摘要
为了适应高速网络环境下的木马检测,通过分析传统的IDS,针对其在高速网络环境下对木马检测能力的不足,提出了单引擎大特征集的木马检测方法;通过分析木马的网络数据特征,对有限自动机转换过程进行优化,缩短了编译的时间,避免了重复匹配的问题,大幅度提高了基于正则表达式的木马检测方法的效率.
In order to meet the needs of the up-to-date development of the Internet and Trojan Horse,and resolve the problem that current traditional IDS lacks the capability to detect Trojan Horse under high speed Internet environment,we proposed a single-engine method for detecting Trojan horse based on a huge set of characteristics.With the analysis of the Trojan horse's network data characteristics,and the optimization of the transition process of finite automation,our method can reduce the compiling time,avoid repeated matching,and increase the efficiency of Trojan Horse detecting methods based on regular expressions.
出处
《河南大学学报(自然科学版)》
CAS
北大核心
2011年第6期628-635,共8页
Journal of Henan University:Natural Science
基金
国家自然科学基金(60803157
90812001)
教育部科学技术研究重点项目
国家质检公益性科研专项(10-126)