Abstract: Because there are a lot of difficulties in predicting the network worm exactly, a tolerant warning method based on greedy algorithm was proposed. The method took the characteristic of the spreading of worm into account, adopted some tolerant measures for some less harmful worms. A special data structure of datagram was designed, by statistical analysis of these datagram in the server, and could judge the threshold whether the warning system should be started up. The experimental simulation and theoretical analysis show that the method is feasible to some extent.

Key words: worm, tolerant warning, greedy algorithm

摘要： 针对网络蠕虫准确预警的困难性，综合蠕虫传播的特点，提出一种基于贪婪算法的容忍预警方法，对一些危害较小的可疑蠕虫采取一定的容忍机制,设计一个特定报文的数据段结构，在服务器端通过对这类报文的统计分析，计算出是否要启动预警的阈值。通过实验仿真和理论分析，表明此方案具有一定的可行性。

关键词: 蠕虫, 容忍预警, 贪婪算法