| 基于数据包内容的网络异常行为分析方法研究 |
| |
| 引用本文: | 王功聪,王景中,王宝成.基于数据包内容的网络异常行为分析方法研究[J].信息网络安全,2013(12):58-61. |
| |
| 作者姓名: | 王功聪 王景中 王宝成 |
| |
| 作者单位: | 北方工业大学信息工程学院,北京100144 |
| |
| 基金项目: | 北京市自然基金重点项目B类[KZ2010009008]、北京市属高等学校人才强教计划资助项目[PHR2012]、科技成果转化项目[PXM2013]、北京市创新团队计划项目[HT20130502] |
| |
| 摘 要: | 文章通过模拟网络异常访问行为,对数据包内容进行解剖分析,提取数据内容所反映的异常行为特征,结合数据包包头特征信息,构成基于数据包内容的网络异常行为特征。通过大量模拟实验,以提取的网络异常行为特征为记录,形成异常行为数据库。在网络异常行为检测过程中,将异常行为数据库中的特征翻译成正则表达式,与检测到的数据包内容特征进行匹配,以此较为准确地判断数据包是否臭奄舟靠行为。
|
| 关 键 词: | 网络行为 数据包 正则表达式 |
A New Detection Method of Abnormal Network Behavior based on the Packet Content |
| |
| WANG Gong-cong,WANG Jing-zhong,WANG Bao-cheng.A New Detection Method of Abnormal Network Behavior based on the Packet Content[J].Netinfo Security,2013(12):58-61. |
| |
| Authors: | WANG Gong-cong WANG Jing-zhong WANG Bao-cheng |
| |
| Affiliation: | (College of lnformation Engineering of North China University of Technology, Beijing 100144, China) |
| |
| Abstract: | This paper presents a abnormal network behavior detection method based on packet contents. Firstly, the abnormal network access is simulated. Secondly, by analyzing the packet content of the network access, the features of the abnormal network behavior are extracted, which are combined with the features of the packet header information to constitute the features of the abnormal network behavior based on the packet contents. A lot of simulation experiments are conducted to extract the features of the abnormal network behavior and then form the abnormal behavior database. The characteristics of network behavior in the formed database are translated into regular expressions. By matching the regular expression of these characteristics with the features of the detected packet content, the detection of the abnormal network behavior becomes more accurately. |
| |
| Keywords: | network behavior packet regular expression |
| 本文献已被 维普 等数据库收录! |
