期刊文献+
任意字段
题名或关键词
题名
关键词
文摘
作者
第一作者
机构
刊名
分类号
参考文献
作者简介
基金资助
栏目信息

基于本地主机传播行为的蠕虫预警新方法 被引量:5

Approach to worm early warning based on local victim behavior
下载PDF
导出
摘要 对于利用漏洞扫描技术传播的蠕虫进行预警,传统方法存在着诸如无法区分P2P数据流,无法检测利用多个端口传播蠕虫等问题。针对这些问题,结合对网络蠕虫行为模式的分析,提出了一种改进的算法,并建立了基于该算法的预警模型。最后对该方法的可行性和各项性能进行了分析,发现新方法能更有效的预警未知的网络蠕虫。 Traditional algorithm to scanning worms early warning can't be used to distinguish P2P activity which can produce infection-like traffic, it also can't be used to forecast the multivector worms which propagation by exploits several vulnerabilities. To settle this problem, an improved algorithm was developed and an early warning model was established based on the algorithm. At last, the feasibility of this method was analysed, by comparing with existing methods, the new approach become more efficient, and had the characteristic of issuing warning at the early stage of worm propagation.
作者 田俊峰 张弛 刘涛 李宁
机构地区 河北大学数学与计算机学院
出处 《通信学报》 EI CSCD 北大核心 2007年第5期80-89,共10页 Journal on Communications
基金 河北省教育厅自然科学基金重点项目(Zh2006006) 河北省教育厅基金资助项目(2005214) 河北省自然科学基金资助项目(F2004000133)~~
关键词 网络蠕虫 预警 传播行为 蜜罐 Internet worm early warning behavior honeypot
分类号 TP393.08 [自动化与计算机技术—计算机应用技术]
  • 相关文献

参考文献19

  • 1文伟平,卿斯汉,蒋建春,王业君.网络蠕虫研究与进展[J].软件学报,2004,15(8):1208-1219. 被引量:187
  • 2郑辉,李冠一,涂奉生.蠕虫的行为特征描述和工作原理分析[A].第三届中国信息和通信安全学术会议论文集[C].北京,2003.168-172.
  • 3GU G,SHARIF M,QIN X.Worm detection,early warning and response based on local victim information[A].20th Annual Computer Security Applications Conference(ACSAC2004)[C].Tucson,AZ 2004.136.145.
  • 4杨峰,段海新,李星.网络蠕虫扩散中蠕虫和良性蠕虫交互过程建模与分析[J].中国科学(E辑),2004,34(8):841-856. 被引量:27
  • 5RICHANDSCM D W,GNIBBLE S D,LAZOWSKA E D.The limits of global scanning worm detectors in the presence of background noise[A].Proceedings of the 2005 ACM Workshop on Rapid Malcode[C].2005.60-70.
  • 6PORTOKALIDIS U,BOS H.Sweetbait:zero-hour worm detection and containment using low and high-interaction honeypots[J].Elsevier Computer Networks,2007,51(5):1256-1274.
  • 7卿斯汉,文伟平,蒋建春,马恒太,刘雪飞.一种基于网状关联分析的网络蠕虫预警新方法[J].通信学报,2004,25(7):62-70. 被引量:39
  • 8KIJEWSKI E ARAKIS-an early warning and attack identification system[EB/OL].http://www.first.org/conference/2004/papers/c08.pdf.2004.
  • 9Symantec security response[EB/OL].http://www.symantec.com/enterprise/security_response/threatexplorer/azlisting.jsp.2006.
  • 10CNCERT/CC 2006年上半年网络安全报告[EB/OL].http:// www.cert.org.cn/articles/conference/common/2006080222843.shtml.2006.

二级参考文献23

  • 1[2]CERT Advisory CA-2001-23. Continued Threat of the "Code Red Ⅱ" Worm. http:∥www. cert. org/advisories/CA-2001-23 .html
  • 2[3]Moore D. The Spread of the Code-Red Worm (CRv2). http:∥www. caida.org/analysis/security/-code-red/coderedv2 analysis.xml, Nov 2001
  • 3[4]Staniford S, Paxson V, Weaver N. How to Own the Internet in Your Spare Time. In: Proc of the USENIX Security Symposium, 2002
  • 4[5]Das Bistro Project's anti-code-red default.ida. http:∥www. dasbitro.com/default.ida
  • 5[6]Douglas Knowles, Frederic Perriot and Peter Szor, Symantec security response: W32/Nachi. A,http:∥www. f-prot.com/virusinfo/descriptions/nachi_A.html
  • 6[7]Douglas Knowles, Frederic Perriot and Peter Szor, Symantec security response: W32.Blaster. Worm,http:∥securityresponse.symantec.com/avcenter/venc/data/w32.blaster, worm.html
  • 7[8]Cliff Changchun Zou, Don Towsley, Email Virus Propagation Modeling and Analysis, Umass ECE Technical Report TR-03-CSE-04, May, 2003
  • 8[9]Michael Liljenstam, A Mixed Abstraction Level Simulation Model of Large-Scale Internet Worm Infestations, In: Proceedings of the Tenth IEEE/ACM Symposium on Modeling, Analysis and Simulation of Computer and Telecommunication Systems (MASCOTS), IEEE Computer Society Press, Fort Worth,TX, Oct 2002
  • 9[10]David Moore, Code-Red: A case study on the spread and victims of an Internet worm, In: Presented at the Internet Measurement Workshop (IMW) in 2002
  • 10[11]Cliff Changchun Zou, Weibo Gong, Don Towsley. Code Red Ⅱ Worm Propagation Modeling and Analysis.In: 9th ACM Conference on Computer and Communication Security, Nov. 18-22, Washington DC, USA,2002. http:∥tennis.ecs.umass.edu/~czou/research/codered.pdf

共引文献219

同被引文献46

引证文献5

二级引证文献6

通信学报
2007年 第5期

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
使用帮助 返回顶部