| 应用改进的V-detector算法检测蠕虫 |
| |
| 引用本文: | 洪征,吴礼发,王元元.应用改进的V-detector算法检测蠕虫[J].北京邮电大学学报,2007,29(2):98-101. |
| |
| 作者姓名: | 洪征 吴礼发 王元元 |
| |
| 作者单位: | 解放军理工大学,指挥自动化学院,南京,210007 |
| |
| 基金项目: | 国家高技术研究发展计划(863计划) |
| |
| 摘 要: | 通过分析主机感染蠕虫后网络流量特性的变化,基于免疫系统的阴性选择机制,提出了一种蠕虫检测方法。首先改进了可变半径实值阴性选择算法V-detector,改进策略是在检测器生成过程中根据非自体空间的分布产生具有尽可能大覆盖范围的检测器。改进算法与原算法相比,所生成的检测器集合中检测器的数量大幅度下降,检测效率提高。应用改进的V-detector算法生成检测器集合监控主机的网络流量特性,以检测蠕虫攻击。实验结果表明,该方法能有效检测传统蠕虫及多维传播的多态蠕虫。
|
| 关 键 词: | 人工免疫系统 阴性选择 蠕虫检测 |
| 文章编号: | 1007-5321(2007)02-0098-04 |
| 收稿时间: | 2006-05-16 |
| 修稿时间: | 2006年5月16日 |
Worm Detection Based on Improved V-detector Algorithm |
| |
| HONG Zheng,WU Li-fa,WANG Yuan-yuan.Worm Detection Based on Improved V-detector Algorithm[J].Journal of Beijing University of Posts and Telecommunications,2007,29(2):98-101. |
| |
| Authors: | HONG Zheng WU Li-fa WANG Yuan-yuan |
| |
| Affiliation: | (Institute of Command Automation, People’s Liberation Army University of Science and Technology, Nanjing 210007, China) |
| |
| Abstract: | A host usually changes its network traffic characteristics when infected by a worm. From the observation, a worm detection method was proposed. It drew inspiration from the negative selection of the immune system. Firstly, V-detector algorithm—a real-valued negative selection algorithm with variable-coverage detectors was improved. The improved algorithm endeavored to generate large detectors according to the non-self space distribution. Compared with V-detector, the improved algorithm generated a much smaller detector set and increased the detection efficiency. Secondly, the improved V-detector algorithm was used to generate detector sets and monitor hosts’ network traffic characteristics for worm attacks. Experiments show that the method is effective to detect traditional worms as well as multi-vector polymorphic worms. |
| |
| Keywords: | artificial immune system negative selection worm detection |
| 本文献已被 CNKI 维普 万方数据 等数据库收录! |
| 点击此处可从《北京邮电大学学报》浏览原始摘要信息 |
|
点击此处可从《北京邮电大学学报》下载全文 |
