摘要
蠕虫已成为全球网络最严重的安全威胁,但由于其有别于其他攻击方法的特点,现有的网络防御方法对蠕虫的攻击显得无能为力。针对传统防御方法在防御蠕虫入侵方面的不足,在针对网络蠕虫攻击特点的基础上,提出一个新的分布式入侵检测框架,来尽早发现蠕虫的踪迹,并立即进行防御。此框架不仅能够实时检测未知类型的网络蠕虫攻击,还能分析蠕虫攻击中扫描过程的网络传输特征和在网络内可能感染的主机列表。基于框架原型系统对CodeRed II蠕虫攻击检测得到的实验结果,证明该框架对蠕虫的早期扫描行为更加敏感,并具有更低的误报率。
Worm attacks are the greatest threat to the Internet nowadays,but owing to their special attack model,there are not effective methods to detect and defend worm attacks.Based on the characteristics of network worms attack,a new distributed intrusion detection system framework is proposed to detect unknown network worms earlier and take some measures to defend the attack.The framework can not only achieve real-time detection of unknown worms,but also extract possible features of worm scan and derive the list of likely infected hosts.The experiment of Code Red II attack shows that the framework can detect the worm attack accurately.
出处
《实验室研究与探索》
CAS
北大核心
2012年第4期50-53,共4页
Research and Exploration In Laboratory
基金
国家自然科学基金项目(60473055)
国家863高技术研究发展基金(2009AA05Z203)
华南师范大学南海校区科研项目(NHKY08004)
关键词
网络安全
入侵检测系统
蠕虫攻击
框架
端口扫描
network security
intrusion detection system
worm attack
framework
port scan
