CN102404715A - Method for resisting worm virus of mobile phone based on friendly worm - Google Patents
Method for resisting worm virus of mobile phone based on friendly worm Download PDFInfo
- Publication number
- CN102404715A CN102404715A CN2011103689012A CN201110368901A CN102404715A CN 102404715 A CN102404715 A CN 102404715A CN 2011103689012 A CN2011103689012 A CN 2011103689012A CN 201110368901 A CN201110368901 A CN 201110368901A CN 102404715 A CN102404715 A CN 102404715A
- Authority
- CN
- China
- Prior art keywords
- mobile phone
- worm
- optimum
- leak
- infection
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Withdrawn
Links
Images
Landscapes
- Mobile Radio Communication Systems (AREA)
Abstract
The invention discloses a method for resisting worm virus of mobile phone based on friendly worm, which comprises two strategies. The first strategy is carried out as follows: all friendly worms utilize positive resisting strategy to restrain the propagation of the worm virus; then the friendly worms actively send detecting bags to find host with bugs and propagate themselves and restore the host with bugs; and the second strategy is carried out as follows: all friendly worms utilize passive resisting strategy to find the host with bugs by monitoring the worm attack and then propagate themselves and restore the host with bugs. The method is featured with high response speed, strong processing capability and high automation. Meanwhile, the method can effectively restrain propagation of worm of mobile phone as well as avoid malicious consumption of wireless mobile network source.
Description
[technical field]
The present invention relates to the communications field, particularly relate to a kind of mobile phone worm countercheck based on optimum worm.It comes active countermeasures mobile phone worm through in network, introducing optimum worm.
[technical background]
Along with the fast development of smart mobile phone, the function of mobile phone is more and more diversified, and mobile phone is the role who is playing the part of an individual PC.Utilize mobile phone, people can carry out stock exchange, mail transmission/reception, QQ chat etc. anywhere or anytime.Yet because mobile radio network itself is an opening, multivariable, complicated system, when mobile phone offered convenience to people, mobile phone viruses had become the key factor that threatens the mobile phone safe handling.
The principle of mobile phone viruses is the same with the principle of computer virus, and different is, mobile phone viruses serves as to propagate platform to infect mobile phone with mobile phone or cell phone network, thereby causes mobile phone or cell phone network unusual.The mobile phone worm-type virus is a kind of as mobile phone viruses, presents intellectuality, automation characteristic, and integrated network attack, cryptography and virus technology are a kind of attacker or codes that does not need the cellie to intervene can to move.The mobile phone worm mainly utilizes the mobile phone leak to propagate, and searches behind the mobile phone that has leak initiatively to attack.Along with the variation of mobile phone application, the mobile phone worm has become one of main threat of mobile phone safety.And virus proof tech and firewall technology etc. are difficult to resist fast-spreading mobile phone worm.
Optimum worm is a kind of novel worm that on the network worm basis, grows up, and it inherits network worm in the intelligent and autonomous characteristics that the aspect such as move, and can repair the system vulnerability on the main frame, and can search and remove the network worm in the infection main frame.Utilizing optimum worm to suppress network worm is a kind of counter measure based on the thought of combatting poison with poison.Optimum worm is propagated in network as network worm, network worm is attacked carried out dynamic security, through obtaining the part or all of control of the leak main frame in the network, comes to repair leak for it.The optimum worm that is used to resist network worm mainly contains two types: initiatively optimum worm and passive optimum worm.Initiatively optimum worm is found the leak main frame through initiatively sending detection packet, implements self then and propagates, and repair the main frame leak.Passive optimum worm is found the leak main frame through monitoring worm attack, implements self then and propagates, and repair the main frame leak.Initiatively optimum worm has rapid, the obvious results advantage of inhibition network worm, yet produces a large amount of network traffics because of constantly surveying the leak main frame, possibly cause network congestion.Relative with it, passive optimum worm can make extra network traffics minimized, but often is difficult to effectively suppress the propagation of network worm.
To how utilizing optimum worm antagonism mobile phone worm, effective solution is not proposed as yet at present.
[summary of the invention]
The objective of the invention is to: exist defective and optimum worm not to be incorporated into mobile phone worm antagonism field to existing optimum worm; A kind of mobile phone worm countercheck based on optimum worm is provided, has avoided purpose when being implemented in effective inhibition mobile phone worm propagation the waste of mobile radio network resource.
