| 基于候选组合频繁模式的骨干网蠕虫检测研究 |
| |
| 引用本文: | 许晓东,杨甦,朱士瑞.基于候选组合频繁模式的骨干网蠕虫检测研究[J].计算机应用,2009,29(1):178-180. |
| |
| 作者姓名: | 许晓东 杨甦 朱士瑞 |
| |
| 作者单位: | 江苏大学 江苏大学 江苏大学 |
| |
| 基金项目: | 江苏省教育厅高校科研项目 |
| |
| 摘 要: | 现有的网络蠕虫检测方法大多都是基于包的检测,针对骨干网IP流检测的研究较少,同时也不能很好地描述蠕虫的攻击模式。为此研究了一种在骨干网IP流数据环境下的蠕虫检测方法,通过流活跃度增长系数和目的地址增长系数定位可疑源主机,接着采用基于候选组合频繁模式的挖掘算法(CCFPM),将候选频繁端口模式在FP树路径中进行匹配来发现蠕虫及其攻击特性,实验证明该方法能快速地发现未知蠕虫及其端口扫描模式。
|
| 关 键 词: | 蠕虫攻击检测 IP流 候选组合频繁模式挖掘 FP-树 |
| 收稿时间: | 2008-07-18 |
Detecting worms based on candidate combination frequent pattern in Internet backbones |
| |
| XU Xiao-dong,YANG Su,ZHU Shi-rui.Detecting worms based on candidate combination frequent pattern in Internet backbones[J].journal of Computer Applications,2009,29(1):178-180. |
| |
| Authors: | XU Xiao-dong YANG Su ZHU Shi-rui |
| |
| Affiliation: | 1.College of Computer Science and Technology;Nanjing University of Science and Technology;Nanjing Jiangsu 210094;China;2. College of Computer Science and Communication Engineering;Jiangsu University;Zhenjiang Jiangsu 212013;3.Network Center;China |
| |
| Abstract: | The present worm detection methods have been mostly based on packets and less with IP flows in Internet backbones. They also cannot accurately describe the worm's scan-pattern. A method was presented to detect worms in Internet Backbones with flow data circumstance. First, find suspicious hosts by checking the increasing coefficients of Flow Activity Degree and Destination IP Address. Then, detect worms based on Candidate Combination Frequent Pattern Mining (CCFPM) algorithm. The results show that this meth... |
| |
| Keywords: | Worm attack detection IP Flows Candidate Combination Frequent Pattern Mining FP-Tree |
| 本文献已被 CNKI 维普 万方数据 等数据库收录! |
| 点击此处可从《计算机应用》浏览原始摘要信息 |
|
点击此处可从《计算机应用》下载全文 |
