共查询到19条相似文献,搜索用时 906 毫秒
1.
主动Internet蠕虫防治技术-接种疫苗 总被引:10,自引:0,他引:10
郑辉 《计算机工程与应用》2004,40(25):5-8,61
常规的蠕虫防治策略中网络管理人员处于被动地位,蠕虫爆发后会在网络中长期泛滥,无法得到有效抑制。该文通过对经典蠕虫的分析,给出了蠕虫疫苗的定义(为破坏蠕虫传播流程中的某个环节而在主机上建立的标记,称为蠕虫“疫苗”;标记的建立过程,称为“接种疫苗”),讨论了蠕虫疫苗的判定选择方法以及接种技术要点。通过对网络中易感主机进行接种疫苗,可以减少网络中易感主机的存在数量,使蠕虫失去攻击的对象,无法继续传播。接种疫苗可以作为网络管理人员主动进行蠕虫防治、迅速消灭蠕虫的一种有效手段。 相似文献
2.
3.
采用混合仿真方法,分别针对抽象的和具体的网络模型,基于NS-2仿真平台,实现了蠕虫的SIR传播模型,按照主机易感→感染→免疫的方法对不同的拓扑结构进行了仿真。最后,通过该仿真系统实验分析了拓扑结构对蠕虫传播的影响。仿真实验结果表明,拓扑结构对蠕虫的传播有影响。 相似文献
4.
5.
6.
7.
"冲击波"蠕虫的分析和防范 总被引:2,自引:0,他引:2
"冲击波"蠕虫利用Windows系统的RPC漏洞下载并执行蠕虫代码,并对发布补丁程序的微软网站进行拒绝服务攻击.蠕虫感染局域网和Internet上的其他Windows系统,使被攻击主机的RPC服务崩溃.本文讨论了其运行机制以及检测和清除方法.对近2年中的3种典型的蠕虫进行了对比,指出了消极防御措施的不足和采取主动式防御措施的必要性. 相似文献
8.
基于分布式蜜网的蠕虫传播模型研究* 总被引:1,自引:1,他引:0
为有效防范蠕虫传播所带来的日益严峻的安全威胁,主动防护技术—分布式蜜网被应用到网络中以保障网络安全。分布式蜜网下的蜜罐对蠕虫表现出强诱骗性和“宽进严出”的数据控制策略等特性,影响到蠕虫的传播及控制。基于双因子模型,考虑到分布式蜜网下的蜜罐特性和Internet的无标度网络特性,提出基于分布式蜜网的蠕虫传播模型,并进行了分析;通过模拟实验对模型进行验证,以探讨部署分布式蜜网下的蠕虫传播规律。实验结果表明,部署分布式蜜网不但能第一时间捕获蠕虫样本,而且能减少网络中感染蠕虫主机总数、具备感染能力的最大主机数等 相似文献
9.
陈霜霜 《网络安全技术与应用》2012,(12):84-85
本文依据蠕虫扫描时会产生FCC失败连接概率高和FCC连接速度快这两个网络行为,通过使用支持向量机分别学习正常主机和受蠕虫感染主机的训练样本集,然后使用训练后的分类器对待测主机进行分类,实现了蠕虫攻击的自动检测,并进行了实验验证。实验结果表明,该方法对未知扫描类蠕虫有较好的检测效果。 相似文献
10.
针对蠕虫病毒提出了易感主机有常数输入并具有标准传染率的SIRS传播模型,考虑蠕虫病毒在传播期间主机总数的动态变化性,应用微分方程定性与稳定性理论对该模型进行分析, 讨论了不同因素对蠕虫病毒控制的影响。并利用Abilene网络分析了网络拓扑对病毒传播速率的影响。最后,通过CAIDA提供的蠕虫数据对该模型进行了检验。 相似文献
11.