The present invention is achieved in that
Based on the mobile phone worm-type virus countercheck of optimum worm, comprise as giving a definition,
Easy infection mobile phone:,, but have the required leak of worm attack also not by optimum invermination not by the mobile phone invermination;
Infect mobile phone:, have the ability that infects the easy infection mobile phone by the mobile phone invermination;
Optimum infection mobile phone: by optimum invermination, it is an easy infection mobile phone patching bugs, also removes the mobile phone worm and repairs its leak for infecting mobile phone;
The immunity mobile phone: such mobile phone does not have the required leak of mobile phone worm attack;
It is characterized in that this method comprises following strategy:
(1) all optimum worms adopt the active countermeasures strategy to suppress the mobile phone worm propagation; Find the leak main frame through initiatively sending detection packet, implement self then and propagate, and repair the main frame leak; In case the easy infection mobile phone is during less than optimum infection mobile phone, the propagation of optimum worm gets into next step;
(2) optimum worm is adopted passive counterplot, finds the leak main frame through monitoring worm attack, implements self then and propagates, and repair the main frame leak, to reduce himself consumption to Internet resources.
Above-mentioned method transforms scanning rule according to optimum worm and carries out; This optimum worm transforms scanning rule: the every scanning of optimum worm finishes 10000 mobile phones; These 10000 mobile phones are added up, added up the number of optimum infection mobile phone and easy infection mobile phone, the statistics numbers of easy infection mobile phone is during greater than the statistics numbers of optimum infection mobile phone; Implementation strategy (1); The statistics numbers of easy infection mobile phone is during less than the statistics numbers of optimum infection mobile phone, and optimum worm stops active scan, beginning implementation strategy (2).
Above-mentioned optimum worm transforms scanning strategy and comprises following process:
A, start register, record from the current time to the counter, start optimum worm scan constantly to the mobile phone number;
B, judge from the current time to the counter, start optimum worm scan constantly to the mobile phone number whether less than 10000.If less than, optimum worm still adopts active scan to find target mobile phones.If greater than, optimum worm stops active scan;
C, optimum worm are added up scanning 10000 mobile phones, judge whether easy infection main frame wherein is less than optimum infection main frame.If less than, optimum worm will find that the method for target mobile phones becomes passive monitoring by active scan.If be not less than, then restart counter.
Above-mentioned method comprises the steps:
A. optimum worm is to clocking the life cycle of oneself;
B. optimum worm is judged existence, and whether it surpasses predetermined life cycle.If surpass, optimum worm site clearing, the oneself destroys; If do not have, optimum worm continues antagonism mobile phone worm;
C. optimum worm takes certain means that the mobile phone in the cordless communication network is surveyed;
D. optimum worm judges whether the mobile phone that detects is target mobile phones; Be that optimum worm judges whether the mobile phone that detects is infect mobile phone and easy infection mobile phone a kind of; If do not detect, optimum worm is surveyed control to the mobile phone in the cordless communication network again;
E. optimum worm obtains all or part of inside that penetrates into the leak mobile phone of target mobile phones;
F. optimum worm judges whether target mobile phones is the easy infection mobile phone.If target mobile phones is not to infect mobile phone; Optimum worm is downloaded mobile phone worm cleanout tool and removes the mobile phone worm; Download mobile phone leak fix tool then and repair the mobile phone leak, if target mobile phones is the easy infection mobile phone, optimum worm is directly downloaded mobile phone leak fix tool and repairs the mobile phone leak;
G. optimum worm is downloaded mobile phone worm cleanout tool from official's server, after download finishes, cleanout tool is installed, and removes the mobile phone worm in the mobile phone then, unloads mobile phone worm cleanout tool at last;
H. optimum worm is downloaded leak from official's server and repairs patch, after download finishes, installs and repairs patch.
Beneficial effect of the present invention is: propose a kind of mobile phone worm countercheck based on optimum worm, this method has that response speed is fast, disposal ability is strong and the automaticity advantages of higher.Simultaneously, this method is effectively suppressing to avoid the malice consumption to the mobile radio network resource in the mobile phone worm propagation.
[description of drawings]
Fig. 1 has showed 4 types of mobile phone conversions in optimum worm antagonism mobile phone worm process;
Fig. 2 has showed the workflow of optimum worm;
Fig. 3 has showed that optimum worm transforms the flow process of scanning strategy.
[embodiment]
Below in conjunction with accompanying drawing and practical implementation case the present invention is done further detailed description, but not as the qualification to technical scheme of the present invention.
