摘要
提出了一种基于NetFlow的动态基线的蠕虫检测新方法。该方法利用NetFlow网络信息监测工具,每五分钟采集一次各通讯端口的信息,以其通讯端口、时间、流量三个维度所建立的信息基线过滤与基线偏离的信息,便可筛选出符合蠕虫行为的信息数据,进而找出可能的蠕虫及受感染的节点。
According to the characteristics of network attacks, the author collected the information about NetFlow containing char- acteristics of the worm and put forward a new method of worm detection based on a dynamic baseline of NetFlow. The method used NetFlow information network monitoring tools to collect the information of communications port every five minutes. Through the deviations of the baseline and the selection of information baseline on the basis of three dimensions of communication port, time and flow, we can get the information and data of worm behavior, and thereby identify possible worm and the infected node. The experimental results show that the method can accurately detect worm attacks and this mechanism will be able to play a role at the beginning of a new worm attack.
出处
《华北科技学院学报》
2008年第1期94-97,111,共5页
Journal of North China Institute of Science and Technology
关键词
网络安全
网络蠕虫
基线分析
网络管理
Network Security
Internet worm
baseline analysis
network management