共查询到18条相似文献,搜索用时 500 毫秒
1.
僵尸网络分析及其防御 总被引:1,自引:0,他引:1
陈周国 《信息安全与通信保密》2011,(6):56-60
近年来随着计算机网络技术的发展,网络攻击事件频繁发生,使网络安全受到极大挑战。僵尸网络以其强大的破坏性,成为计算机网络安全面临的最大安全威胁之一。通过分析比较僵尸网络的典型拓扑结构、特点和命令控制机制等,清晰揭示了僵尸网络及其网络行为过程和发展趋势,据此,给出通过检测、分析和阻断其命令控制机制的方法,防御反制僵尸网络的有效思路,为防御反制网络犯罪提供新的视角和参考。 相似文献
2.
僵尸网络检测方法研究 总被引:2,自引:0,他引:2
僵尸网络是指由黑客通过多种传播手段入侵并控制的主机组成的网络.僵尸网络是各种恶意软件传播和控制的主要来源,检测僵尸网络对于网络安全非常重要.本文首先介绍了僵尸网络的结构,着重对僵尸网络的命令与控制信道进行了讨论,接着详细介绍了基于主机信息的、基于流量监测的和基于对等网络的僵尸网络检测方法,并进行了比较和讨论. 相似文献
3.
4.
僵尸网络(Botnet)是一种从传统恶意代码形态进化而来的新型攻击方式,为攻击者提供了隐匿、灵活且高效的一对多命令与控制信道(Command and Control channel, CC)机制,可以控制大量僵尸主机实现信息窃取、分布式拒绝服务攻击和垃圾邮件发送等攻击目的。该文提出一种与僵尸网络结构和CC协议无关,不需要分析数据包的特征负载的僵尸网络检测方法。该方法首先使用预过滤规则对捕获的流量进行过滤,去掉与僵尸网络无关的流量;其次对过滤后的流量属性进行统计;接着使用基于X-means聚类的两步聚类算法对CC信道的流量属性进行分析与聚类,从而达到对僵尸网络检测的目的。实验证明,该方法高效准确地把僵尸网络流量与其他正常网络流量区分,达到从实际网络中检测僵尸网络的要求,并且具有较低的误判率。 相似文献
5.
6.
7.
8.
9.
10.
1.0简介 当前,设计验证已经成为半导体芯片设计过程所面临的主要难题之一.如何确认芯片能够在相关应用中正确运行?除了需要写出尽可能多的测试向量来验证芯片的各方面功能以外,下列问题也变得日益重要:如何测定这些测试的质量?测试包到底覆盖了多大范围的芯片功能?对于这些问题,传统的解决方法是应用代码覆盖率分析工具.利用这些工具可以测量出在仿真状态下实际执行了设计的多大部分,并能提供有关代码行覆盖率、条件覆盖率、信号翻转覆盖率的报告.但是,代码覆盖率分析工具所能给出的覆盖率数值在本质上属于乐观性的估计:举例来说,它们可以指出一条代码行得到了执行,但是却不能指出这条代码行上的代码,其正确性是否得到了验证.因此,有可能出现这种情况,即有报告显示一条代码行已经在仿真状态下得以覆盖,但是由此产生的效果却未在仿真中检查出来,并未检查到这条代码行的错误功能.测试结果可能会显示"合格",但却没有察觉到错误的功能行为. 相似文献
11.
僵尸网络是当前互联网上存在的一类严重安全威胁。传统的被动监控方法需要经过证据积累、检测和反应的过程,只能在实际恶意活动发生之后发现僵尸网络的存在。提出了基于僵尸网络控制端通信协议指纹的分布式主动探测方法,通过逆向分析僵尸网络的控制端和被控端样本,提取僵尸网络通信协议,并从控制端回复信息中抽取通信协议交互指纹,最后基于通信协议指纹对网络上的主机进行主动探测。基于该方法,设计并实现了ActiveSpear主动探测系统,该系统采用分布式架构,扫描所使用的IP动态变化,支持对多种通信协议的僵尸网络控制端的并行扫描。在实验环境中对系统的功能性验证证明了方法的有效性,实际环境中对系统扫描效率的评估说明系统能够在可接受的时间内完成对网段的大规模扫描。 相似文献
12.
13.
