ZE:Virtual Environment of Large Scale Worm Tracing
Network worms have been a serious security threat on the Interact.Tracing worm propagation path can identify the overall structure of a worm attacks propagation.To detect and defense large scale Internet worms,setting up a convenient and safe experimental environment that capable of running and observing real world worm become an important work,it can be a large scale worm test bed for forensic evidence.We provide a systemic analysis of large-scale worm propagation tracing experiment strategy which is based on virtual machine technology by setting up an experimental environment called zooecium (ZE).First,the framework of ZE is addressed.Then,the design and control of ZE is given.Finally,ZE is analyzed with experiments.Experimental results show that ZE can trigger large-scale worm outbreaks within the controllable scope of human,observe propagation process of the worm,experiment detection and defense techniques,discover worm propagation characteristic such as scanning method and propagation process,real-timecollect network traffic and propagation process,investigate network traffic,dynamically throw out the result,launch speculate algorithm for reconstructing out propagation path of the worm.Then actual worm propagation process can be captured and compared with the results using tracing algorithm.
Worm Environment Tracing
Wei Shi Qiang Li Jian Kang
College of Computer Science and Technology,JiLin University,Changchun,JiLin 130012,China
国际会议
大连
英文
1193-1198
2008-07-27(万方平台首次上网日期,不代表论文的发表时间)