摘要
随着计算机网络的不断普及与发展,网络蠕虫已经成为网络系统安全的重要威胁之一。近年来,网络蠕虫又有了新的变化,出现了新的Zero-day攻击多态蠕虫,这种蠕虫采用"多态"技术并以"Zero-day漏洞"为攻击目标,可在短时间内有效地避开检测系统,成为未来互联网安全的一大隐患。因此,研究Zero-day攻击多态蠕虫及其检测技术是非常必要的。首先论述了Zero-day攻击多态蠕虫的攻击原理,接着对近几年提出的基于网络流过滤和模拟执行检测等方法进行了分析、总结,最后给出一些热点问题及展望。
With the increasing popularity and development of computer network,internet worms have become one of the important network system security threats.In recent years,internet worms have a new change that is Zero-day polymorphic worms,which could use metamorphic techniques and regard Zero-day vulnerabilities as its attack targets,it can evade the detection of the existing IDSes in short time.Therefore,research Zero-day polymorphic worms and detection technique is very necessary.Zero-day polymorphic worm's attack mechanism is firstly presented,then some network-sifting and simulation-based detection techniques in recent years are analysed and concluded,and finally some hot questions are provided.
出处
《计算机技术与发展》
2011年第9期216-220,共5页
Computer Technology and Development
基金
国家自然科学基金(60503008)