Routing protocols play an important role in the Internet and the test requirements are running up.To test routing protocols more efficiently,several enhancing techniques are applied in the protocol integrated test system described in this paper.The Implementation Under Test is modeled as a black box with windows.The test system is endowed with multiple channels and multiple ports to test distributed protocols.The test suite and other related aspects are also extended.Meanwhile,the passive testing is introduced to test,analyze and manage routing protocols in the production field,which is able to perform the conformance test,the interoperability test and the performance test.The state machine of peer sessions is tested with the state synchronization algorithm,and the routing information manipulation and other operations are checked and analyzed with the methods like the topology analysis and the internal process simulation,With both the active testing and the passive testing,the routing protool test is going further and more thoroughly and helps a lot in the developmnt of routers。 相似文献
12.
Wen-Chen Sun Author Vitae Yi-Ming Chen Author Vitae 《Journal of Systems and Software》2009,82(8):1313-1325
Today’s security communities face a daunting challenges - how to protect the Internet from new, unknown zero day worms. Due to their innovation, these worms are hard to be stopped by traditional security mechanisms. Therefore, instead of trying to prevent the intrusion of every such a thread, this paper proposes a new system architecture, named Virtual Machine based Intrusion Tolerance Network (VMITN), which will tolerate the new worm attack until administrators remove the vulnerability leveraged by the worm. The VMITN adopts a rough-set based recognition mechanism to detect zero day worms and a virtual machine based overlay network to mitigate attacks. We have implemented a concept proof prototype system and use NS-2 simulations to study the performance of the VMITN in a large scale network. The behavior of the famous Witty worm is simulated within the NS-2 module and the simulations result showed that our VMITN architecture can provide the reliability and survivability under severe worm attacks. 相似文献
13.
F. J. Gonzlez‐Castao L. Anido‐Rifn J. M. Pousada‐Carballo P. S. Rodríguez‐Hernndez R. Lpez‐Gmez 《Software》2001,31(1):1-16
Virtual machines for remote execution are a useful tool for utilizing light user interfaces and intensive application cores in different physical machines connected through the Internet. In a virtual machine, application cores are distributed in a network. Specific locations, operating systems and hardware characteristics are hidden by virtual machines. They make it possible to use a PC to execute user interfaces and (a few) high‐performance computers for application cores. We present a Java/CORBA‐based brokerage platform that allows remote execution of optimization solvers from a client running on any platform. The system offers a dynamic library of available problem solvers, and a graphic interface to browse several defined properties and metadata on available solvers. In addition, an embedded file compression module to reduce data transfer time is included as a plug‐in feature of the proposed virtual machine. Analogous systems could be constructed for applications in which interaction traffic time is much lower than execution time. Copyright © 2001 John Wiley & Sons, Ltd. 相似文献
14.
Tsinghua University campus network is a large campus network in China, providing volume-based and flat-rate Internet access service for more than 31,000 students and staff. In order to better understand its traffic, user behavior and pricing policies to facilitate network planning and management, we collect a one-year-long flow-based traffic log and a 10-year-long user-based log at the boundary of this campus network, and then conduct an analysis study on these two data sets. In this paper, we first present characteristics of inbound traffic flows from the aspects of traffic prediction and inference. Then we analyze the geographical origins of incoming flows, and the result reveals that USA, Japan and Korea are the most important source countries of international traffic. Our user-based investigation shows that the properties of users have important influence on their behavior, e.g., major has stronger influence on users’ online time, while occupation has stronger influence on users’ international traffic volume. We also find that there are more and more users choosing flat rate pricing scheme instead of volume based pricing scheme, and these users tend to over-provision when they subscribe from tiered pricing options. 相似文献
15.
16.
