基于阴性选择的网络蠕虫抑制模型

Worm Containment Model Based on Negative Selection

基于免疫系统的阴性选择机制,提出一种网络蠕虫抑制模型。通过主机的程序行为异常,检测蠕虫攻击并及时响应,允许主机进行大部分的正常网络通信,防止蠕虫通过主机继续传播。主机发出基于阴性选择过滤的网络服务请求,依据蠕虫的传播特征,网络主机之间相互协同,推断蠕虫所攻击的服务并进行限制。实验结果表明,该模型能有效检测并抑制传统蠕虫及拓扑蠕虫等传播隐秘的新型蠕虫。

Based on negative selection mechanism of the immune system, this paper proposes a worm containment model. By monitoring abnormal program behavior, the model effectively detects worms and makes reaction. The reaction policy contains worm propagation and allows the majority of normal traffic to proceed. Negative selection is used to filter service requests which the worm host sends out, and according to worm properties, hosts cooperate to determine and contain the services which the worm attacks. Experimental results indicate the model can detect and contain classical worms as well as emerging stealthy worms such as topological worms.