| 未知蠕虫自动检测技术研究 |
| |
| 引用本文: | 佟晓筠,王翥,赵章泉.未知蠕虫自动检测技术研究[J].计算机工程,2011,37(20):139-141. |
| |
| 作者姓名: | 佟晓筠 王翥 赵章泉 |
| |
| 作者单位: | 哈尔滨工业大学(威海)计算机科学与技术学院,山东威海,264209 |
| |
| 基金项目: | 国家自然科学基金资助项目(60973162);山东省自然科学基金资助项目(ZR2009GM037);山东省科技攻关计划基金资助项目(2010GGX10132);哈尔滨工业大学(威海)校科学研究基金资助项目(HIT(WH)2009) |
| |
| 摘 要: | 现有蠕虫检测系统的误报率较高。为此,提出未知蠕虫自动检测技术。利用多维蠕虫异常检测方法发现未知蠕虫,使用跳跃式多特征串提取方法得到未知蠕虫的特征串集合,并生成相应的特征检测规则,实现未知蠕虫的自动检测。实验结果证明,该技术能够成功发现新型蠕虫,具有较高的蠕虫检测率和较低的误报率。
|
| 关 键 词: | 未知蠕虫 蠕虫检测 特征提取 异常检测 |
| 收稿时间: | 2011-05-12 |
Research on Unknown Worm Automation Detection Technology |
| |
| TONG Xiao-jun,WANG Zhu,ZHAO Zhang-quan.Research on Unknown Worm Automation Detection Technology[J].Computer Engineering,2011,37(20):139-141. |
| |
| Authors: | TONG Xiao-jun WANG Zhu ZHAO Zhang-quan |
| |
| Affiliation: | (School of Computer Science and Technology,Harbin Institute of Technology at Weihai,Weihai 264209,China) |
| |
| Abstract: | Facing fast-spreading worms,existing detecting systems have lots of defects,such as high false alarm rate.For this reason,this paper proposes an automatic unknown worm detection technology,which uses multidimensional worm ab-normal detection method to discover unknown worms and uses salutatory multiple signatures extraction method to get the set of unknown worms' signatures.It generates feature detection rules from signature set.It realizes automation of unknown worm detection using new rules.Experiments prove that,this technology can find the unknown worm,and has high detection rate and low false positive rate. |
| |
| Keywords: | unknown worm worm detection feature extraction abnormal detection |
| 本文献已被 CNKI 维普 万方数据 等数据库收录! |
| 点击此处可从《计算机工程》浏览原始摘要信息 |
|
点击此处可从《计算机工程》下载全文 |
