期刊文献+
任意字段
题名或关键词
题名
关键词
文摘
作者
第一作者
机构
刊名
分类号
参考文献
作者简介
基金资助
栏目信息

基于随机实验的蠕虫传播预测研究 被引量:1

Research of worm-propagation prediction based on stochastic experiment
下载PDF
导出
摘要 蠕虫传播预测是蠕虫防御的基础之一,但随着蠕虫扫描策略日趋多样和互联网结构逐步复杂,在蠕虫爆发初期及时建立精确的蠕虫传播模型变得越来越困难。利用随机仿真实验来模拟蠕虫在网络中的传播行为,通过统计分析仿真实验结果,发现蠕虫传播实验结果是一个随机过程,而实验结果间存在很高的线性相关性。由此提出一种基于仿真实验统计结果的蠕虫传播趋势预测方法,该方法可以利用0.1%存在漏洞主机的感染信息精确的预测蠕虫传播趋势。 The prediction of the worm propagation is the basis of the worm defense. It is becoming more difficult to model the propagation of worms in the early stage of worm-spreading, because the worm strategies are smarter and the Internet structure is more complicated than ever before. In present study, a stochastic simulator was designed to simulate the propagation of worms. From the analysis of 1000 groups of experiment results, it was proved that the worm-propagation is a stochastic process, and the correlation coefficient between each group of results is close to 1. Therefore, a new prediction method was proposed, which could accurately calculate the propagation of worm when 0. 1% of all vulnerable hosts were infected.
作者 刘烃 郑庆华 管晓宏 屈宇 王娜
机构地区 西安交通大学智能网络与网络安全教育部重点实验室机械制造系统工程国家重点实验
出处 《通信学报》 EI CSCD 北大核心 2007年第12期72-77,共6页 Journal on Communications
基金 国家自然科学基金资助项目(60574087 60473136) 国家高技术研究发展计划("863"计划)基金资助项目(2007AA01Z475 2007AA01Z480 2007AA01Z464) 国家"111引智计划"基金资助项目~~
关键词 蠕虫 蠕虫传播预测 随机过程 worm worm-propagation prediction stochastic process
分类号 TP393 [自动化与计算机技术—计算机应用技术]
  • 相关文献

参考文献10

  • 1王平,方滨兴,云晓春,彭大伟.基于用户习惯的蠕虫的早期发现[J].通信学报,2006,27(2):56-65. 被引量:9
  • 2DUBENDORFER T, WAGNER A,HOSSMANN T, et al. Flow-level traffic analysis of the blaster and so big worm outbreaks in an Internet backbone[A]. Proceedings of DIMVA 2005[C]. Austria, 2005. 103-122.
  • 3罗浩,方滨兴,云晓春,王欣,辛毅.高速实时的一种邮件蠕虫异常检测模型[J].通信学报,2006,27(2):35-41. 被引量:3
  • 4STANIFORD S,PAXSON V, WEAVER N.How to own the Internet in your spare time[A]. Proceedings of the 11th Usenix Security Symp[C]. San Francisco, 2002. 149-167.
  • 5ZOU C C, GONG W B,TOWSLEY D. Code red worm propagation modeling and analysis[A]. Proceedings of the 9th ACM Symp on Computer and Communication Security[C]. Washington DC, 2002:138-147.
  • 6ZOU C C,TOWSLEY D,GONG W B. E-mail worm modeling and defense[A]. Proceedings of 13^th Conference Computer Communication and Networks (ICCCN'04)[C].Chicago, 2004.409-414.
  • 7SATORRAS R P. A vespignani, epidemic spreading in scale-free networks[J]. The American Physical Society, 2001,86(14): 3200-3203.
  • 8W32.Erkez.B @ mm[EB/OL], http://www.symantec.com/security_res ponse/writeup, jsp?docid=2004-061110-4018-99, 2004.
  • 9BRUMLEY D, LIU L H,POOSANKAM P, et al. Design space and analysis of worm defense strategies[A]. Proceedings of the ASIACCS'06[C]. Taipei, 2006. 125-137.
  • 10ZOU C C, GONG W B,OWSLEY D, et al. The monitoring and Early detection of Internet worms[J]. IEEE/ACM Transactions on Networking, 2005, 13(5): 961-974.