Optimum worm has characteristics such as intelligent and automation, can carry out dynamic security to the mobile phone worm attack.Yet there is defective in existing optimum worm, and for how utilizing optimum worm effectively to resist the mobile phone worm, solution is not arranged as yet.The present invention provides a kind of mobile phone worm countercheck based on optimum worm.This method comprises: optimum worm divides two stages to suppress the propagation of mobile phone worm.In the phase I, all optimum worms adopt the active countermeasures strategy to suppress the mobile phone worm propagation, active probe leak mobile phone, and repair its leak; In case the easy infection mobile phone is during less than optimum infection mobile phone, the propagation of optimum worm gets into second stage, and optimum worm is adopted passive counterplot, to reduce himself consumption to Internet resources.
Fig. 1 has showed 4 types of mobile phone conversions in optimum worm antagonism mobile phone worm process.
As shown in Figure 1, the easy infection mobile phone transforms under the effect of mobile phone worm and infects mobile phone.Under the effect of optimum worm, infect mobile phone and easy infection mobile phone and be converted into optimum infection mobile phone.Under artificial counter measure, fraction infects mobile phone and the easy infection mobile phone is converted into immune mobile phone.
Fig. 2 has provided the workflow of optimum worm.
In process 210, optimum worm is to clocking the life cycle of oneself.
In process 220, optimum worm is judged existence, and whether it surpasses predetermined life cycle.If surpass, optimum worm implementation 290, the site clearing, the oneself destroys.If do not have, optimum worm implementation 230 continues antagonism mobile phone worm.
In process 230, optimum worm takes certain means that the mobile phone in the cordless communication network is surveyed.
In process 240, optimum worm judges whether the mobile phone that detects is target mobile phones, and promptly optimum worm judges whether the mobile phone that detects is infect mobile phone and easy infection mobile phone a kind of.If detect target mobile phones, optimum worm implementation 250.If do not detect, optimum worm is surveyed control to the mobile phone in the cordless communication network again.
In process 250, optimum worm obtains all or part of inside that penetrates into the leak mobile phone of target mobile phones.
In process 260, optimum worm judges whether target mobile phones is the easy infection mobile phone.If target mobile phones is not to infect mobile phone, the first implementation 270 of optimum worm, implementation 280 then.If target mobile phones is the easy infection mobile phone, optimum worm skips process 270, directly implementation 280.
In process 270, optimum worm is downloaded mobile phone worm cleanout tool from official's server.After download finishes, cleanout tool is installed, is removed the mobile phone worm in the mobile phone then, unload mobile phone worm cleanout tool at last.
In process 280, optimum worm is downloaded leak from official's server and repairs patch.After download finishes, install and repair patch.
Fig. 3 has provided the scheme that optimum worm transforms scanning strategy.
310: start register, record from the current time to the counter, start optimum worm scan constantly to the mobile phone number.
320: judge from the current time to the counter, start optimum worm scan constantly to the mobile phone number whether less than 10000.If less than, optimum worm implementation 340, optimum worm still adopts active scan to find target mobile phones.If greater than, optimum worm implementation 330.
330: optimum worm is added up scanning 10000 mobile phones, judges whether easy infection main frame wherein is less than optimum infection main frame.If less than, optimum worm implementation 350, optimum worm will find that the method for target mobile phones becomes passive monitoring by active scan.If be not less than, optimum worm implementation 310 restarts counter.
What need special instruction is: be a kind of execution mode that combines particular content to provide as stated, can not assert that practical implementation of the present invention is confined to these explanations.All and structure of the present invention, device etc. are approximate, identical, or conceive for the present invention and to make some technological deduction or replace under the prerequisite, all should be regarded as protection scope of the present invention.
Claims (4)
1. based on the mobile phone worm-type virus countercheck of optimum worm, comprise as giving a definition,
Easy infection mobile phone:,, but have the required leak of worm attack also not by optimum invermination not by the mobile phone invermination;
Infect mobile phone:, have the ability that infects the easy infection mobile phone by the mobile phone invermination;
Optimum infection mobile phone: by optimum invermination, it is an easy infection mobile phone patching bugs, also removes the mobile phone worm and repairs its leak for infecting mobile phone;
The immunity mobile phone: such mobile phone does not have the required leak of mobile phone worm attack;
It is characterized in that this method comprises following strategy:
(1) all optimum worms adopt the active countermeasures strategy to suppress the mobile phone worm propagation; Find the leak main frame through initiatively sending detection packet, implement self then and propagate, and repair the main frame leak; In case the easy infection mobile phone is during less than optimum infection mobile phone, the propagation of optimum worm gets into next step;
(2) optimum worm is adopted passive counterplot, finds the leak main frame through monitoring worm attack, implements self then and propagates, and repair the main frame leak, to reduce himself consumption to Internet resources.
