| 蜜罐自动捕获蠕虫病毒的设计和实现 |
| |
| 引用本文: | 谢卓,罗代升,王炜. 蜜罐自动捕获蠕虫病毒的设计和实现[J]. 成都信息工程学院学报, 2007, 22(1): 41-45 |
| |
| 作者姓名: | 谢卓 罗代升 王炜 |
| |
| 作者单位: | 1. 四川大学图像信息研究所,四川,成都,610065
2. 四川大学图像信息研究所,四川,成都,610065;四川大学信息安全研究所,四川,成都,610065 |
| |
| 摘 要: | 自动捕捉蠕虫是分析、遏制、对抗蠕虫的前提条件。通过深入分析各种实际蠕虫,提出了蠕虫传播的特性——异常数据来自不同的源地址,感染机发送相同的数据到大量目的地址。基于该特性,设计实现了基于蜜罐的蠕虫自动捕捉系统,系统自动分析发出和之前进入蜜罐机的数据包,通过特征分析和阀值比较,发现并捕获蠕虫。实验结果表明,系统可以获得良好的结果。
|
| 关 键 词: | 网络安全 病毒防御 蜜罐机 蠕虫捕获 |
| 文章编号: | 1671-1742(2007)01-0041-05 |
| 修稿时间: | 2006-09-21 |
Design and implementation of honeypot system of automatic capture of worm |
| |
| XIE Zhuo,LUO Dai-sheng,WANG Wei. Design and implementation of honeypot system of automatic capture of worm[J]. Journal of Chengdu University of Information Technology, 2007, 22(1): 41-45 |
| |
| Authors: | XIE Zhuo LUO Dai-sheng WANG Wei |
| |
| Abstract: | The automatic capture of the internet worm is a pre-step to analyze,restrain and resist the worms.Through deep analysis of the real worms the features of the worm propagation are obtained: abnormal data coming from various source addresses and sending to diverse destination addresses.Based on those features the honeypot system to capture the internet worm automatically is designed and implemented.The honeypot system analyzes the flow coming in and out of the sensor,then captures the suspicious worm flow by the feature comparison.The result shows that the system has good performance. |
| |
| Keywords: | network security worm vaccination honeypot automatic capture |
| 本文献已被 CNKI 维普 万方数据 等数据库收录! |
