| 高速实时的一种邮件蠕虫异常检测模型 |
| |
| 引用本文: | 罗浩,方滨兴,云晓春,王欣,辛毅. 高速实时的一种邮件蠕虫异常检测模型[J]. 通信学报, 2006, 27(2): 35-41 |
| |
| 作者姓名: | 罗浩 方滨兴 云晓春 王欣 辛毅 |
| |
| 作者单位: | 哈尔滨工业大学计算机科学与技术学院,黑龙江,哈尔滨,150001 |
| |
| 摘 要: | 提出了一种基于带泄漏的积分触发测量方法的电子邮件蠕虫异常检测方法,用来检测邮件蠕虫在传播过程中的流量异常。根据邮件流量所表现出的明显的日周期特性和周周期特性,首先计算出当前邮件流量和历史邮件流量的最小Hellinger距离,通过带泄漏的积分触发方法把邮件流量的Hellinger积累起来,从而把邮件蠕虫在传播过程中没有明显流量特征的慢速酝酿阶段的异常特征进行积累,达到在其进入快速传播期之前检测出异常的目的。检测过程只需要检查邮件的流量信息,因而适合大规模高速网络的异常检测。
|
| 关 键 词: | 邮件蠕虫 异常检测 带泄漏积分触发模型 |
| 文章编号: | 1000-436X(2006)02-0035-07 |
| 收稿时间: | 2005-11-15 |
| 修稿时间: | 2005-12-20 |
Real-time anomaly detection model for worm mails in high-speed network |
| |
| LUO Hao,FANG Bin-xing,YUN Xiao-chun,WANG Xin,XIN Yi. Real-time anomaly detection model for worm mails in high-speed network[J]. Journal on Communications, 2006, 27(2): 35-41 |
| |
| Authors: | LUO Hao FANG Bin-xing YUN Xiao-chun WANG Xin XIN Yi |
| |
| Affiliation: | School of Computer Science and Technology, Harbin institute of Technology, Harbin 150001,China |
| |
| Abstract: | An Email flow anomaly detection method based on leaky integrate-and-fire model was presented for detecting flow anomaly in the process of mail worm propagation.According to the day period and week period properties of the mail flow,Firstly the Hellinger distance between current mail flow and history statistic was calculated,and then integrate the Hellinger distance with Leaky integrate-and-fire method.In this way,the slice variety of flow was accumulated in the mail worm propagation slow start phase to archive the capability of the anomaly detection before the worm enter the fast spread phase.As this method only checks the mail flow information,it is suitable for high speed network mail flow anomaly detection. |
| |
| Keywords: | worm mail anomaly detection leaky integrate and fire model |
| 本文献已被 CNKI 维普 万方数据 等数据库收录! |
| 点击此处可从《通信学报》浏览原始摘要信息 |
|
点击此处可从《通信学报》下载全文 |
|
