Abstract
Predicting or discovering the possible propagation direction of spreading network worms can efficiently benefit the enforcement of network security countermeasures like blocking them in real-time way. Most worms exhaust all of the network bandwidth maliciously in very short time. This paper proposed a model on predicting the propagation direction between areas based on two key indexes including Area-Infected-Time (AIT) and Area-Infected-Probability (AIP), and calculates alert level for each area by fuzzy reasoning. The higher alert level is, the more likely that the corresponding area is infected by worm in short time, and this area is the propagation direction of worm at the moment. Simulation experimental results show that the early warning model proposed in this paper can deduce Area-Alert-Level (AAL) correctly and predict the propagation direction of network worm dynamically.