distributed Systems, IEEE Transactions on, vol.21, pp. 1501-1514,2010.
[8]姜奇,马建峰,李光松,等.基于WAPI的WLAN与3G网络安全融合[J].计算机学报,2010(009):1675-1685.
[9]Pele Li, M. Salour, and Xiao Su.2008. A survey of internet worm detection and containment.Commun. Surveys Tuts.10,1 (January 2008),20-35.
[10]张运凯,马建峰.网络蠕虫传播与控制研究[D].西安:西安电子科技大学,2005.
[11]Su Fei; Lin Zhaowen; Ma Yan;, "A survey of internet worm propagation models," Broadband Network & Multimedia Technology,2009. IC-BNMT '09. 2nd IEEE International Conference on, vol., no., pp.453-457,18-20 Oct.2009
[12]Erdos P,Renyi A. On the evolution of random graphs. Publ. Math. Inst. Hung. Acad. Sci,1960,5
[13]Bollobas B. Random Graphs, New York:Academic Press,2nd de.,2001
[14]Watts D J,Strogatz S H. Collective dynamics of'small-world'network. Nature, 1988,393(6684)
[15]汪小帆,李翔,陈关荣.复杂网络理论及其应用[M].清华大学出版社有限公司,2006.
[16]Marr D. Vision, New York:Freeman Publishers.1982
[17]M. Faloutsos, P. Faloutsos, and C. Faloutsos, "On power-law relationships of the Internet topology," SIGCOMM Comput. Commun. Rev., vol.29, pp.251-262, 1999
[18]R. Lambiotte, V. D. Blondel, C. de Kerchove, E. Huens, C. Prieur, Z. Smoreda, and P. Van Dooren, "Geographical dispersal of mobile communication networks," Physica A:Statistical Mechanics and its Applications, vol.387, pp. 5317-5325,2008.
[19]B. Tian and D. Towsley, "On distinguishing between Internet power law topology generators," in INFOCOM 2002. Twenty-First Annual Joint Conference of the IEEE Computer and Communications Societies. Proceedings. IEEE,2002, pp.638-647 vol.2.
[20]R. Albert and A.-L. Barabasi, "Topology of Evolving Networks:Local Events and Universality," Physical Review Letters, vol.85, pp.5234-5237,2000
[21]Alberto Medina, Anukool Lakhina, Ibrahim Matta;," BRITE:Universal Topology Generation from a User's Perspective", Computer Science Department Boston University,2001
[2]严霄凤.“震网”引发网络安全新思考[J].信息安全与技术,2011(2):17-19.
[3]sKyWIper Analysis Team. sKyWIper (a.k.a. Flame a.k.a. Flamer):A complex malware for targeted attacks. Laboratory of Cryptography and System Security (CrySyS Lab),2012
[4]马辉,代宏伟,翁越龙.三网融合下网络攻防分析[J].信息网络安全,2011(7):42-44.
[5]郝文江,马晓明.三网融合背景下信息安全问题与保障体系研究[J].信息网络安全,2010(009):13-15.
[6]W. Yang, D. Chakrabarti, W. Chenxi, and C. Faloutsos, "Epidemic spreading in real networks:an eigenvalue viewpoint," in Reliable Distributed Systems,2003. Proceedings.22nd International Symposium on,2003, pp.25-34.
[7]Y. Wei, Z. Nan,'F. Xinwen, and Z. Wei, "Self-Disciplinary Worms and Countermeasures: Modeling and Analysis," Parallel and Distributed Systems, IEEE Transactions on, vol.21, pp. 1501-1514,2010.
[8]姜奇,马建峰,李光松,等.基于WAPI的WLAN与3G网络安全融合[J].计算机学报,2010(009):1675-1685.
[9]Pele Li, M. Salour, and Xiao Su.2008. A survey of internet worm detection and containment.Commun. Surveys Tuts.10,1 (January 2008),20-35.
[10]张运凯,马建峰.网络蠕虫传播与控制研究[D].西安:西安电子科技大学,2005.
[11]Su Fei; Lin Zhaowen; Ma Yan;, "A survey of internet worm propagation models," Broadband Network & Multimedia Technology,2009. IC-BNMT '09. 2nd IEEE International Conference on, vol., no., pp.453-457,18-20 Oct.2009
[12]Erdos P,Renyi A. On the evolution of random graphs. Publ. Math. Inst. Hung. Acad. Sci,1960,5
[13]Bollobas B. Random Graphs, New York:Academic Press,2nd de.,2001
[14]Watts D J,Strogatz S H. Collective dynamics of'small-world'network. Nature, 1988,393(6684)
[15]汪小帆,李翔,陈关荣.复杂网络理论及其应用[M].清华大学出版社有限公司,2006.
[16]Marr D. Vision, New York:Freeman Publishers.1982
[17]M. Faloutsos, P. Faloutsos, and C. Faloutsos, "On power-law relationships of the Internet topology," SIGCOMM Comput. Commun. Rev., vol.29, pp.251-262, 1999
[18]R. Lambiotte, V. D. Blondel, C. de Kerchove, E. Huens, C. Prieur, Z. Smoreda, and P. Van Dooren, "Geographical dispersal of mobile communication networks," Physica A:Statistical Mechanics and its Applications, vol.387, pp. 5317-5325,2008.
[19]B. Tian and D. Towsley, "On distinguishing between Internet power law topology generators," in INFOCOM 2002. Twenty-First Annual Joint Conference of the IEEE Computer and Communications Societies. Proceedings. IEEE,2002, pp.638-647 vol.2.
[20]R. Albert and A.-L. Barabasi, "Topology of Evolving Networks:Local Events and Universality," Physical Review Letters, vol.85, pp.5234-5237,2000
[21]Alberto Medina, Anukool Lakhina, Ibrahim Matta;," BRITE:Universal Topology Generation from a User's Perspective", Computer Science Department Boston University,2001