网络蠕虫研究与进展

微信服务号

微信订阅号

2025年8月11日 16:50 星期一

首页 > 过刊浏览>2004年第15卷第8期 >1208-1219

网络蠕虫研究与进展
DOI:
                        
                    
CSTR:
                        
                    
作者:
                        文伟平文伟平
中国科学院,软件研究所,北京,100080;中国科学院,信息安全技术工程研究中心,北京,100080;中国科学院,研究生院,北京,100039
在期刊界中查找
在百度中查找
在本站中查找
卿斯汉卿斯汉
中国科学院,软件研究所,北京,100080;中国科学院,信息安全技术工程研究中心,北京,100080;中国科学院,研究生院,北京,100039
在期刊界中查找
在百度中查找
在本站中查找
蒋建春蒋建春
中国科学院,软件研究所,北京,100080;中国科学院,信息安全技术工程研究中心,北京,100080;中国科学院,研究生院,北京,100039
在期刊界中查找
在百度中查找
在本站中查找
王业君王业君
中国科学院,软件研究所,北京,100080;中国科学院,信息安全技术工程研究中心,北京,100080;中国科学院,研究生院,北京,100039
在期刊界中查找
在百度中查找
在本站中查找

                    
作者单位:
作者简介:
通讯作者:
中图分类号:
基金项目:Supported by the National Natural Science Foundation of China under Grant No.60083007 (国家自然科学基金); the National Grand Fundamental Research 973 Program of China under Grant No.G1999035810 (国家重点基础研究发展规划(973))

Research and Development of Internet Worms

Author:

WEN Wei-Ping
WEN Wei-Ping

在期刊界中查找
在百度中查找
在本站中查找
QING Si-Han
QING Si-Han

在期刊界中查找
在百度中查找
在本站中查找
JIANG Jian-Chun
JIANG Jian-Chun

在期刊界中查找
在百度中查找
在本站中查找
WANG Ye-Jun
WANG Ye-Jun

在期刊界中查找
在百度中查找
在本站中查找

Affiliation:

Fund Project:

摘要

图/表

访问统计

参考文献 [58]

相似文献 [20]

引证文献

资源附件

文章评论

摘要:

随着网络系统应用及复杂性的增加,网络蠕虫成为网络系统安全的重要威胁.在网络环境下,多样化的传播途径和复杂的应用环境使网络蠕虫的发生频率增高、潜伏性变强、覆盖面更广,网络蠕虫成为恶意代码研究中的首要课题.首先综合论述网络蠕虫的研究概况,然后剖析网络蠕虫的基本定义、功能结构和工作原理,讨论网络蠕虫的扫描策略和传播模型,归纳总结目前防范网络蠕虫的最新技术.最后给出网络蠕虫研究的若干热点问题与展望.

关键词:网络安全;网络蠕虫;功能结构;扫描策略;传播模型

Abstract:

With the explosive growth of network applications and complexity, the threat of Internet worms against network security becomes increasingly serious. Especially under the environment of Internet, the variety of the propagation ways and the complexity of the application environment result in worm with much higher frequency of outbreak, much deeper latency and more wider coverage, and Internet worms have been a primary issue faced by malicious code researchers. In this paper, the concept and research situation of Internet worms, exploration function component and execution mechanism are first presented, then the scanning strategies and propagation model are discussed, and finally the critical techniques of Internet worm prevention are given. Some major problems and research trends in this area are also addressed.

Key words:network security;Internet worm;function component;scanning strategy;propagation model

参考文献

[1]Spafford EH. The Internet worm program: An analysis. Technical Report, CSD-TR-823, West Lafayette: Department of Computer Science, Purdue University, 1988. 1～29.

[2]EEye Digital Security. Code Red worm. 2001. http://www.eeye.com/html/research/advisories/al20010717.html

[3]CERT. Code Red II: Another worm exploiting buffer overflow in IIS indexing service DLL. 2001. http://www.cert.org/incident_ notes/in-2001-09.html

[4]Weaver N. Potential strategies for high speed active worms. 2002. http://www.cs.berkeley.edu/～nweaver/worms.pdf

[5]Staniford S, Paxson V, Weaver N. How to own the Internet in your spare time. In: Boneh D, ed. Proc. of the 11th Usenix Security Symp. San Francisco, 2002. http://www.icir.org/vern/papers/cdc-usenix-sec02/cdc.pdf

[6]Weaver N. Warhol worms: The potential for very fast Internet plagues. 2002. Http://www.cs.berkeley.edu/~nweaver/warhol.html

[7]Kephart JO, Chess DM, White SR. Computers and epidemiology. IEEE Spectrum, 1993,30(5):20～26.

[8]Kephart JO, White SR. Measuring and modeling computer virus prevalence. In: Proc. of the IEEE Symp. on Security and Privacy. Oakland, 1993. 2～15.