Malkhi D. Reiter M.K. 《IEEE transactions on pattern analysis and machine intelligence》2000,26(12):1197-1209
Mobile code presents a number of threats to machines that execute it. We introduce an approach for protecting machines and the resources they hold from mobile code and describe a system based on our approach for protecting host machines from Java 1.1 applets. In our approach, each Java applet downloaded to the protected domain is rerouted to a dedicated machine (or set of machines), the playground, at which it is executed. Prior to execution, the applet is transformed to use the downloading user's Web browser as a graphics terminal for its input and output, and so the user has the illusion that the applet is running on his own machine. In reality, however, mobile code runs only in the sanitized environment of the playground, where user files cannot be mounted and from which only limited network connections are accepted by machines in the protected domain. Our playground thus provides a second level of defense against mobile code that circumvents language-based defenses. This paper presents the design and implementation of a playground for Java 1.1 applets and discusses extensions of it for other forms of mobile code, including Java 1.2 相似文献
17.
Many supervised machine learning tasks can be cast as multi-class classification problems. Support vector machines (SVMs) excel at binary classification problems, but the elegant theory behind large-margin hyperplane cannot be easily extended to their multi-class counterparts. On the other hand, it was shown that the decision hyperplanes for binary classification obtained by SVMs are equivalent to the solutions obtained by Fisher's linear discriminant on the set of support vectors. Discriminant analysis approaches are well known to learn discriminative feature transformations in the statistical pattern recognition literature and can be easily extend to multi-class cases. The use of discriminant analysis, however, has not been fully experimented in the data mining literature. In this paper, we explore the use of discriminant analysis for multi-class classification problems. We evaluate the performance of discriminant analysis on a large collection of benchmark datasets and investigate its usage in text categorization. Our experiments suggest that discriminant analysis provides a fast, efficient yet accurate alternative for general multi-class classification problems.
Tao Li is currently an assistant professor in the School of Computer Science at Florida International University. He received his Ph.D. degree in Computer Science from University of Rochester in 2004. His primary research interests are: data mining, machine learning, bioinformatics, and music information retrieval.
Shenghuo Zhu is currently a researcher in NEC Laboratories America, Inc. He received his B.E. from Zhejiang University in 1994, B.E. from Tsinghua University in 1997, and Ph.D degree in Computer Science from University of Rochester in 2003. His primary research interests include information retrieval, machine learning, and data mining.
Mitsunori Ogihara received a Ph.D. in Information Sciences at Tokyo Institute of Technology in 1993. He is currently Professor and Chair of the Department of Computer Science at the University of Rochester. His primary research interests are data mining, computational complexity, and molecular computation. 相似文献
18.
With the explosive growth of Internet applications, the threats of network worms against computer systems and network security
are seriously increasing. Many recent researches concentrate on providing a propagation model and early warning. In fact,
the defense against worms in a realistic environment is an open problem. In this work, we present WSRMAS (worm spreading_reduction
multi_agent system) as a system that includes a worm defense mechanism to considerably reduce the rate at which hosts are
infected. As WSRMAS needs a suitable infra-structure, its architecture was elaborated and an agent platform was designed and
implemented to support WSRMAS functions. The proposed system was provided once with a centralized plan and second with a decentralized
(distributed) plan. In both cases the system performance was evaluated. Also different communication capabilities using Knowledge
Query Manipulation Language (KQML) were exploited to improve WSRMAS performance. The ratio between worm and anti-worm spreading
was studied to investigate its influence on the defense efficiency. Taking into account that some machines may not deploy
WSRMAS, consequently, the effectiveness of WSRMAS under different operational conditions has been studied. 相似文献
19.
当前网络蠕虫对Internet构成重要威胁,如何防范蠕虫已经成为网络安全的重要课题。由于蠕虫传播速度快、规模大,因此必须在蠕虫传播初期就能发现并对其采取相应措施进行隔离。全面分析了蠕虫预警方面的最新研究进展,包括路由器级的蠕虫检测、基于行为的蠕虫检测、蠕虫特征的自动提取,并对蠕虫的特点进行了总结,最后对未来蠕虫检测的可能方向进行了展望。 相似文献