Along with the rapid development of social networks, social network worms have constituted one of the major internet security problems. The root of worm is the inevitable software vulnerability during the design and i...Along with the rapid development of social networks, social network worms have constituted one of the major internet security problems. The root of worm is the inevitable software vulnerability during the design and implementation process of software. So it is hard to completely avoid worms in the existing software engineering systems. Due to lots of bandwidth consumption, the patch cannot be transmitted simultaneously by the network administrator to all hosts. This paper studies how to prevent the propagation of social network worms through the immunization of key nodes. Unlike existing containment models for worm propagation, a novel immunization strategy is proposed based on network vertex influence. The strategy selects the critical vertices in the whole network. Then the immunization is applied on the selected vertices to achieve the maximal effect of worm containment with minimal cost. Different algorithms are implemented to select vertices. Simulation experiments are presented to analyze and evaluate the performance of different algorithms.展开更多
Passive worms can passively propagate through embedding themselves into some sharing files, which can result in significant damage to unstructured P2P networks. To study the passive worm behaviors, this paper firstly ...Passive worms can passively propagate through embedding themselves into some sharing files, which can result in significant damage to unstructured P2P networks. To study the passive worm behaviors, this paper firstly analyzes and obtains the average delay for all peers in the whole transmitting process due to the limitation of network throughput, and then proposes a mathematical model for the propagation of passive worms over the unstructured P2P networks. The model mainly takes the effect of the network throughput into account, and applies a new healthy files dissemination-based defense strategy according to the file popularity which follows the Zipf distribution. The simulation results show that the propagation of passive worms is mainly governed by the number of hops, initially infected files and uninfected files. The larger the number of hops, the more rapidly the passive worms propagate. If the number of the initially infected files is increased by the attackers, the propagation speed of passive worms increases obviously. A larger size of the uninfected file results in a better attack performance. However, the number of files generated by passive worms is not an important factor governing the propagation of passive worms. The effectiveness of healthy files dissemination strategy is verified. This model can provide a guideline in the control of unstructured P2P networks as well as passive worm defense.展开更多
Active worms can cause widespread damages at so high a speed that effectively precludes human-directed reaction, and patches for the worms are always available after the damages have been caused, which has elevated th...Active worms can cause widespread damages at so high a speed that effectively precludes human-directed reaction, and patches for the worms are always available after the damages have been caused, which has elevated them self to a first-class security threat to Metropolitan Area Networks (MAN). Multi-agent system for Worm Detection and Containment in MAN (MWDCM) is presented to provide a first-class automatic reaction mechanism that automatically applies containment strategies to block the propagation of the worms and to protect MAN against worm scan that wastes a lot of network bandwidth and crashes the routers. Its user agent is used to detect the known worms. Worm detection agent and worm detection correlation agent use two-stage based decision method to detect unknown worms. They adaptively study the accessing in the whole network and dynamically change the working parameters to detect the unknown worms. MWDCM confines worm infection within a macro-cell or a micro-cell of the metropolitan area networks, the rest of the accesses and hosts continue functioning without disruption. MWDCM integrates Worm Detection System (WDS) and network management system. Reaction measures can be taken by using Simple Network Management Protocol (SNMP) interface to control broadband access server as soon as the WDS detect the active worm. MWDCM is very effective in blocking random scanning worms. Simulation results indicate that high worm infection rate of epidemics can be avoided to a degree by MWDCM blocking the propagation of the worms.展开更多
Greedy propagation policy for unstructured P2P worms employs the neighboring node list of each node in peer-to-peer (P2P) network to speed up the propagation of P2P worms. After describing the technique background o...Greedy propagation policy for unstructured P2P worms employs the neighboring node list of each node in peer-to-peer (P2P) network to speed up the propagation of P2P worms. After describing the technique background of P2P worms, the algorithm of greedy propagation is addressed. Simulating design for this novel propagation policy is also described. Then, the effects of the greedy propagation policy on spreading speed, convergence speed, and attacking traffic in static P2P worms are simulated and discussed. The primary experimental results show that the greedy propagation is harmful and can bring severe damages to P2P network.展开更多
In this paper, information theory and data mining techniques to extract knowledge of network traffic behavior for packet-level and flow-level are proposed, which can be applied for traffic profiling in intrusion detec...In this paper, information theory and data mining techniques to extract knowledge of network traffic behavior for packet-level and flow-level are proposed, which can be applied for traffic profiling in intrusion detection systems. The empirical analysis of our profiles through the rate of remaining features at the packet-level, as well as the three-dimensional spaces of entropy at the flow-level, provide a fast detection of intrusions caused by port scanning and worm attacks.展开更多
