期刊文献+
任意字段
题名或关键词
题名
关键词
文摘
作者
第一作者
机构
刊名
分类号
参考文献
作者简介
基金资助
栏目信息

一种基于Netflow的蠕虫攻击检测方法研究 被引量:2

Study of Worm-Attack Detection based on Netflow
原文传递
导出
摘要 文中在分析Netflow原理和蠕虫攻击行为特征的基础上,提出了一种基于Netflow的蠕虫检测方法。对检测算法中的流量异常和特征异常检测模块进行了编码实现,并搭建了相应的实验环境。通过模拟RedCode蠕虫爆发时的网络行为,实验结果表明:该方法可快速、准确地实现常见蠕虫的检测,对新型蠕虫也可实现特征提取和预警。 Based on analysis of the principle of Netflow and the behaviour characteristics of worm attack, a new wormattack detection method based on Netflow is proposed. The encoding on detection module of the traffic and characteristic anomalies is implemented, the corresponding experiment environment established, and the simulation of network behavior in occurrence of worm virus RedCode also done. The experimental results show that this detection method could quickly and accurately detect the common worm attack, including the feature extraction and the warning of the new-type worm viruses.
作者 赵礼 李朝阳
机构地区 中国西昌卫星发射中心
出处 《信息安全与通信保密》 2012年第6期53-55,共3页 Information Security and Communications Privacy
关键词 网络攻击 异常流量 NETFLOW flow—tools network attack anomalous traffic Netflow flow-tool
分类号 TP393.08 [自动化与计算机技术—计算机应用技术]
  • 相关文献

参考文献6

二级参考文献39

共引文献9

同被引文献27

  • 1王平,方滨兴,云晓春,彭大伟.基于用户习惯的蠕虫的早期发现[J].通信学报,2006,27(2):56-65. 被引量:9
  • 2胡志昂,范红.信息系统等级保护安全建设技术方案设计实现与应用[M].北京:电子工业出版社,2010.
  • 3Kim H-A,Karp B.Autograph: Toward Automated, Distributed Worm Signature Detection. 13th USENIX Security Symposium . 2004
  • 4Niels P.A virtual honeypot framework. 13thUSENIX Security Symposium . 2003
  • 5Daniel R Ellis,John G.Aiken,Kira S.Attwood,Scott D.Tenaglia.A Behavioral Approach to Worm Detection. ACM Workshop on Rapid Malcode(WORM 2004 ) . October292004
  • 6JIANG Xuxian,XU Dongyan.Profiling self-propagating wormsvia behavioral footprinting. ACM Workshop On RecurringMalcode(WORM) . 2006
  • 7Chen Y,Narayanan A,Pang S N,et al.Malicioussoftware detection using multiple sequence align-ment and data mining. Advanced InformationNetworking and Applications (AINA),IEEE 26thInternational Conference . 2012
  • 8Santiago-Paz J,Torres-Roman D,Velarde-AlvaradoP.Detecting anomalies in network traffic using en-tropy and Mahalanobis distance. ElectricalCommunications and Computers (CONIELE-COMP) . 2012
  • 9Fahimian S,Movahed A,Kharrazi M.Passiveworm and malware detection in peer-to-peer net-works. Embedded and Ubiquitous Computing (EUC),2010IEEE/IFIP 8th International Confer-ence . 2010
  • 10C.-Y. Ho,Y.-C. Lai,I-W. Chen,F.-Y. Wang,W.-H. Tai."Statistical analysis of false positives and faluse negatives from real traffic with intrusion detection/prevention systems,". IEEE Communications Magazine . 2012

引证文献2

信息安全与通信保密
2012年 第6期

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
使用帮助 返回顶部