【作者】 张楠；

【导师】 姚羽；

【作者基本信息】 东北大学 ， 计算机应用技术， 2012， 硕士

【摘要】 随着计算机技术的飞速发展,操作系统和软件越来越复杂,给蠕虫的传播制造了可乘之机。其中利用零日漏洞进行传播的蠕虫给网络带来了巨大的破坏,对用户造成了巨大的损失。由于缺乏安全补丁等有效的防御措施应对利用零日漏洞的蠕虫,蠕虫爆发时用户的清除操作往往难以奏效,这给蠕虫的再次爆发留下了隐患。本文在传染病学和非线性动力学的研究成果基础上,对清杀操作所导致的时延对蠕虫传播中复杂动力学影响进行分析和建模,提出了具有免疫时延的SIDV蠕虫传播模型,然后对SIDV模型进行了理论分析和数值模拟。之后提出了两种抑制策略,并进行了理论分析、数值模拟和仿真实验,探讨了其对蠕虫抑制的有效性。本文首先介绍了漏洞攻击和网络蠕虫的基本原理,然后在研究了一些经典的蠕虫传播模型的基础之上,结合免疫时延建立了SIDV蠕虫时延传播模型,并且对SIDV模型进行了稳定性分析和Hopf分叉分析。理论推导和数值模拟实验表明了SIDV模型存在一个时延临界值T0,当时延小于它时,系统是稳定而易于控制的；而当时延大于等于它时,系统存在Hopf分叉。接着提出了持续隔离策略对蠕虫进行抑制,建立了基于持续隔离的SIDQV蠕虫时延传播模型,通过理论分析和数值模拟实验,发现并没有消除分叉现象,但对蠕虫每次爆发的规模有了一定的抑制作用。最后提出了使用脉冲隔离策略对蠕虫进行抑制,建立了基于脉冲隔离的SIDQV蠕虫时延传播模型,通过数值模拟实验验证了其对抑制零日漏洞蠕虫传播的有效性。利用脉冲隔离策略可以使得系统进入稳定状态,蠕虫的传播趋势可被预测,网络蠕虫最终能够被消灭。仿真结果验证了理论分析与数值模拟实验的正确性。更多还原

【Abstract】 With the rapid development of computer technology, operating systems and softwares become more and more complex, and their vulnerabilities leave an opportunity for worms to spread. Among them, the spread of worms that exploit0-day vulnerabilities bring great damage to the network and cause huge loss to the users. Due to the lack of effective defensive strategy such as safety patch, the measures users utilize to deal with worms could hardly work well. Thus, it leaves risks that the worm may break out again.In this paper, on the basis of epidemiology and nonlinear dynamics, we model the complex phenomenon of worm propagation, which results from the time delay caused by removing worms. We establish an SIDV worm propagation model with time delay, analyze its stability and conduct numerical experiments. After that, we put forward two containment strategies to control the spread of worms. We discuss their effectiveness by theoretical analysis, numerical experiments and simulation experiments.Initially, we introduce basic principles of vulnerability exploitation and network worm. After researching some classical worm propagation models, we establish an SIDV worm propagation model with time delay caused by vaccination and analyze its stability and Hopf bifurcation. Theoretical analysis and numerical experiments show that there is a threshold To in SIDV model. When time delay is less than the threshold τ0, the system is stable and easy to control; when time delay is larger than the threshold, a Hopf bifurcation appears. We then put forward constant quarantine strategy to control the spread of worm and establish the SIDQV worm propagation model with constant quarantine strategy. Through theoretical analysis and numerical experiments, we find that it does not eliminate bifurcation phenomenon but has some containment impact on the spread of worms. At last, we propose pulse quarantine strategy and establish SIDQV worm propagation model with pulse quarantine strategy. We prove its effectiveness on the spread of worm propagation, which means that SIDQV worm propagation model with pulse quarantine strategy could make system stable, the trends of worm propagation could be predicted and worms could be eliminated. We verify the correctness of thereotical analysis and numerical experiments by simulation experiments.更多还原