| 分布式蠕虫流量检测技术 |
| |
| 引用本文: | 高鹏.分布式蠕虫流量检测技术[J].信息安全与通信保密,2009(12):93-95. |
| |
| 作者姓名: | 高鹏 |
| |
| 作者单位: | 联想网御科技(北京)有限公司,北京,100086 |
| |
| 基金项目: | 国家高技术研究发展计划(863计划)基金资助项目( |
| |
| 摘 要: | 分析了网络蠕虫病毒的传播特点和已有的检测方法,针对慢速传播蠕虫病毒,提出了基于流量异常传播序列的检测算法,并通过分布式系统结构,综合多个子网的检测结果,进一步提高检测准确率。模拟实验证明:该算法可以根据流量特征,在蠕虫病毒慢速传播的早期检测到该病毒的传播行为,并获得传播所用网络协议和目标端口。
|
| 关 键 词: | 蠕虫病毒 异常流量 分布式 |
A Distributed Worm Traffic Detection Algorithm |
| |
| GAO Peng.A Distributed Worm Traffic Detection Algorithm[J].China Information Security,2009(12):93-95. |
| |
| Authors: | GAO Peng |
| |
| Affiliation: | GAO Peng (Beijing Branch, Leadsec Inc., Beijing 100086, China) |
| |
| Abstract: | This paper, based on analysis of distributed abnormal traffic sequence propagation, presents a new algorithm for detecting the tnternet worm infection, and explores the forecast mechanism for worm traffic. An Intemet worm forecast model and a prototype based on forecast algorithm are designed. The related experimental data and analysis results are also given. |
| |
| Keywords: | worm abnormal traffic distributed |
| 本文献已被 维普 万方数据 等数据库收录! |
|
