Network-worm-control technology based on the front buffer two-stage leaky bucket algorithm

A new network-worm-control technology is proposed after having fully analyzed the differences between worm and normal connection requests. Considering the worm characteristic of attacking unique port and dispersing IP addresses, the method uses multiple data sets according to the different ports to avoid the influence among the ports. Aiming at the normal connection characteristic of ephemeral bursting out, the method takes advantage of two-stage leaky bucket to control the output of delay queues. The method can not only shorten the period of staying in the delay queue of normal requests, but also prevent the worms. The analysis shows that this method plays a significant role before the outburst of the worms.