摘要
在高速链路中蠕虫会以一种无法预料的高速率传播,因此设计一个高效的自动防御系统是十分必要的。这种防御系统的设计需要以高度可信的检测准确度和实时的流量分析为基础。针对这些问题,提出了利用蠕虫的信息流量可视化进行监测。介绍了一个简单巧妙的信息可视化方法,那就是在包的源IP、目标IP和目标端口的三维空间里描绘一个包。用这种可视化方法可以清晰地辨别出蠕虫。基于此性质设计了一个高效的蠕虫检测和分类的规则。
Worm epidemic might spread at unprecedented high speed in high-speed links. And it is very necessary to design a comprehensive automated defense system. The design of the system must base on high reliable detection accuracy and real-time traffic analysis. To solve these problems, a detecting method was presented which is based on the visualization of worm traffic flow. A simple and novel visualization scheme was introduced, which plots a packet in a 3-dimensional space using its source IP address, destination IP address and the destination port. After the high-speed link's traffic flow is visualized through this scheme, worms could be detected easily. Based on this character, an efficient attack detection and classification algorithm was brought forth.
出处
《计算机工程与设计》
CSCD
北大核心
2006年第9期1607-1610,共4页
Computer Engineering and Design