2. the mobile phone worm-type virus countercheck based on optimum worm according to claim 1; It is characterized in that: described method transforms scanning rule according to optimum worm and carries out, and this optimum worm transforms scanning rule and is: the every scanning of optimum worm finishes 10000 mobile phones, and these 10000 mobile phones are added up; Add up the number of optimum infection mobile phone and easy infection mobile phone; The statistics numbers of easy infection mobile phone is during greater than the statistics numbers of optimum infection mobile phone, and implementation strategy (1), the statistics numbers of easy infection mobile phone are during less than the statistics numbers of optimum infection mobile phone; Optimum worm stops active scan, beginning implementation strategy (2).
3. the mobile phone worm-type virus countercheck based on optimum worm according to claim 2 is characterized in that: described optimum worm transforms scanning strategy and comprises following process:
A, start register, record from the current time to the counter, start optimum worm scan constantly to the mobile phone number;
B, judge from the current time to the counter, start optimum worm scan constantly to the mobile phone number whether less than 10000.If less than, optimum worm still adopts active scan to find target mobile phones.If greater than, optimum worm stops active scan;
C, optimum worm are added up scanning 10000 mobile phones, judge whether easy infection main frame wherein is less than optimum infection main frame.If less than, optimum worm will find that the method for target mobile phones becomes passive monitoring by active scan.If be not less than, then restart counter.
4. according to each described mobile phone worm-type virus countercheck based on optimum worm of claim 1-3, it is characterized in that: described method comprises the steps:
A. optimum worm is to clocking the life cycle of oneself;
B. optimum worm is judged existence, and whether it surpasses predetermined life cycle.If surpass, optimum worm site clearing, the oneself destroys; If do not have, optimum worm continues antagonism mobile phone worm;
C. optimum worm takes certain means that the mobile phone in the cordless communication network is surveyed;
D. optimum worm judges whether the mobile phone that detects is target mobile phones; Be that optimum worm judges whether the mobile phone that detects is infect mobile phone and easy infection mobile phone a kind of; If do not detect, optimum worm is surveyed control to the mobile phone in the cordless communication network again;
E. optimum worm obtains all or part of inside that penetrates into the leak mobile phone of target mobile phones;
F. optimum worm judges whether target mobile phones is the easy infection mobile phone.If target mobile phones is not to infect mobile phone; Optimum worm is downloaded mobile phone worm cleanout tool and removes the mobile phone worm; Download mobile phone leak fix tool then and repair the mobile phone leak, if target mobile phones is the easy infection mobile phone, optimum worm is directly downloaded mobile phone leak fix tool and repairs the mobile phone leak;
G. optimum worm is downloaded mobile phone worm cleanout tool from official's server, after download finishes, cleanout tool is installed, and removes the mobile phone worm in the mobile phone then, unloads mobile phone worm cleanout tool at last;
H. optimum worm is downloaded leak from official's server and repairs patch, after download finishes, installs and repairs patch.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN2011103689012A CN102404715A (en) | 2011-11-18 | 2011-11-18 | Method for resisting worm virus of mobile phone based on friendly worm |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN2011103689012A CN102404715A (en) | 2011-11-18 | 2011-11-18 | Method for resisting worm virus of mobile phone based on friendly worm |
Publications (1)
Publication Number | Publication Date |
---|---|
CN102404715A true CN102404715A (en) | 2012-04-04 |
Family
ID=45886403
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN2011103689012A Withdrawn CN102404715A (en) | 2011-11-18 | 2011-11-18 | Method for resisting worm virus of mobile phone based on friendly worm |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN102404715A (en) |
Cited By (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN103595734A (en) * | 2013-12-02 | 2014-02-19 | 中国科学院信息工程研究所 | On-line social network rapid repairing method based on user associative structure partition |
WO2019064176A1 (en) * | 2017-09-29 | 2019-04-04 | International Business Machines Corporation | Dynamic re-composition of patch groups using stream clustering |
CN110191127A (en) * | 2019-05-30 | 2019-08-30 | 重庆理工大学 | A kind of immune prediction technique of nonlinear kinetics P2P network worm |
