共查询到18条相似文献,搜索用时 93 毫秒
1.
周燕明 《数字社区&智能家居》2007,(21)
蠕虫在传播时所采取的扫描策略直接决定了蠕虫的感染速度和程度.论文对蠕虫传播时采用的不同扫描策略进行了深度分析,并建模比较.针对各种扩散策略的不足,提出了随机均匀扫描、基于路由扫描和预定义目标地址列表相结合的扫描策略,简称RRH-1扫描策略.经验证,和已有单一扩散策略相比,采用RRH-1扫描策略的蠕虫传播时具有快速、准确和流量小的优点. 相似文献
2.
对蠕虫扫描策略及其传播效率进行了深入分析;并提出了"带宽限制型 部分预定义目标地址列表 基于路由扫描 随机均匀扫描"的快速扫描策略.分析了各种蠕虫传播过程模拟方法和蠕虫流量模拟方法的优劣;并从统计意义上建立了"延迟限制型"蠕虫的周期性突发的扫描流量模型,结合混合层次模拟方法,能够为蠕虫模拟、检测和应对技术提供基础,同时减少了蠕虫模拟的复杂性. 相似文献
3.
周燕明 《数字社区&智能家居》2007,(11):714-717
蠕虫在传播时所采取的扫描策略直接决定了蠕虫的感染速度和程度。论文对蠕虫传播时采用的不同扫描策略进行了深度分析,并建模比较。针对各种扩散策略的不足,提出了随机均匀扫描、基于路由扫描和预定义目标地址列表相结合的扫描策略,简称RRH-1扫描策略。经验证,和已有单一扩散策略相比,采用RRH—l扫描策略的蠕虫传播时具有快速、准确和流量小的优点。 相似文献
4.
一种基于P2P网络的蠕虫传播模型研究 总被引:1,自引:0,他引:1
P2P蠕虫是利用P2P机制进行传播的恶意代码.本文针对基于P2P(peer-to-peer)的大规模网络,对P2P蠕虫的传播展开相关研究.首先介绍三个基本的蠕虫传播模型,分析了引入良性蠕虫后的四种情况.然后根据几个P2P蠕虫的扫描策略之一,提出了基于P2P系统的网络对抗蠕虫传播模型,并进行了初步的模拟分析. 相似文献
5.
6.
蠕虫通过发送网络服务请求搜寻感染目标,主机的异常网络服务请求可以作为蠕虫检测的依据.提出了一种蠕虫检测系统,基于阳性选择算法构造自体字符串集合描述主机的正常网络行为.自体字符串集合采用Bloom filter过滤器的形式表示,用于监视主机的网络行为以发现网络中可疑的网络服务请求.依据蠕虫的传播特征,采用二叉树的形式对所发现的可疑网络服务请求进行关联分析,通过无参CUSUM(cumulative sum)算法监视二叉树异常值的变化,从而及时、准确地发现蠕虫传播.GTNetS(Georgia Tech Network Simulation)平台的测试实验结果表明,所提出的蠕虫检测系统能够有效检测蠕虫,同时对于主机正常网络通信的影响较小. 相似文献
7.
8.
9.
随着在线社交网络(Online Social Network,OSN)的快速发展,OSN蠕虫已经成为最具威胁的网络安全问题之一.为了防止OSN蠕虫的快速传播,文中提出了一种基于社团并行发现的OSN蠕虫抑制方法.首先将分布式图计算框架Pregel和基于标签传播的社团发现算法(Label Propagation Algorithm,LPA)相结合,提出了一种能够处理大规模OSN网络社团发现问题的并行LPA算法(Parallel LPA,PLPA).其次,文中在PLPA算法的基础上给出了3种社团关键节点的选取策略,并提出了相应的OSN蠕虫抑制方法.最后,通过在两组真实数据集上进行的社团并行发现及OSN蠕虫抑制仿真实验证明了文中方法的有效性. 相似文献
10.
针对传统蠕虫传播模型无法准确预测基于搜索引擎的蠕虫的传播问题,在IPv6网络环境下构建了一种基于搜索引擎的蠕虫-V6.MAMWorm,并在分层扫描策略的基础上提出了一种混合智能算法.在本地应用子网内扫描策略,在子网间应用搜索引擎扫描策略,从而建立了一种新型的蠕虫传播模型(multi-tierarchitecturemodel,MAM).仿真结果表明,V6-MAM-Worm在IPv6网络中具有更快的传播速度,其将对IPv6网络的安全性带来巨大的威胁. 相似文献
11.
