| ¡¡ | Chinese Journal of Computers Full Text |
| Title | A Simulation Analysis of Worm Defense Strategies Based on Topology Structure |
| Authors | WANG Yue-Wu JING Ji-Wu XIANG Ji LIU Qi |
| Address | (State Key Laboratory of Information Security, Graduate University of Chinese Academy of Sciences, Beijing 100049) |
| Year | 2007 |
| Issue | No.10(1777¡ª1786) |
| Abstract & Background | Abstract Topology aware worms have been an important security threat on the Internet. They can spread across the Internet quickly, through topology structure information. If the topology structure were destroyed by defense strategies, the worm propagation can be held back effectively. Thus, in order to design effective topology aware worm defense strategies, it is necessary to analyze the relationship between worm defense strategies and topology structure. This paper provides a systemic analysis of worm defense strategies based on topology structure through packet level worm simulation. First the major topology structures used by topology aware worms and their generation algorithms are analyzed. Then, three defense strategy models are drawn from mainstream worm defense strategies. Finally, these defense strategies in different topology structure are analyzed with simulation experiments, and some interesting conclusions are drawn from these experiment results. These conclusions can provide valuable guidelines for real defense system implementation. keywords simulation; topology aware worm; topology structure; worm defense strategies background This paper is supported by the National Natural Science Foundation of China project under grant No.60573015. The main goal of this project is to develop a large-scale Internet worm propagation simulation platform used to the research of Internet worm propagation characters and defense strategies. Topology aware worms as one kind of the mainstream Internet worms must be given most attentions in this simulation platform. The work of this paper mainly studies the relationship between topology aware worm defense strategies and topology structure with simulation method. It not only is one of the most important parts of the project, but also provides a lot of common methods for the simulation of strategies used in other kind of worms. Topology aware worm propagation depend on the topology structure. In order to hold back the worm propagation in topology structure effectively, it is of great importance to understand the impact of topology structure on the worm defense strategies. However, because of the complexity of the topology structure and the randomness of worm behavior, it is hard to do this work well with existent worm analysis methods. Thus, this paper proposes a packet level simulation method to analyze systemically the worm defense strategies based on topology structure. Topology aware worm simulation system design and implementation have been described clearly in the authors¡¯ another paper. The main contents of this paper include: (1) analysis of the major topology structure model and their simulation generation algorithms; (2) the simulation model construction of defense strategies; (3) a systemic analysis of worm defense strategies in different topology structure with simulation experiments, and some conclusions are drawn from the analysis. These conclusions can provide valuable guidelines for real worm defense system design. |