摘要
新一代的网络蠕虫融合了病毒、木马、DDOS攻击等各种攻击手段,一旦爆发,将迅速导致大规模的网络阻塞甚至瘫痪。提出了一种蠕虫爆发检测算法,通过对网络流量变化率的监测,可以在蠕虫爆发的前期发现网络异常,从而使网络管理员和应急响应组织获得更多的反应时间,在蠕虫阻塞网络之前采取措施。算法使用DARPA98入侵检测评估系统进行了评估,并应用于Blaster、Nachi、slammer和Sasser蠕虫爆发时的真实数据。
New internet worm including many attack measures, such as virus, trojan and DDDS, will cause network block even paralysis, when it breaks out. A detection algorithm is brought forward which can find abnormity in the forepart of worm eruption by detection on variable rate of network flux, and then network administrators and emergency response teams can gain more time to take measures before worm blocks the network. This algorithm is evaluatedby DARPA98 intrusion detection evaluation system and has applied to real flux data of worm (Blaster、Nachi、slammer) eruption.
出处
《计算机工程与设计》
CSCD
北大核心
2005年第5期1140-1143,共4页
Computer Engineering and Design
基金
国家自然科学基金项目(60203004)