CN113411356A (en) * | 2021-08-23 | 2021-09-17 | 北京华云安信息技术有限公司 | Vulnerability detection method, system, device and computer readable storage medium |
CN115941238A (en) * | 2022-09-19 | 2023-04-07 | 北京航空航天大学 | Method for preventing and controlling worm propagation of coupled P2P industrial internet by using composite benign worms |
-
2011
- 2011-11-18 CN CN2011103689012A patent/CN102404715A/en not_active Withdrawn
Cited By (13)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN103595734B (en) * | 2013-12-02 | 2016-06-01 | 中国科学院信息工程研究所 | Based on the online social network fast repairing method that user-association structure divides |
CN103595734A (en) * | 2013-12-02 | 2014-02-19 | 中国科学院信息工程研究所 | On-line social network rapid repairing method based on user associative structure partition |
US10977366B2 (en) | 2017-09-29 | 2021-04-13 | International Business Machines Corporation | Dynamic re-composition of patch groups using stream clustering |
WO2019064176A1 (en) * | 2017-09-29 | 2019-04-04 | International Business Machines Corporation | Dynamic re-composition of patch groups using stream clustering |
US10540496B2 (en) | 2017-09-29 | 2020-01-21 | International Business Machines Corporation | Dynamic re-composition of patch groups using stream clustering |
US11620381B2 (en) | 2017-09-29 | 2023-04-04 | Kyndryl, Inc. | Dynamic re-composition of patch groups using stream clustering |
GB2582460A (en) * | 2017-09-29 | 2020-09-23 | Ibm | Dynamic re-composition of patch groups using stream clustering |
GB2582460B (en) * | 2017-09-29 | 2021-01-20 | Ibm | Dynamic re-composition of patch groups using stream clustering |
CN110191127A (en) * | 2019-05-30 | 2019-08-30 | 重庆理工大学 | A kind of immune prediction technique of nonlinear kinetics P2P network worm |
CN110191127B (en) * | 2019-05-30 | 2020-06-02 | 重庆理工大学 | Nonlinear dynamics P2P network worm immune prediction method |
CN113411356A (en) * | 2021-08-23 | 2021-09-17 | 北京华云安信息技术有限公司 | Vulnerability detection method, system, device and computer readable storage medium |
CN113411356B (en) * | 2021-08-23 | 2021-12-10 | 北京华云安信息技术有限公司 | Vulnerability detection method, system, device and computer readable storage medium |
CN115941238A (en) * | 2022-09-19 | 2023-04-07 | 北京航空航天大学 | Method for preventing and controlling worm propagation of coupled P2P industrial internet by using composite benign worms |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
Udd et al. | Exploiting bro for intrusion detection in a SCADA system | |
US7941853B2 (en) | Distributed system and method for the detection of eThreats | |
EP2795525B1 (en) | Augmenting system restore with malware detection | |
US20140189859A1 (en) | Herd based scan avoidance system in a network environment | |
CN102404715A (en) | Method for resisting worm virus of mobile phone based on friendly worm | |
RU2008142138A (en) | PROTECTION AGAINST USE OF VULNERABILITY OF THE SOFTWARE | |
EP2946329A1 (en) | Detection of malicious scripting language code in a network environment | |
Jain et al. | Defending against internet worms using honeyfarm | |
Agarwal et al. | Intrusion detection system for PS-Poll DoS attack in 802.11 networks using real time discrete event system | |
CN101150586A (en) | CC attack prevention method and device | |
WO2013058852A2 (en) | Distributed assured network system (dans) | |
US8938805B1 (en) | Detection of tampering with software installed on a processing device | |
KR20110131627A (en) | Apparatus for detecting malicious code using structure and characteristic of file, and terminal thereof | |
CN104796386A (en) | Detection method, device and system of botnet | |
Elfattah et al. | Handsets malware threats and facing techniques | |
Khouzani et al. | Dynamic malware attack in energy-constrained mobile wireless networks | |
Roshandel et al. | LIDAR: a layered intrusion detection and remediationframework for smartphones | |
CN103139169A (en) | Virus detection system and method based on network behavior | |
CN104184725A (en) | Engine detection data updating method and device of intrusion prevention system | |
Ponomarev | Intrusion Detection System of industrial control networks using network telemetry | |
Jain et al. | A hybrid honeyfarm based technique for defense against worm attacks | |
CN113328976A (en) | Security threat event identification method, device and equipment | |
Zhai et al. | Worm propagation model for heterogeneous network | |
KR101283440B1 (en) | System for block off a data spill using booby trap signature and method thereof | |
Wu et al. | SIHQR model with time delay for worm spread analysis in IIoT-enabled PLC network |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
C04 | Withdrawal of patent application after publication (patent law 2001) | ||
WW01 | Invention patent application withdrawn after publication |
Open date: 20120404 |