【作者】 熊婧夷；

【导师】 徐小龙；

【作者基本信息】 南京邮电大学 ， 计算机软件与理论， 2012， 硕士

【摘要】 随着现代高科技的发展,计算机网络早已成为个人生活、企业服务、商业活动以及科学研究必不可少的部分。于是同时,网络安全在网络应用的重要性也日益明显,而其中在网络中大规模传播的恶意代码是危害网络安全的重要元凶之一。又由于恶意代码编写技术本身也在不断改进,要彻底解决这一问题很难一蹴而就。只有不断地改进并提高现有的反恶意代码技术,才能压制其对计算机网络带来的破坏性。本文针对大规模恶意代码的防御展开了多方面的研究并提出了相应改进,主要包括:1.分析了多种现有的恶意代码传播模型,在此研究基础上,提出了两种分别适用于主动传播恶意代码和被动传播恶意代码研究的传播模型,同时通过对它们与实际情况之间的拟合度进行仿真实验,证实了其确实能够更好地贴合实际情况。2.依照恶意代码行为特征,从病毒库采集了实验数据,使用改进自人工神经网络Kohonen的A_Kohonen网络对恶意代码进行了分类,便于反恶意代码专家对恶意代码进行分门别类的研究处理,使恶意代码研究更适用于流程化处理。3.基于H-DHT技术,构建了一种适合大规模网络的恶意代码疫苗分发方法,在保证疫苗安全性的前提下,加快疫苗分发速度并减轻服务器端的负担。文中将收集的数据与传统的集中式疫苗分发方式进行了比较,验证了该方法在分发速度上和安全管理方面确实是符合要求的。4.在理论性研究的基础上,本文作者及项目组全体成员使用Java编程语言编写了一个恶意代码主动免疫联防系统,相比于现有的反恶意代码软件,该系统主要强调节点之间的交互性,使节点可以通过多渠道获取反恶意代码信息和恶意代码免疫疫苗,为提高整体网络对大规模传播的恶意代码反应速度提供一定参考。本文提出的相关理论模型建立后对反恶意代码技术的性能改进都在各章节的仿真环节中进行了描述与论证。更多还原

【Abstract】 With the development of modern technology, computer network has become the essential part of the personal life, business services, business activities and scientific researches. At the same time, network security is increasing its importance in network application area day by day. Especially in the large-scale network, malicious code is the major risk of network security. Malicious codes are also being developed continuously. Thus there is a long way to go to solve this problem completely. Anyway improving existing anti-malware technologies is a feasible method of minimizing the devastating loss of malicious codes.This study mainly proposes three innovations, including:1. Analyze a variety of existing malicious code propagation models and raise two malicious code propagation models, one is for the passive mode transmission malicious codes, the other is for the active transmission mode. Both models are more appropriate to the actual situation that is confirmed by simulations.2. Classify malicious code with an improved Kohonen neural network A_Kohonen according to behavioral characteristics of malicious codes. Facilitate the anti-malicious code experts, and make the job of categorizing malicious codes more applicable.3. Construct a malicious code vaccine distribution method based on H-DHT for large-scale network which not only ensure the safety of vaccines, but also speed up the distribution of vaccines and reduce the burden on the server side. The performances of the new method and the traditional centralized vaccine distribution method are compared to prove its advantages.An active immune defense system based on the theory mentioned above was built in JAVA. The system emphasizes the interaction between nodes more than the existing anti-malware software. So that nodes can access information and vaccines of malicious codes through multiple channels.The performances of the proposed model are proved by the description and demonstration at simulation part of each main chapter.更多还原