摘要
由于近些年蠕虫攻击日益泛滥和业界相应安全检测产品的功能单一化,导致了安全事件频繁虚警和漏警。鉴于目前这种困境,该文在分别研究了著名开源项目OSSIM和蠕虫攻击技术的基础上,提出了基于序列化启发式关联技术的蠕虫检测方法。该文中提出的这种关联方法采用XML文档描述蠕虫入侵模式,这就使该关联方法比其他方法更加灵活、可信。最后,该文中不仅给出了蠕虫检测的通用关联规则,还搭建了以OSSIM为母体的安全管理平台进行测试。从测试过程和结果显示了该方法的灵活可靠性。
R, ecently, due to worm attack activity and security products simplify, consequently there are much more negative and over-looked alerts. Accordingly, this paper created a method which was basic of heuristic correlatoin ananlysis technic by doing some researches of famous open source progeram named OSSIM and the characters of worm attack. The method in this paper was agility and reliable because of being implemented by XML documentnot. At the end, this paper not only gave currency rules of detecting worm attack, but also did tests after building security management system in basic of OSSIM.Through the result of the test,it was found that this method was agility and reliable.
出处
《计算机安全》
2008年第9期58-60,共3页
Network & Computer Security