Manual configuration of IP routers is an expensive, time-consuming, and error-prone process. For large Internet service providers, establishing service for new customers is a major part of the financial cost of running the network. Increasingly, these customers want to exchange routing information with their provider(s) using the border gateway protocol (BGP), a complex and highly programmable interdomain routing protocol. This article describes how a provider can configure its connections to BGP-speaking customers, from the technical questions asked of new customers to the individual configuration commands applied to the production routers. We present a case study of a technical questionnaire and describe how the provider assigns unique identifiers such as IP address blocks, interface names, and access control list numbers on behalf of the customer. Next, we describe an example set of provisioning rules that use the customer-specific information to generate a sequence of configuration commands - a "configlet" - for adding the new connection to the network; our configuration rules are expressed using Cisco Internet Operating System (IOS) commands as an example. Then we describe a database schema for storing and accessing the customer-specific data, and discuss how to use a virtual view on this database to populate a template that captures the syntax of the router commands. Our provisioning system provides an inexpensive, efficient, and accurate way for a provider to configure connections to new BGP-speaking customers. 相似文献
14.
EPC-C1G2协议属于EPCglobal组织发布的第二代超高频射频识别空中接口协议,该协议采用时槽ALOHA算法解决多标签识别时产生的碰撞问题.首先介绍了该协议多标签碰撞解决所需的参数和命令,协议中的Q值决定了解决碰撞时所用的时槽数.时槽数越多,标签越不容易碰撞,但识别时间却越长,因此,恰当地选择Q值可以在标签识别时间和识别标签数之间找到最佳平衡点.给出了两种碰撞解决流程,一种是固定Q值算法,另一种是递减Q值算法,并仿真分析了这两种多标签识别流程的性能. 相似文献
15.
Robust-WDM is a technique to realize wavelength division multiplexed (WDM) local area networks (LANs) in the presence of laser wavelength drifts. Various medium access control (MAC) protocols have been proposed for Robust-WDM LANs. Among these protocols, the one with Aperiodic Reservation and Lenient Token-Passing control channel (the AR/LTP protocol) is the most promising. We discuss three internetworking strategies for AR/LTP Robust-WDM LANs. The aim is to explore the possibility to scale the AR/LTP Robust-WDM concepts to the metropolitan domain by looking at some basic medium-access arrangements and specifying the advantages and limitations of each. Special Remote Access Nodes (RANs) are proposed to facilitate interconnection. It is shown that by some modifications in the basic AR/LTP local area protocol and by parallel processing of connection requests, commands and control signals, the waiting time performance of a Robust-WDM interconnection can be improved. The improvement would be accomplished at the expense of some control sophistication. Further improvement can be achieved by designing a set of point-to-point links among the RANs of different Robust-WDM stars. In this case, control is relatively simplified, but the design of a RAN is made more complex and expensive. 相似文献
16.
射频技术在工业现场数据传输中的应用可降低传输成本、提高传输效率。但工业现场对数据传输的安全性和可靠性要求很高,如何保证射频数据传输的安全和稳定,是射频技术应用于工业现场数据传输的关键。利用Si4432射频芯片和单片机开发了一种新的无线射频遥控系统。系统通过终端节点发送控制命令,由主节点实现射频网络的组网和网络管理,由路由节点实现数据的接收和转发。系统采用载波侦听多路访问/冲突避免(CSMA/CA)协议,避免了因通信冲突引起的信道阻塞和数据丢失;利用调频管理机制,对射频网络频段进行管理。系统实现了组网和网络维护功能,保证数据的正确传输,提高了系统的可维护性。该系统可广泛用于冶金、水泥等需对设备进行远距离控制的行业。 相似文献
17.
为了很好地满足战术训练模拟器对网络数据实时性和可靠性的要求,提出AUDP(Augme
nted UDP)模型。该模型在程序的应用层,通过增加用于可靠传输的协议头,采用智能重发
机制、大数据包智能分包重组机制、多线程数据处理机制,实现了数据高效可靠地传输。同
时,从原理和实验数据详细比较了AUDP与TCP和普通UDP方法之间的差别,分析了各自的优缺
点。实验数据表明,传输小于50 kbyte时,AUDP的效率要高于TCP约20%;而在一次性传输的
数据大于3 Mbyte时,TCP的效率要高。结果说明AUDP比较适合战术训练模拟器网络通信需要
。 相似文献
18.
Circular built-in self-test (BIST) is a "test per clock" scheme that offers many advantages compared with conventional BIST approaches in terms of low area overhead, simple control logic, and easy insertion. However, it has seen limited use because it does not reliably provide high fault coverage. This paper presents a systematic approach for achieving high fault coverage with circular BIST. The basic idea is to add a small amount of logic that causes the circular chain to skip to particular states. This "state skipping" logic can be used to break out of limit cycles, break correlations in the test patterns, and jump to states that detect random-pattern-resistant faults. The state skipping logic is added in the chain interconnect and not in the functional logic, so no delay is added on system paths. Results indicate that in many cases, this approach can boost the fault coverage of circular BIST to match that of conventional parallel BIST approaches while still maintaining a significant advantage in terms of hardware overhead and control complexity. Results are also shown for combining "state skipping" logic with observation point insertion to further reduce hardware overhead. 相似文献