| 基于网络流量特征的未知木马检测技术及其实现 |
| |
| 引用本文: | 彭国军,王泰格,邵玉如,刘梦冷.基于网络流量特征的未知木马检测技术及其实现[J].信息网络安全,2012(10):5-9. |
| |
| 作者姓名: | 彭国军 王泰格 邵玉如 刘梦冷 |
| |
| 作者单位: | 武汉大学计算机学院,湖北武汉 430072 |
| |
| 基金项目: | 国家自然科学基金[61103220];中央高校基本科研业务费专项基金[6082013];湖北省自然科学基金[2011CDB456] |
| |
| 摘 要: | 文章首先介绍了当前网络环境下木马检测的经典方法、优缺点及其面临的挑战,然后从木马网络通信的本质特征出发,提出了基于网络流量特征的未知木马检测方案,描述了原型系统的设计方案及实现。通过测试结果表明,该方案可有效检测各类未知木马软件,保证高检出率的同时,误报率低。
|
| 关 键 词: | 流量特征 未知木马 恶意代码检测 |
Technology and Implementation to Detect Unknown Trojan based on Network Flow Characteristics |
| |
| PENG Guo-jun,WANG Tai-ge,SHAO Yu-ru,LIU Meng-leng.Technology and Implementation to Detect Unknown Trojan based on Network Flow Characteristics[J].Netinfo Security,2012(10):5-9. |
| |
| Authors: | PENG Guo-jun WANG Tai-ge SHAO Yu-ru LIU Meng-leng |
| |
| Affiliation: | (School of Computer,Wuhan University,Wuhan Hubei 430072,China) |
| |
| Abstract: | Focused on the essence of Trojan’s network communication,this paper presents an unknown Trojan detecting scheme based on the network flow characteristics,and describes the key technology of the prototype system.The experiment results indicate that the scheme has great effect to detect the unknown Trojan with low false positive rate and high detection rate. |
| |
| Keywords: | network flow characteristics unknown Trojan malware detection |
| 本文献已被 CNKI 维普 万方数据 等数据库收录! |
