| 面向蠕虫自动特征产生系统的设计与实现 |
| |
| 引用本文: | 李胜利,郭山清,徐秋亮. 面向蠕虫自动特征产生系统的设计与实现[J]. 信息网络安全, 2009, 0(3): 74-76 |
| |
| 作者姓名: | 李胜利 郭山清 徐秋亮 |
| |
| 作者单位: | 山东大学计算机科学与技术学院,山东济南,250101 |
| |
| 摘 要: | 计算机以及网络的的迅速发展在带给人类方便的同时,也为恶意代码的传播提供了良好的条件。一种具有传播速度快,破坏力大和高智能性等特点的恶意代码一蠕虫,已引起人们的广泛重视。由于蠕虫传播速度极快,安全厂商很难迅速获得检测相应蠕虫的恶意代码的特征,而特征的迟后获得可能会给用户带来很大的潜在危害,因此,本文从协议分析的角度提出了一种特征的自动生成方法,并将产生的特征用来检测蠕虫,取得了良好的效果,并在此基础上用实例探测的方法进一步提高了准确性(降低了漏报与误报)。
|
| 关 键 词: | 网络安全 蠕虫 入侵检测 蠕虫特征 |
System Design and Implement of Automated Signature Generation for Worms |
| |
| LI Sheng-li,GUO Shan-qing,XU Qiu-liang. System Design and Implement of Automated Signature Generation for Worms[J]. Netinfo Security, 2009, 0(3): 74-76 |
| |
| Authors: | LI Sheng-li GUO Shan-qing XU Qiu-liang |
| |
| Affiliation: | ( Department of Computer Science and Technology, Shandong University, Jinan, Shandong 250101 ) |
| |
| Abstract: | The development of the computer and the Interact gives the convenience to the human, while takes the good conditions to the spreading of the malicious code.. Worms-a kind of malicious code with fast spread, destroy serious and intelligent have attracted extensive attention. As the fast spread of the worms, it is difficult to generate the signature for the worms in time, while it can take great potential harm to delay the signatures generation. So, this paper takes a automatic signature generation from the protocol analyzer, and detected the worms according the signatures with a good result, using the probing method to improve the accuracy(lower the false positives and false negatives). |
| |
| Keywords: | network security worm intrusion detection worm signature |
| 本文献已被 维普 万方数据 等数据库收录! |
|
