| 基于统计分析建立流量动态临界线的蠕虫检测机制研究* |
| |
| 引用本文: | 王勇超,谢永凯,朱之平,林怀忠b.基于统计分析建立流量动态临界线的蠕虫检测机制研究*[J].计算机应用研究,2010,27(3):1032-1034. |
| |
| 作者姓名: | 王勇超 谢永凯 朱之平 林怀忠b |
| |
| 作者单位: | 1. 浙江大学网络信息中心,杭州,310027
2. 浙江大学人工智能所,杭州,310027 |
| |
| 基金项目: | 国家“863”计划资助项目(2007AA01Z197,2008AA01Z416) |
| |
| 摘 要: | 提出了一种基于正态分布进行异常流量检测,从而判断当前内网中是否存在蠕虫感染的方法。该方法根据历史流量的正态分布统计特性,计算出网络内数据流量的一般行为的可信区间,如果监控的流量超出该可信区间,则判断为异常流量并作出蠕虫威胁的报警。结合该方法,进一步分析了如何以双因素模型分析网络中蠕虫的数量。
|
| 关 键 词: | 正态分布 异常流量 可信区间 蠕虫 |
Worm detection technology research of net-flow dynamic critical line established based on statistical analytic method |
| |
| WANG Yong-chao,XIE Yong-kai,ZHU Zhi-ping,LIN Huai-zhongb.Worm detection technology research of net-flow dynamic critical line established based on statistical analytic method[J].Application Research of Computers,2010,27(3):1032-1034. |
| |
| Authors: | WANG Yong-chao XIE Yong-kai ZHU Zhi-ping LIN Huai-zhongb |
| |
| Affiliation: | (a.Center of Network & Information, b.Institute of Artificial Intelligence, Zhejiang University, Hangzhou 310027, China) |
| |
| Abstract: | This paper raised a method detect the abnormal net-flow based on normal distribution, then estimated the existence of Internet worm in internal network. According to the normal distribution character of the history flow, this method computed the normal behavior trusted zone of data flow in network, judged the inspected flow abnormal flow if it went beyond the trusted zone, and alarmed the threat of Internet worm. Combined with this method, further analyzed how to use two-factor model ana-lysis of the number of Internet worms in network. |
| |
| Keywords: | normal distribution traffic statistic trusted zone worm |
| 本文献已被 CNKI 万方数据 等数据库收录! |
| 点击此处可从《计算机应用研究》浏览原始摘要信息 |
|
点击此处可从《计算机应用研究》下载全文 |
|