The gradual hybrid anti-worm (GHAW) was presented. It changed its confrontation scheme in real time according to the percentage of vulnerable hosts present in the network. For GHAW, its process of countering malicious...The gradual hybrid anti-worm (GHAW) was presented. It changed its confrontation scheme in real time according to the percentage of vulnerable hosts present in the network. For GHAW, its process of countering malicious internet worms was modeled. The performance of GHAW on two factors was also estimated: confronting validity against worms and consumption of network resources. Factors governing its performance, specifically the transformation threshold and the transformation rate, were analyzed. The simulation experiments show that GHAW has dynamical adaptability to changes of network conditions and offers the same level of effectiveness on confronting internet worms as the divide-and-rule hybrid anti-worm, with significantly less cost to network resources. The experiments also indicate that the transformation threshold is the key factor affecting the performance of GHAW.展开更多
Internet worm is harmful to network security,and it has become a research hotspot in recent years.A thorough survey on the propagation models and defense techniques of Internet worm is made in this paper.We first give...Internet worm is harmful to network security,and it has become a research hotspot in recent years.A thorough survey on the propagation models and defense techniques of Internet worm is made in this paper.We first give its strict definition and discuss the working mechanism.We then analyze and compare some repre-sentative worm propagation models proposed in recent years,such as K-M model,two-factor model,worm-anti-worm model(WAW),firewall-based model,quarantine-based model and hybrid benign worm-based model,etc.Some typical defense techniques such as virtual honeypot,active worm prevention and agent-oriented worm defense,etc.,are also discussed.The future direction of the worm defense system is pointed out.展开更多
The traditional network simulator has function and performance limitation when simulating Internet worms,so we designed the grid-based Internet worm behavior simulator (IWBS Grid).IWBS Grid makes use of the real Inter...The traditional network simulator has function and performance limitation when simulating Internet worms,so we designed the grid-based Internet worm behavior simulator (IWBS Grid).IWBS Grid makes use of the real Internet topology,link and routing information,and simulates the worm behavior at the packet event-driven level;and proposes a high-performance Internet worms behavior simulation platform by right of the grid computing capability,resource and task management,and so on.The experimental results show that IWBS grid surpasses the traditional simulator in simulating capability,and the technology to track the worm propagation in packet level can propose the valuable information for the further study on worms.展开更多
利用云计算中的核心技术MapReduce,提出了一种在线社交网络(online social network,简称OSN)蠕虫的仿真方法.为了提高仿真精度,首先提出利用节点属性可调节的OSN有向图来描述蠕虫传播的各个过程.其次,利用运行在云环境中的多个Map函数和...利用云计算中的核心技术MapReduce,提出了一种在线社交网络(online social network,简称OSN)蠕虫的仿真方法.为了提高仿真精度,首先提出利用节点属性可调节的OSN有向图来描述蠕虫传播的各个过程.其次,利用运行在云环境中的多个Map函数和Reduce函数来实现对OSN蠕虫传播各个过程的仿真.在真实的大规模数据集上的仿真实验结果表明,提出的仿真方法不仅具有较强的可扩展性,同时也为相关领域的研究提供了一定的帮助.展开更多
基金supported by Fundamental Research Funds of the Central Universities under Grant no. N120317001 and N100704001Program for New Century Excellent Talents in University (NCET13-0113)+1 种基金Natural Science Foundation of Liaoning Province of China under Grant no. 201202059Program for Liaoning Excellent Talents in University under LR2013011
文摘Along with the rapid development of social networks, social network worms have constituted one of the major internet security problems. The root of worm is the inevitable software vulnerability during the design and implementation process of software. So it is hard to completely avoid worms in the existing software engineering systems. Due to lots of bandwidth consumption, the patch cannot be transmitted simultaneously by the network administrator to all hosts. This paper studies how to prevent the propagation of social network worms through the immunization of key nodes. Unlike existing containment models for worm propagation, a novel immunization strategy is proposed based on network vertex influence. The strategy selects the critical vertices in the whole network. Then the immunization is applied on the selected vertices to achieve the maximal effect of worm containment with minimal cost. Different algorithms are implemented to select vertices. Simulation experiments are presented to analyze and evaluate the performance of different algorithms.
基金National Natural Science Foundation of China (No.60633020 and No. 90204012)Natural Science Foundation of Hebei Province (No. F2006000177)
文摘Passive worms can passively propagate through embedding themselves into some sharing files, which can result in significant damage to unstructured P2P networks. To study the passive worm behaviors, this paper firstly analyzes and obtains the average delay for all peers in the whole transmitting process due to the limitation of network throughput, and then proposes a mathematical model for the propagation of passive worms over the unstructured P2P networks. The model mainly takes the effect of the network throughput into account, and applies a new healthy files dissemination-based defense strategy according to the file popularity which follows the Zipf distribution. The simulation results show that the propagation of passive worms is mainly governed by the number of hops, initially infected files and uninfected files. The larger the number of hops, the more rapidly the passive worms propagate. If the number of the initially infected files is increased by the attackers, the propagation speed of passive worms increases obviously. A larger size of the uninfected file results in a better attack performance. However, the number of files generated by passive worms is not an important factor governing the propagation of passive worms. The effectiveness of healthy files dissemination strategy is verified. This model can provide a guideline in the control of unstructured P2P networks as well as passive worm defense.
基金Partially supported by the Teaching and Research Award for Outstanding Young Teachers in High Education Institutions of MOE, China (No.200065).