[9]Zou CC, Gong W, Towsley D. Code Red worm propagation modeling and analysis. In: Proc. of the 9th ACM Symp. on Computer and Communication Security. Washington, 2002. 138～147.

[10]Steve W. Open problems in computer virus research. 1998. http://www.research.ibm.com/antivirus/SciPapers/White/Problems/ Problems.html

[11]Arnold B, Chess D, Morar J, Segal A, Swimmer M. An environment for controlled worm replication and analysis. Virus Bulletin, Oxfordshire, 2000. 1～20.

[12]Song D, Malan R, Stone R. A snapshot of global Internet worm activity. Technical Report, Arbor Networks, 2001. http://www.first.org/events/progconf/2002/d5-02-song-slides.pdf

[13]Moore D, Shannon C, Voelker G, Savage S. Internet quarantine: requirements for containing self-propagating code. In: Bauer F, ed. Proc. of the 2003 IEEE Infocom Conf. San Francisco, 2003. http://www-cse.ucsd.edu/users/savage/papers/Infocom03.pdf

[14]Yang S, Relations M. NSF awards $5.46 million to UC Berkeley and USC to build test bed for cyber war games. 2003. http://www.berkeley.edu/news/media/releases/2003/10/15_testbed.shtml

[15]Zheng H. Internet worm research [Ph.D. Thesis]. Tianjin: College of Information Technologies Science, Nankai University, 2003. 12～15 (in Chinese with English abstract).

[16]Zuo XD, Dai YX. Analysis on Lion worm and some discussing about it. Computer Engineering, 2002,28(1):16～17 (in Chinese with English abstract).

[17]Fearnow M, Stearns W. Adore worm. 2001. http://www.sans.org/y2k/adore.htm

[18]Mackie A, Roculan J, Russell R, Velzen MV. Nimda worm analysis. 2001. http://aris.securityfocus.com/alerts/nimda/010919- Analysis-Nimda.pdf

[19]CCERT. CCERT advisory on W32.Nachi.Worm. 2003 (in Chinese). http://www.ccert.edu.cn/announce/show.php?handle=93

[20]Cohen F. Computer viruses: Theory and experiments. Computers and Security, 1987,6(1):22～35.

[21]Kienzle DM, Elder MC . Recent worms: A survey and trends. In: Staniford S, ed. Proc. of the ACM CCS Workshop on Rapid Malcode (WORM 2003). Washington, 2003.

[22]Schechter SE, Smith MD. Access for sale: A new class of worm. In: Proc. of the 2003 ACM Workshop on Rapid Malcode. Washington, 2003. 138～147.

[23]Nazario J, Anderson J, Wash R, Connelly C. The future of Internet worms. Blackhat Briefings, 2001. http://www.crimelabs.net/ docs/worm.html

[24]Computer Emergency Response Team (CERT). CERT advisory CA-2001-26 Nimda worm. 2001. http://www.cert.org/advisories/ CA-2001-26.html

[25]Computer Emergency Response Team (CERT). CERT/CC advisories. 2004. http://www.cert.org/advisories/

[26]Fyodor. The art of port scanning. Phrack Magazine, 1997,7(51):11～17.

[27]Thomas R. Bogon list v2.4. 2002. http://www.cymru.com/Documents/bogon-list.html

[28]F-Secure Secure Information Center. Global Slapper Worm Information Center. 2002. http://www.f-secure.com/slapper/

[29]Moore D, Paxson V, Savage S, Shannon C, Staniford S, Weaver N. Inside the slammer worm. IEEE Magazine of Security and Privacy, 2003,1(4):33～39.

[30]EEye Digital Security. Blaster worm analysis. 2003. http://www.eeye.com/html/Research/Advisories/AL20030811.html

[31]Zou CC, Gong W, Towsley D. On the performance of Internet worm scanning strategies. Technical Report, TR-03-CSE-07, Electrical and Computer Engineering Department, University of Massachusetts, 2003.

[32]Zou CC, Towsley D, Gong W, Cai S. Routing worm: A fast, selective attack worm based on IP address information. Technical Report, TR-03-CSE-06, Electrical and Computer Engineering Department, University of Massachusetts, 2003.

[33]CAIDA. IPv4 BGP geopolitical analysis. 2001. http://www.caida.org/analysis/geopolitical/bgp2country/

[34]Moore D, Shannon C, Claffy K. Code Red: A case study on the spread and victims of an Internet worm. In: Ammar M, ed. Proc. of the Internet Measurement Workshop. Marseille, 2002. 273～284.

[35]Kern M. Codegreen beta release. 2001. http://online.securityfocus.com/archive/82/211462

[36]Vogt T. Simulating and optimizing worm propagation algorithms. 2003. http://web.lemuria.org/security/WormPropagation.pdf

[37]Streftaris G, Gibson GJ. Statistical inference for stochastic epidemic models. In: Proc. of the 17th Int'l Workshop on Statistical Modelling. Chania, 2002. 609～616.