二级参考文献24

  • 1文伟平,卿斯汉,蒋建春,王业君.网络蠕虫研究与进展[J].软件学报,2004,15(8):1208-1219. 被引量:187
  • 2CERT.Cert advisory Ca-2001-22 W32/sircammalicious code[EB/OL].http://www.cert.org/advisories/CA-2001-22.html,July 2001.
  • 3WHITEPAPER MESSAGELABS.The convergence of viruses and spain lessons learned from the sobig.f experience[EB/OL].http://www.messagelabs.com/microsites/MessageLabs,2003.
  • 4CAM L L.Asymptotic Methods in Statistical Decision Theory[M].New York:Springer-Verlag,1986.89-96.
  • 5GERSTNER W,KISTLER W M.Spiking Neuron Models:Single Neurons,Populations,Plasticity[M].Cambridge:Cambridge University Press,2002.50-63.
  • 6BARFORD P,KLINE J,PLONKA D,et al.A signal analysis of network traffic anomalies[A].Proceedings of the 2nd ACM SIGCOMM Workshop on Internet Measurement[C].Washington D C,USA:ACM Press,2002.1-12.
  • 7ZOU C C,GONG W,TOWSLEY D.Feedback Email Worm Defense System for Enterprise Networks[R].Umass ECE Technical Report TR-04-CSE-05,2004.
  • 8GUPTA A,SEKAR R.An approach for detecting self-propagating email using anomaly detection[A].Recent Advances in Intrusion Detection[C].New York,USA:Springer-Verlag,2003.108-119.
  • 9ZOU C C,GONG W,TOWSLEY D,et al.Monitoring and early detection of internet worms[A].Proceedings of the 10th ACM Conference on Computer and Communications Security[C].Washington D C,USA:ACM Press,2003.190-199.
  • 10ZOU C C,GONG W,TOWSLEY D.Code red worm propagation modeling and analysis[A].Proceedings of 9th ACM Conference on Computer and Communication Security[C].Washington D C,USA:ACM Press,2002.138-147.

共引文献10

同被引文献17

  • 1SPAFFORD E H. The Intemet Worm Program: an Analysis[R]. Technical Report, CSD-TR-823, West Lafayette: Department of Computer Science, Purdue University, 1988. 1-29.
  • 2MOORE D, SHANNON C, BROWN J. Code-Red: a case study on the spread and victims of an Intemet worm[A]. Proceedings of the Second ACM SIGCOMM Workshop on Interact Measurement[C]. 2002. 273-284.
  • 3STANIFORD S, PAXSON V, WEAVER N. How to own the lnternet in your spare time[A]. Proc of the l lth Usenix Security Symp[C]. San Francisco, 2002.
  • 4ZOU C C, GONG W, TOWSLEY D. Code Red worm propagation modeling and analysis[A]. Proc of the 9th ACM Symp. on Computer and Communication Security[C]. Washington, 2002. 138-147.
  • 5CHEN Z, GAO L, KWIAT K. Modeling the spread of active worms[A]. IEEE 1NFOCOM 2003 [C]. 2003.1890-1900.
  • 6YIJ W, WANG X, PRASAD C, XUAN D, ZHAO W. Modeling and detection of Camouflaging worm[J]. IEEE Transaction on Dependable and Secure Computing, 2011, 8(4): 377-390.
  • 7YU W, ZHANG N, FU X W, et al. Self-disciplinary worms and countermeasures:modeling and analysis[J]. IEEE Transactions on Parallel and Distributed Systems, 2010, 21(10): 1501-1514.
  • 8JENNIFER T. Jackson and sadie creese, virus propagation in heterogeneous bluetooth networks with human behaviors[J]. IEEE Transactions on Dependable and Secure Computing, 2012, 9(6):930-943.
  • 9SARAH S, NESS B S, SAURABH B. Modeling and automated containment of worms[J]. IEEE Transactions on Dependable and Secure Computing, 2008, 5(2): 528-537.
  • 10ROSS S. Stochastic Processes[M]. John Wiley & Sons, 1996.

引证文献1

二级引证文献2

通信学报
2007年 第12期

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
使用帮助 返回顶部