| 基于通信特征分析的蠕虫检测和特征提取方法的研究 |
| |
| 引用本文: | 辛 毅,方滨兴,贺龙涛,云晓春,李志东.基于通信特征分析的蠕虫检测和特征提取方法的研究[J].通信学报,2007,28(12):1-7. |
| |
| 作者姓名: | 辛 毅 方滨兴 贺龙涛 云晓春 李志东 |
| |
| 作者单位: | 1. 哈尔滨工业大学,计算机网络与信息安全技术研究中心,黑龙江,哈尔滨,150001
2. 国家计算机网络应急技术处理协调中心,北京,100029 |
| |
| 摘 要: | 提出了一种基于通信特征分析的蠕虫检测与特征提取技术,在解析蠕虫传播过程中特有的通信模式的基础上,评估通信特征集合问的相似度,通过检测传染性来检测蠕虫,这种方法具有更高的检测精度、通用性和适应性。在此基础上设计了启发式检测体系结构,利用盲目跟踪、意向跟踪和锁定跟踪从通信协议、通信序列和通信内容3个层次逐级排除非蠕虫通信,筛选出蠕虫报文组,提取出蠕虫特征码。这种技术大幅缩减了采集量和分析量,能在高强度背景噪声的干扰快速检测蠕虫并提取出相应的特征。
|
| 关 键 词: | 蠕虫 通信特征 检测 特征提取 |
| 文章编号: | 1000-436X(2007)12-0001-07 |
| 收稿时间: | 2007-09-12 |
| 修稿时间: | 2007-11-20 |
Worm detection and signature extraction based on communication characteristics |
| |
| XIN Yi,FANG Bin-xing,HE Long-tao,YUN Xiao-chun,LI Zhi-dong.Worm detection and signature extraction based on communication characteristics[J].Journal on Communications,2007,28(12):1-7. |
| |
| Authors: | XIN Yi FANG Bin-xing HE Long-tao YUN Xiao-chun LI Zhi-dong |
| |
| Abstract: | Worm detection and signature extraction was presented based on analysis of similar communication characteristics, which identifies the distinct communication pattern of worm spread, and evaluates the similarity metric of communication characteristic sets, and detects worms by detecting their infectivity with higher detection precision, generality and adaptability. Based on this, a heuristic detection framework is designed, which eliminates non-worm traffic from protocol, sequence, and content in three levels via blind, intent and lock track, then filters out worm packets and extracts signatures. The technique reduces data collection volume and analysis cost dramatically, and can detection worm and extract signature quickly in the environment with high strength background noise. |
| |
| Keywords: | worm communication characteristics detection signature extraction |
| 本文献已被 CNKI 维普 万方数据 等数据库收录! |
| 点击此处可从《通信学报》浏览原始摘要信息 |
|
点击此处可从《通信学报》下载全文 |
|
