摘要
对于利用漏洞扫描技术传播的蠕虫进行预警,传统方法存在着诸如无法区分P2P数据流,无法检测利用多个端口传播蠕虫等问题。针对这些问题,结合对网络蠕虫行为模式的分析,提出了一种改进的算法,并建立了基于该算法的预警模型。最后对该方法的可行性和各项性能进行了分析,发现新方法能更有效的预警未知的网络蠕虫。
Traditional algorithm to scanning worms early warning can't be used to distinguish P2P activity which can produce infection-like traffic, it also can't be used to forecast the multivector worms which propagation by exploits several vulnerabilities. To settle this problem, an improved algorithm was developed and an early warning model was established based on the algorithm. At last, the feasibility of this method was analysed, by comparing with existing methods, the new approach become more efficient, and had the characteristic of issuing warning at the early stage of worm propagation.
出处
《通信学报》
EI
CSCD
北大核心
2007年第5期80-89,共10页
Journal on Communications
基金
河北省教育厅自然科学基金重点项目(Zh2006006)
河北省教育厅基金资助项目(2005214)
河北省自然科学基金资助项目(F2004000133)~~
关键词
网络蠕虫
预警
传播行为
蜜罐
Internet worm
early warning
behavior
honeypot