首页 | 本学科首页   官方微博 | 高级检索  
     

基于连接载荷的蠕虫检测技术研究
引用本文:黄敏,孙一品,王勇军. 基于连接载荷的蠕虫检测技术研究[J]. 成都信息工程学院学报, 2014, 29(4): 383-387
作者姓名:黄敏  孙一品  王勇军
作者单位:国防科学技术大学计算机学院,湖南长沙,410073
基金项目:国家自然科学基金资助项目,国家863基金资助项目
摘    要:提出一种基于连接载荷相似度的蠕虫检测方法 ,利用汉明距离计算载荷相似度检测未知蠕虫。与最长公共子串算法相比,这种方法更能减少计算资源消耗。并在此基础上,提出结合粗粒度异常检测和细粒度行为分析的检测系统。进一步排查非蠕虫流量,锁定蠕虫报文组,减少相似度的计算量。实验证明,这种方法能够检测出未知蠕虫。

关 键 词:蠕虫检测  汉明距离  相似度  载荷

Research on Worm Detection Technology Based on Payload
HUANG Min,SUN Yi-Pin,WANG Yong-Jun. Research on Worm Detection Technology Based on Payload[J]. Journal of Chengdu University of Information Technology, 2014, 29(4): 383-387
Authors:HUANG Min  SUN Yi-Pin  WANG Yong-Jun
Affiliation:1.College of Computer, National University of Defense Technology, Changsha 410073, China)
Abstract:In view of the present situation of large scale and high speed network.A method of worm detection was presented based on analysis of similarity of payload of connection which compute similarity of connection by using computing hanming distance of payload of connection.Comparing with arithmetic of longest common subsequence,this method can reduce computational resource consumption.And on this basis,present a detection system com bining with the coarse-grained anomaly detection and fine-grained analysis of behavior.Further exclude non worm traffic,focus on worm traffic and reduce the similarity calculation.The experiment proved this method can detect unknown worm.
Keywords:worm detection  hanming distance  similarity  payload
本文献已被 CNKI 维普 万方数据 等数据库收录!
设为首页 | 免责声明 | 关于勤云 | 加入收藏

Copyright©北京勤云科技发展有限公司  京ICP备09084417号