文摘Active worms can cause widespread damages at so high a speed that effectively precludes human-directed reaction, and patches for the worms are always available after the damages have been caused, which has elevated them self to a first-class security threat to Metropolitan Area Networks (MAN). Multi-agent system for Worm Detection and Containment in MAN (MWDCM) is presented to provide a first-class automatic reaction mechanism that automatically applies containment strategies to block the propagation of the worms and to protect MAN against worm scan that wastes a lot of network bandwidth and crashes the routers. Its user agent is used to detect the known worms. Worm detection agent and worm detection correlation agent use two-stage based decision method to detect unknown worms. They adaptively study the accessing in the whole network and dynamically change the working parameters to detect the unknown worms. MWDCM confines worm infection within a macro-cell or a micro-cell of the metropolitan area networks, the rest of the accesses and hosts continue functioning without disruption. MWDCM integrates Worm Detection System (WDS) and network management system. Reaction measures can be taken by using Simple Network Management Protocol (SNMP) interface to control broadband access server as soon as the WDS detect the active worm. MWDCM is very effective in blocking random scanning worms. Simulation results indicate that high worm infection rate of epidemics can be avoided to a degree by MWDCM blocking the propagation of the worms.
基金supported by the National Natural Science Foundation of China under Grant No. 60873075
文摘Greedy propagation policy for unstructured P2P worms employs the neighboring node list of each node in peer-to-peer (P2P) network to speed up the propagation of P2P worms. After describing the technique background of P2P worms, the algorithm of greedy propagation is addressed. Simulating design for this novel propagation policy is also described. Then, the effects of the greedy propagation policy on spreading speed, convergence speed, and attacking traffic in static P2P worms are simulated and discussed. The primary experimental results show that the greedy propagation is harmful and can bring severe damages to P2P network.
文摘In this paper, information theory and data mining techniques to extract knowledge of network traffic behavior for packet-level and flow-level are proposed, which can be applied for traffic profiling in intrusion detection systems. The empirical analysis of our profiles through the rate of remaining features at the packet-level, as well as the three-dimensional spaces of entropy at the flow-level, provide a fast detection of intrusions caused by port scanning and worm attacks.
基金Project(61070194) supported by the National Natural Science Foundation of ChinaProject([2009]1886) supported by the Information Security Industrialization Fund from NDRC of China in 2009+1 种基金Project(CJ[2010]341) supported by the Major Achievements Transfer Projects of MOF and MIIT of China in 2010Project(2011FJ2003) supported by the Natural Science Foundation of Hunan Province, China
文摘The gradual hybrid anti-worm (GHAW) was presented. It changed its confrontation scheme in real time according to the percentage of vulnerable hosts present in the network. For GHAW, its process of countering malicious internet worms was modeled. The performance of GHAW on two factors was also estimated: confronting validity against worms and consumption of network resources. Factors governing its performance, specifically the transformation threshold and the transformation rate, were analyzed. The simulation experiments show that GHAW has dynamical adaptability to changes of network conditions and offers the same level of effectiveness on confronting internet worms as the divide-and-rule hybrid anti-worm, with significantly less cost to network resources. The experiments also indicate that the transformation threshold is the key factor affecting the performance of GHAW.
基金supported by the Research Fund for the National Committee of China under Grant No. 05XN09
文摘Internet worm is harmful to network security,and it has become a research hotspot in recent years.A thorough survey on the propagation models and defense techniques of Internet worm is made in this paper.We first give its strict definition and discuss the working mechanism.We then analyze and compare some repre-sentative worm propagation models proposed in recent years,such as K-M model,two-factor model,worm-anti-worm model(WAW),firewall-based model,quarantine-based model and hybrid benign worm-based model,etc.Some typical defense techniques such as virtual honeypot,active worm prevention and agent-oriented worm defense,etc.,are also discussed.The future direction of the worm defense system is pointed out.
基金Sponsored by the National High Technology Research and Development Program of China (Grant No. 2007AA010503)the Science and Technology Development Program of Weihai (Grant No. 2007-96)the Science Foundation of HIT at Weihai (Grant No. HITWH 200702)
文摘The traditional network simulator has function and performance limitation when simulating Internet worms,so we designed the grid-based Internet worm behavior simulator (IWBS Grid).IWBS Grid makes use of the real Internet topology,link and routing information,and simulates the worm behavior at the packet event-driven level;and proposes a high-performance Internet worms behavior simulation platform by right of the grid computing capability,resource and task management,and so on.The experimental results show that IWBS grid surpasses the traditional simulator in simulating capability,and the technology to track the worm propagation in packet level can propose the valuable information for the further study on worms.
文摘利用云计算中的核心技术MapReduce,提出了一种在线社交网络(online social network,简称OSN)蠕虫的仿真方法.为了提高仿真精度,首先提出利用节点属性可调节的OSN有向图来描述蠕虫传播的各个过程.其次,利用运行在云环境中的多个Map函数和Reduce函数来实现对OSN蠕虫传播各个过程的仿真.在真实的大规模数据集上的仿真实验结果表明,提出的仿真方法不仅具有较强的可扩展性,同时也为相关领域的研究提供了一定的帮助.