Online tracing Petri dish of large scale worm

For the detection and defense of large scale Internet worm outbreaks,a convenient and safe experimental environment capable of running real worm becomes an important work to observe large scale worm infection,intrusion and propagation.It can be a large scale worm test bed for forensic evidence.A large-scale worm propagation experiments environment for tracing algorithm was proposed,which was an isolated environment that could run related experiments.To conform as much as possible to the actual network,the experimental environment used virtual machine technology,simulated a large number of hosts and network equipments.In this environment,large-scale worm outbreaks within the controllable scope could be triggered,the propagation process of the worm,experiment detection and defense techniques could be observed,the worm propagation characteristics such as scanning method and propagation process could be discovered,and the network traffic and propagation process could be collected real-timely.After network traffic was investigated,speculation algorithm was launched for reconstructing out patient zero and propagation path of the worm.Then actual worm propagation process could be captured and compared with the results of tracing algorithm.