摘要
为了论证网络传播蠕虫时将出现网络流量的异常特征的现象,分析了网络蠕虫的工作机制和扫描策略,提出了基于N etF low流信息检测网络蠕虫的检测方案,设计了一种检测网络蠕虫的逐步求精三级算法NDW(N etF low based detecting w orm)。算法通过依次检测主机总流量、特征端口和行为规律,快速有效地定位和判断异常主机。理论分析表明,该算法的时间复杂性不大于H(εM+O)(1))。实验结果表明,算法能够有效、准确地发现被网络蠕虫感染的主机。
The mechanism and strategy of network worm were analyzed and the phenomena that abnormal behaviors of network traffic occurred while spreading network worm was demonstrated. The solution to detecting network worm based on NetFlow flow information was put forward and an three-level-stepwise algorithm detecting network worm called NetFlow based Detecting Worm(NDW) algorithm was designed, in which by monitoring host traffic, well-known ports and behavior characteristics in turn, abnormal hosts could be determined and located fast and efficiently. The analysis results show that the time complexity of NDW is not more than H(εM+O)(1)). The experimental results show the NDW can locate infected hosts effectively and accurately.
出处
《解放军理工大学学报(自然科学版)》
EI
2006年第4期336-340,共5页
Journal of PLA University of Science and Technology(Natural Science Edition)
基金
国家自然科学基金资助项目(90304016)