[38]Frauenthal JC. Mathematical Modeling in Epidemiology. New York: Springer-Verlag, 1980.

[39]Wang Y, Wang CX. Modeling the effects of timing parameters on virus propagation. In: Staniford S, ed. Proc. of the ACM CCS Workshop on Rapid Malcode (WORM 2003). Washington, 2003.

[40]Chen Z, Gao L, Kwiat K. Modeling the spread of active worms. In: Proc. of the IEEE INFOCOM 2003. 2003.

[41]Cheung S, Hoagland J, Levitt K, Rowe J, Staniford C, Yip R, Zerkle D. The design of GrIDS: A graph-based intrusion detection system. Technical Report, CSE-99-2, Computer Science Department, U.C. Davis, 1999. http://citeseer.nj.nec.com/ cheung99design.html

[42]Lockwood JW, Moscola J, Kulig M, Reddick D, Brooks T. Internet worm and virus protection in dynamically reconfigurable hardware. In: Proc. of the ACM CCS Workshop on Rapid Malcode (WORM 2003). Washington: Military and Aerospace Programmable Logic Device (MAPLD), 2003.

[43]Lockwood JW, Naufel N, Turner JS, Taylor DE. Reprogrammable network packet processing on the field programmable port extender (FPX). In: Proc. of the ACM Int'l Symp. on Field Programmable Gate Arrays (FPGA). Monterey, 2001. 87～93.

[44]Morrison. Honeypot technology. 2001. http://www.xfocus.net/articles/200103/121.html

[45]George WD, Samuel TK, Sukru C, Murtaza B, Peter MC. ReVirt: Enabling intrusion analysis through virtual-machine logging and replay. In: Proc. of the 2002 Symp. on Operating Systems Design and Implementation. Boston, 2002.

[46]Spitzner L. Honeypots: Tracking Hackers. Boston: Addison-Wesley, 2002. 277～309.

[47]Provos N. A virtual honeypot framework. Technical Report, 03-1. Center of Information Technology Integration, University of Michigan, 2003. http://www.citi.umich.edu/techreports/reports/ citi-tr-03-1.pdf

[48]Oudot L. Fighting worms with honeypots: Honeyd vs Msblast.exe. 2003. http://lists.insecure.org/lists/honeypots/2003/Jul-Sep/ 0071.html

[49]Shoch, John F, Jon AH. The worm programs early experience with a distributed computation. Communications of the ACM, 1982, 25(3):172～180.

[50]CERT/CC. CERT(r) Incident Note IN-2001-05. 2001. http://www.cert.org/incident_notes/IN-2001-05.html

[51]Weaver N, Paxson V, Staniford S, Cunningham R. Large scale malicious code: A research agenda. 2003. 11～16.

[52]Zou CC, Gao L, Gong W, Towsley D. Monitoring and early warning for Internet worms. Technical Report, TR-CSE-03-01, Electrical and Computer Engineering Department, University of Massachusetts, 2003.

[53]Liston T. Welcome to my tarpit?The tactical and strategic use of LaBrea. 2001. http://www.labreatechnologies.com/ LaBrea_Tactics_And_Strategy.pdf.

[54]Balasubramaniyan JS, Garcia-Fernandez JO, Isacoff D, Spafford E, Zamboni D. An architecture for intrusion detection using autonomous agents. Technical Report, 98/05, Purdue University, 1998.

[55]Porras PA, Neumann PG. Emerald: Event monitoring enabling responses to anomalous live disturbances. In: Proc. of the 20th National Information Systems Security Conf. Baltimore: Baltimore Convention Center, 1997. 353～365.

[15]郑辉. Internet蠕虫研究[博士学位论文].天津:南开大学信息技术科学学院,2003.

[16]左晓栋,戴英侠."狮子"蠕虫分析及相关讨论.计算机工程,2002,28(1):16～17.

[19]CCERT.CCERT关于W32.Nachi.Worm蠕虫公告.2003. http://www.ccert.edu.cn/announce/show.php?handle=93

引用本文

文伟平,卿斯汉,蒋建春,王业君.网络蠕虫研究与进展.软件学报,2004,15(8):1208-1219

复制

文章指标

点击次数:16786
下载次数: 18663
HTML阅读次数: 0
引用次数: 0

历史

收稿日期:2004-04-22
最后修改日期:2004-07-06
录用日期:
在线发布日期:
出版日期:

微信服务号

微信订阅号

引用本文

相关视频

分享

文章指标

历史

文章二维码

微信服务号

微信订阅号

引用本文

相关视频

分享

微信扫一扫：分享

文章指标

历史

文章二维码