大规模蠕虫在线追踪培养皿被引量：1

Online tracing Petri dish of large scale worm

下载PDF

导出

摘要提出了一个用于反向追踪大规模网络蠕虫传播的虚拟实验环境,能够用于网络蠕虫检测和防御实验。实验环境使用虚拟机技术,虚拟大量主机和网络设备参加,尽量符合网络实际。在可控的范围内,使用真实的感染代码引发大规模蠕虫的爆发,观测蠕虫的传播过程。实验环境中可以发现蠕虫的传播特性,实时收集网络蠕虫的流量数据和感染过程。 For the detection and defense of large scale Internet worm outbreaks, a convenient and safe experimental environment capable of running real worm becomes an important work to observe large scale worm infection, intrusion and propagation. It can be a large scale worm test bed for forensic evidence. A large-scale worm propagation experiments environment for tracing algorithm was proposed, which was an isolated environment that could run related experiments. To conform as much as possible to the actual network, the experimental environment used virtual machine technology, simulated a large number of hosts and network equipments. In this environment, large-scale worm outbreaks within the controllable scope could be triggered, the propagation process of the worm, experiment detection and defense techniques could be observed, the worm propagation characteristics such as scanning method and propagation process could be discovered, and the network traffic and propagation process could be collected real-timely. After network traffic was investigated, speculation algorithm was launched for reconstructing out patient zero and propagation path of the worm. Then actual worm propagation process could be captured and compared with the results of tracing algorithm.

作者李强康健向阳

机构地区吉林大学计算机科学与技术学院

出处《计算机应用》 CSCD 北大核心 2007年第11期2696-2698,共3页 journal of Computer Applications

基金国家自然科学基金资助项目(90204014) 吉林大学种子基金项目

关键词蠕虫在线追踪培养皿 worm online tracing Petri dish

分类号 TP393.08 [自动化与计算机技术—计算机应用技术]

引文网络
相关文献

参考文献9

1KIENZLE D M,ELDER M C.Recent worms:a survey and trends[C]// WORM'03:Proceedings of the 2003 ACM workshop on Rapid Malcode.New York,NY,USA:ACM Press,2003:1 -10.
2ABU RAJAB M,MONROSE F,TERZIS A.Worm evolution tracking via timing analysis[C]// Proceedings of the 2005 ACM Workshop on Rapid Malcode.New York,NY:ACM Press,2005:52 -59.
3XIE Y L,SCKAR V,MALTZ D A,et al.Worm origin identification using random moonwalks[C] // Proceedings of IEEE Symposium on Security and Privacy.Log Alamitos:IEEE Computer Society Press,2005:242-256.
4The network simulator-2[EB/OL].[2007-05-01].http:// www.isi.edu/nsnam/ns/.
5JIANG X,XU D,WANG H J,et al.Virtual playgrounds for worm behavior investigation[C]// Proceedings of the 8th International Symposium on Recent Advances in Intrusion Detection (RAID 2005),LNCS 3858.Heidelberg,Berlin:Springer-Verlag,2006:1-21.
6VRABLE M,MA J,CHEN J,et al.Scalability,fidelity and containment in the potemkin virtual honeyfarm[C] // Proceedings of the ACM Symposium on Operating System Principles (SOSP).New York:ACM Press,2005:148-162.
7KING S T,CHEN P M,WANG Y-M,et al.SubVirt:Implementing malware with virtual machines[C]// Proceedings of the 2006 IEEE Symposium on Security and Privacy.Washington,DC,USA:IEEE Computer Society,2006:314-327.
8DIKE J.User mode linux[EB/OL].[2007-05-01].http://user-mode-linux.sourceforge.net.
9Linux lion worms[EB/OL].[2007-05-10].http://www.whitehats,com/library/worms/lion/.

同被引文献7

1唐振江,何慧,云晓春.基于多特征相似度的蠕虫检测[J].高技术通讯,2005,15(8):11-17. 被引量：4
2任江涛,孙婧昊,黄焕宇,印鉴.一种基于信息增益及遗传算法的特征选择算法[J].计算机科学,2006,33(10):193-195. 被引量：18
3张新宇,卿斯汉,李琦,李大治,何朝辉.一种基于本地网络的蠕虫协同检测方法[J].软件学报,2007,18(2):412-421. 被引量：25
4ZUO C C, GONG WEI-BO, TOWSLEY D, et al. Monitoring and early Detection for Internet worms[ EB/OL]. [ 2009 - 08 - 01 ]. http://wwwunix. ecs. umass, edu/- gong/paperz/earlyDetectionJoumal, pdf.
5姜启源,谢金星,叶俊.数学模型[M].3版.北京:高等教育出版社,2005.
6FFRAGA J S, POWELL D. A fault and intrusion-tolerant file system [ C]// Proceedings of the 3rd International Conference on Computer Security. [ S. l. ] : IEEE, 1985:203 -218.
7KNG S T, CHEN P M, WANG Y-M, et al. SubVirt implementing malware with virtual machines [ C]//Proceedings of the 2006 IEEE Symposium on Security and Priacy. Washington, DC: IEEE Computer Society, 2006:314 -327.

引证文献1

1左家亮,寇雅楠,杨任农,张滢,侯佩,黄利斌.基于贪婪算法的蠕虫综合容忍预警方法[J].计算机应用,2010,30(2):529-531.

1线上追踪不稀奇线下追踪渐兴起[J].世界电信,2013(3):28-28.
2飘零雪.在线追踪喜好文章[J].网友世界,2009(18):51-51.
3张军.一类新型计算机病毒──CIH病毒的预防与清除[J].职业技术教育,1999,20(2):47-47.
4汪伟,鲁东明,董亚波,陈宇峰.面向内网的网络蠕虫检测系统设计与实现[J].计算机工程,2006,32(17):205-206. 被引量：4
5冉晓昱.网络安全和IP追踪[J].网络安全技术与应用,2003(2):60-62. 被引量：1
6李强,向阳.推测网络蠕虫传播路径的在线聚积算法[J].软件学报,2010,21(4):802-815.
7自动化预备培养基[J].生物技术世界,2008(2):88-88.
8卡尔·齐默,栾兴华（翻译）.百万亿神经连接编织意识[J].环球科学,2011(2):76-81.
9梁玲.宏病毒感染过程及防范措施研究[J].科技情报开发与经济,2009,19(30):81-83. 被引量：1
10由恒军.企业网络营销之“变”[J].汽车观察,2012(2):60-60.

计算机应用

2007年第11期

浏览历史

内容加载中请稍等...

大规模蠕虫在线追踪培养皿被引量：1

参考文献9

同被引文献7

引证文献1

相关作者

相关机构

相关主题

浏览历史

大规模蠕虫在线追踪培养皿 被引量：1

参考文献9

同被引文献7

引证文献1

相关作者

相关机构

相关主题

浏览历史

大规模蠕虫在线追踪培养皿被引量：1