| 基于失败连接分析的网络蠕虫检测系统研究 |
| |
| 引用本文: | 廖明涛,张德运,侯琳,李金库. 基于失败连接分析的网络蠕虫检测系统研究[J]. 微电子学与计算机, 2007, 24(5): 100-102 |
| |
| 作者姓名: | 廖明涛 张德运 侯琳 李金库 |
| |
| 作者单位: | 1. 西安交通大学,电信学院网络所,陕西,西安,710049
2. 西安建筑科技大学,信控学院,陕西,西安,710055 |
| |
| 基金项目: | 国家高技术研究发展计划(863计划);国家"火炬计划" |
| |
| 摘 要: | 根据网络蠕虫攻击的特点,提出一种基于失败连接分析的网络蠕虫早期检测系统。该系统通过实时分析失败连接流量分布和正常状态的偏离度来检测蠕虫,通过分析失败连接集的自相似度进一步降低蠕虫检测的误报率。基于原型系统的实验结果显示,该系统能够实时检测未知类型的网络蠕虫攻击,分析蠕虫扫描的网络传输特征和网络内可能感染的主机列表。和已有方法相比,该系统对蠕虫的早期扫描行为更加敏感,并具有更低的误报率。
|
| 关 键 词: | 网络安全 网络蠕虫检测 失败连接 |
| 文章编号: | 1000-7180(2007)05-0100-03 |
| 修稿时间: | 2006-05-28 |
Network Worms Detecting System Based on Failed Connections Analysis |
| |
| LIAO Ming-tao,ZHANG De-yun,HOU Lin,LI Jin-ku. Network Worms Detecting System Based on Failed Connections Analysis[J]. Microelectronics & Computer, 2007, 24(5): 100-102 |
| |
| Authors: | LIAO Ming-tao ZHANG De-yun HOU Lin LI Jin-ku |
| |
| Abstract: | On the basis of characteristics of network worms attack, a system for early detection of network worms based on failed connections analysis is proposed. This system detects worms in real-time by calculating dissimilar degree of failed connections traffic distribution from the normal state. Furthermore, a method of analyzing self-similarity of failed connections set is developed to reduce the false positives caused by traffic noise. The experiment based on a prototype system shows that the approach can detect unknown worms in real-time, extract possible features of worms scan, derive the list of likely infected hosts. Compared to existing methods, this system is more sensitive, and has a lower false positive rate. |
| |
| Keywords: | network security network worm detection failed connection |
| 本文献已被 CNKI 维普 万方数据 等数据库收录! |
|
