期刊文献+

蠕虫扫描检测算法的注记

Notes on Detection of Scanning Worm Infection
下载PDF
导出
摘要 蠕虫扫描检测算法,先设定阈值为若干事件,在相应时间内,若一台主机向外发出连接数超过阈值就判定为扫描行为,并将失败的连接次数作为判定是否为扫描行为的依据。其基于概率模型,或判定一个外部源地址要访问本地网络的目的地址或端口异常性,或判定其访问本地网络的目的地址数和端口数的异常性。其算法采用事件序列假设检验或改进假设检验以判定。 For the detection algorithm of worm scan, threshold value was set up as numbers of event, and if a host computer sent connected data to exceed the threshold value in a given time window, scan happened. And times of falling connection were used as the reference judged whether scanning. On the basis of probability model, judge if external source IP address is connected to destination IP addrvsses of local notwork, or unusual ports or destination IP addresses, or the abnormality between quantity of IP addresses and quantity of ports of destination IP addresses. For the judged algorithm, event sequential hypothesis testing (HT) algorithm or improved HT algorithm is mainly applied.
出处 《兵工自动化》 2005年第6期53-54,共2页 Ordnance Industry Automation
关键词 网络蠕虫 扫描 假设检验 网络安全 Internetworm Scan, Hypothesis testing Network security
  • 相关文献

参考文献4

  • 1Jaeyeon Jung,Vern Paxson,Arthur W.Berger,etc.Fast Portscan Detection Using Sequential Hypothesis Testing [A].In Proceedings of IEEE Symposium on Security and Privacy [C].May 9-12,2004.
  • 2C.Leckie and R.Kotagiri.A Probabilistic Approach to Detecting Network Scans [A].In Proceedings of the Eighth IEEE Network Operations and Management Symposium [C].2002.
  • 3V.Paxson.Bro:a Sustem for Detecting Network Intruders in Real-Time [J].Computer Networks,1999.
  • 4文伟平,卿斯汉,蒋建春,王业君.网络蠕虫研究与进展[J].软件学报,2004,15(8):1208-1219. 被引量:187

二级参考文献1

共引文献186

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
使用帮助 返回顶部