| 一种基于进程流量行为的蠕虫检测系统 |
| |
| 引用本文: | 肖枫涛,王维,刘波,陈新.一种基于进程流量行为的蠕虫检测系统[J].计算机工程与科学,2011,33(4):19. |
| |
| 作者姓名: | 肖枫涛 王维 刘波 陈新 |
| |
| 作者单位: | 1. 国防科学技术大学计算机学院,湖南,长沙,410073
2. 福州61198部队,福建,福州,350003 |
| |
| 基金项目: | 福建省高校重点实验室开放课题,国家自然科学基金资助项目,国家863计划资助项目 |
| |
| 摘 要: | 随着蠕虫传播速度的不断加快,所造成的威胁也越来越大。为快速检测蠕虫,本文描述了和蠕虫相关的三种重要的进程流量行为:类蠕虫流量中源端口总数、类蠕虫进程流量中源端口的变化频率以及进程流量中类蠕虫流量占总进程流量的总数。基于这三种行为,本文提出了一种基于进程流量行为的蠕虫检测系统,同时介绍了该系统的相关定义、框架设计和关键实现。最后,采用真实程序进行了实验,结果表明该系统可以快速准确地检测蠕虫,并具有较小的误报率。
|
| 关 键 词: | 蠕虫检测 进程流量行为 蠕虫行为 行为检测 |
A Worm Dectection System Based on Process Traffic Behaviors |
| |
| XIAO Feng-tao,WANG Wei,LIU Bo,CHEN Xin.A Worm Dectection System Based on Process Traffic Behaviors[J].Computer Engineering & Science,2011,33(4):19. |
| |
| Authors: | XIAO Feng-tao WANG Wei LIU Bo CHEN Xin |
| |
| Abstract: | With the propagation speed getting faster and faster,the damages caused by worms are getting more and more serious.To detect worms quickly,three worm-related process traffic behaviors are described: the total amount of source port in worm-like traffic,the change frequency of source port in worm-like traffic and the ratio of worm-like traffic and total traffic for a single process.And based on the three behaviors,a worm detection system based on process traffic behaviors is presented and its definitions,framework design and key implementation are also introduced.Finally,through experimenting with the worms and normal applications in the real world,the system is proved to be able to detect worms quickly and correctly,and has only few false positives. |
| |
| Keywords: | worm detection process traffic behavior worm behavior behavior based detection |
| 本文献已被 万方数据 等数据库收录! |
| 点击此处可从《计算机工程与科学》浏览原始摘要信息 |
|
点击此处可从《计算机工程与科学》下载全文 |
|
