期刊文献+

高速网络环境下的新型木马快速检测方法研究

New Fast Monitor Methods of Trojans under High-Speed Network Environment
下载PDF
导出
摘要 为了适应高速网络环境下的木马检测,通过分析传统的IDS,针对其在高速网络环境下对木马检测能力的不足,提出了单引擎大特征集的木马检测方法;通过分析木马的网络数据特征,对有限自动机转换过程进行优化,缩短了编译的时间,避免了重复匹配的问题,大幅度提高了基于正则表达式的木马检测方法的效率. In order to meet the needs of the up-to-date development of the Internet and Trojan Horse,and resolve the problem that current traditional IDS lacks the capability to detect Trojan Horse under high speed Internet environment,we proposed a single-engine method for detecting Trojan horse based on a huge set of characteristics.With the analysis of the Trojan horse's network data characteristics,and the optimization of the transition process of finite automation,our method can reduce the compiling time,avoid repeated matching,and increase the efficiency of Trojan Horse detecting methods based on regular expressions.
出处 《河南大学学报(自然科学版)》 CAS 北大核心 2011年第6期628-635,共8页 Journal of Henan University:Natural Science
基金 国家自然科学基金(60803157 90812001) 教育部科学技术研究重点项目 国家质检公益性科研专项(10-126)
关键词 网络 木马 检测 正则表达式 有限状态自动机 network Trojan inspection regular expression FSM
  • 相关文献

参考文献23

  • 1GILDER.G Telecosm: How infinite bandwidth will revolutionize our world[M].NewYork: The Free Press, 2000.
  • 2中国大陆地区2007年电脑病毒疫情和互联网安全报告[EB/OL].[2008-02-15].http://www.rising.com.cn/2007/annual/index.htm.
  • 3WEI S G, MIRKOVIC J.A realistic simulation of Internetscale events[J].Proceedings of the 1st International Conference on Performance Evaluation Methodologies and Tools (Valuetools), Italy,2006.
  • 4Wu Naiqi,Qian Yanming,Chen Guiqing.A novel approach to trojan horse detection by process tracing[J].Proceedings of 2006 IEEE International Conference,2006:721-726.
  • 5Beyah R A,Holloway M C,Copeland J A.Invisible Trojan:an architecture,implementation and detection method[J].The 2002 45th Midwest Symposium on Circuits and Systems,2002(3):500-504.
  • 6Liu Ting, Guan Xiaohong, Zheng Qinghua, et al.Prototype demonstration:Trojan detection and defense system[J].Consumer Communications and Networking Conference,2009:1-2.
  • 7Moffie M,Cheng W,Kaeli D,et al.Hunting Trojan Horses[J].Proceedings of the 1st Workshop.Architectural and System Support for Improving Software Dependability,2006:12-17.
  • 8C Kruegel, T Toth, E Kirda. Service specific anomaly detection for intrusion detection[R]. Technical report, TU-1841-2002-28, 2002.
  • 9G Granger, G Economou, S Bielski. Selfsecuring network interfaces: What, why and how[R]. Technical report, Carnegie Mellon University, CMUCS-02-144, May 2002.
  • 10J Jung, V Paxson, A Berger, et al. Fast portscan detection using sequential hypothesis testing[J]. IEEE Symposium on Security and Privacy, 2004.

二级参考文献12

  • 1Boyer RS, Moore JS. A fast string searching algorithm[ M]. Communications of the ACM20, 1977. 762- 772.
  • 2Sun W, Manber U. A Fast Algorithm For Multi-pattern Searching[ D]. The Computer Science Department of The University of Arizona, 1994.
  • 3Sun W, Manber U. Agrep-A Fast Approximate Pattem-matching Tool[M]. Usenix Winter Technical Conference, 1992.
  • 4Kim S. A Fast Multiple String - Pattern Matching Algorithm [ A ] .17th AoM/IAoM International Conference on Computer Science[ C].San Diego CA, August 1999.
  • 5Boyer R S, Moore J S. A Fast String Searching Algorithm.Communications of the ACM, 1977, 20(10): 762-772
  • 6Sunday D M, A Very Fast Substring Search Algorithm.Communications of the ACM, 1990, 33(8): 132-142
  • 7Lecroq T. Experimental Results on String Matching Algorithms. Software-Practice & Experience. 1995, 25(7): 727-765
  • 8Aho A V, Corasiek M J. Efficient String Matching: An Aid to Bibliographic Search. Communication of the ACM, 1975, 18(6) : 333-340
  • 9Wu S, Manber U. A Fast Algorithm for Multi-Pattern Searching. Technical Report, TR-94-17, Department of Computer Science,University of Arizona, Tucson, USA, 1994
  • 10.[EB/OL].http://www.research.att.com/-lewis/reuters21578.html,.

共引文献28

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
使用帮助 返回顶部