| 基于AOI方法的未知蠕虫特征自动发现算法研究 |
| |
| 引用本文: | 顾荣杰,晏蒲柳,邹涛,杨剑峰. 基于AOI方法的未知蠕虫特征自动发现算法研究[J]. 计算机科学, 2006, 33(7): 127-130 |
| |
| 作者姓名: | 顾荣杰 晏蒲柳 邹涛 杨剑峰 |
| |
| 作者单位: | 武汉大学电子信息学院通信工程系,武汉430072;北京系统工程研究院,北京100101 |
| |
| 摘 要: | 近年来频繁爆发的大规模网络蠕虫对Internet的整体安全构成了巨大的威胁,新的变种仍在不断出现。由于无法事先得到未知蠕虫的特征,传统的基于特征的入侵检测机制已经失效。目前蠕虫监测的一般做法是在侦测到网络异常后由人工捕获并进行特征的分析,再将特征加入高速检测引擎进行监测。本文提出了一种新的基于面向属性归纳(AOI)方法的未知蠕虫特征自动提取方法。该算法在可疑蠕虫源定位的基础上进行频繁特征的自动提取,能够在爆发的早期检测到蠕虫的特征,进而通过控制台特征关联监测未知蠕虫的发展趋势。实验证明该方法是可行而且有效的。
|
| 关 键 词: | 未知蠕虫 特征自动提取 面向属性归纳 |
An Automatic Worm Signature Extraction Algorithm Based on Attribution-Oriented Induction Method |
| |
| GU Rong-Jie,YAN Pu-Liu,ZOU Tao,YANG Jian-Feng. An Automatic Worm Signature Extraction Algorithm Based on Attribution-Oriented Induction Method[J]. Computer Science, 2006, 33(7): 127-130 |
| |
| Authors: | GU Rong-Jie YAN Pu-Liu ZOU Tao YANG Jian-Feng |
| |
| Affiliation: | 1.School of Electronic Information,Wuhan University,Wuhan 430072;2.Beijing Instituet of System Engineering, Beijing 100101 |
| |
| Abstract: | The frequent explosion of massive worm propagation becomes a huge threaten to Internet security and caused countless losses. The traditional signature based IDS fails to detect new worm due the absence of the ability to detect characteristic of unknown worms. Currently, worm monitoring worm traffic after the early-bird system detected anomaly worm mainly depends on artificial analysis on the captured traffic and put the signature into the high speed detection system. This paper proposed an automatic worm Signature extraction algorithm based on Attribution-Oriented Induction method. It can detect worm signature using a Hash method in the early stage of worm propagation and then track the worm spread trend through signature correlation in the control center of system. The subsequent experiment result shows that the algorithm is feasible and effective. |
| |
| Keywords: | Unknown worm species Automatic signature extraction AOI |
| 本文献已被 CNKI 维普 万方数据 等数据库收录! |
| 点击此处可从《计算机科学》浏览原始摘要信息 |
|
点击此处可从《计算机科学》下载全文 |