Active worms propagate across networks by employing the various target discovery techniques. The significance of target discovery
techniques in shaping a worm’s propagation characteristics is derived from the life cycle of a worm. The various target discovery
techniques that could be employed by active worms are discussed. It is anticipated that future active worms would employ multiple
target discovery techniques simultaneously to greatly accelerate their propagation. To accelerate a worm’s propagation, the
slow start phase in the worm’s propagation must be shortened by letting the worm infect the first certain percentage of susceptible
hosts as soon as possible. Strategies that future active worms might employ to shorten the slow start phase in their propagation
are studied. Their respective cost-effectiveness is assessed. A novel active defense mechanism is proposed, which could be
an emerging solution to the active worm problem. Our major contributions in this article are first, we found the combination
of target discovery techniques that can best accelerate the propagation of active worms; second, we proposed several strategies
to shorten a worm’s slow start phase in its propagation and found the cost-effective hit-list size and average size of internally
generated target lists; third, we proposed a novel active defense mechanism and evaluated its effectiveness; and fourth, we
proposed three novel discrete time deterministic propagation models of active worms. 相似文献
12.
The Internet is crucial to business, government, education and many other facets of society, but the easy access and wide usage of the most common network services make it a primary target for the propagation of viral infections or worms. It has been widely experienced that the massive worldwide spreading of very fast and aggressive worms may easily disrupt or damage the connectivity of large sections of the Internet, affecting millions of users. Classical containment strategies, based on manual application of traffic filters will be almost totally ineffective in the wide area. Consequently, developing an automated self-distributing containment strategy is the most viable way to defeat the worm propagation in an acceptable time The objective of our work is to develop a distributed and cooperative containment strategy based on having traffic filtering information dynamically disseminate throughout the network at a speed that is faster than (or at least comparable with) the propagation of worms. Our framework based on BGP extensions to distribute traffic filtering information has the advantage of using the existing infrastructure and inter-as communication channels. We envision that the above solution will be one of the most effective and challenging lines of defense against next-generation more aggressive worms. 相似文献
13.
14.
The defining task of propagating malicious code is to locate new targets to attack. Viruses search for files in a computer system to which to attach, whereas worms search for new targets to which to transmit themselves. Depending on their method of transmission, malicious code writers have developed different strategies for finding new victims. Worms transmitted via email have had great success propagating themselves because they find their next targets either by raiding a user's email address book or by searching through the user's mailbox. Such addresses are almost certain to be valid, permitting the worm to hijack the user's social web and exploit trust relationships. In most cases, the worm will craft its own message to send to the target, but some will wait for the user to send a message and attach themselves to it. Network worms, those that attack network services, must determine their next victim's IP address. 相似文献
15.
16.
社交网络内蠕虫的爆发对用户及社交网络造成了极大的威胁。将社交网络的普通用户和网络攻击者作为博弈双方,分析双方的行为策略集合及影响因素,得到收益矩阵的计算方法。基于博弈论确定用户面对信息超链接的点击概率,运行了仿真实验。实验结果表明,蠕虫伪装技术对蠕虫传播影响较大,用户安全意识程度则影响较小。当蠕虫危害度较小或信息价值度较大时,蠕虫传播速度将会加快。基于博弈论研究社交网络的蠕虫传播是可行的。 相似文献
17.
18.
The lack of accurate and efficient methods for target identification has been the bottleneck in drug discovery. In recent years, inverse docking has been applied as an efficient method in target identification, and several specific inverse docking strategies have been employed in academic and industrial researches. However, the effectiveness of these docking strategies in multiple targets identification is unclear. In this study, five inverse docking schemes were evaluated to find out the most effective approach in multiple targets identification. A target database containing a highly qualified dataset that is composed of 1714 entries from 1594 known drug targets covering 18 biochemical functions was collected as a testing pool for inverse docking. The inverse docking engines including GOLD, FlexX, Tarfisdock and two in-house target search schemes TarSearch-X and TarSearch-M were evaluated by eight multiple target systems in the dataset. The results show that TarSearch-X is the most effective method in multiple targets identification and validation among these five schemes, and the effectiveness of GOLD in multiple targets identification is also acceptable. Moreover, these two inverse docking strategies will also be helpful in predicting the undesirable effects of drugs, such as toxicity. 相似文献