| 基于netflow数据流的蠕虫探测算法 |
| |
| 引用本文: | 黄家林,张超,孙谦.基于netflow数据流的蠕虫探测算法[J].网络安全技术与应用,2005(10):49-51. |
| |
| 作者姓名: | 黄家林 张超 孙谦 |
| |
| 作者单位: | 中南大学信息科学与工程学院,湖南,410083 |
| |
| 摘 要: | 随着网络的迅速发展,随之而来的网络安全事件日益突出,特别是以网络蠕虫为代表的异常流量。由于网络蠕虫能够在数分钟内感染网络上绝大多数有漏洞的机器,因此蠕虫探测系统必须能快速鉴别和隔离已感染蠕虫病毒的机器,特别是对感染新型的未知的蠕虫病毒的机器。鉴于此,我们提出了一种基于Netflow数据流的蠕虫探测算法,该算法能够探测出大部分蠕虫扫描,而且拥有非常高的效率和非常低的误报率。
|
| 关 键 词: | Netflow 蠕虫 统计测试 首次连接 |
.Netflow-based Arithmetic of Detected Worm |
| |
| Huang Jialin,Zhang Chao,Sun Qian..Netflow-based Arithmetic of Detected Worm[J].Net Security Technologies and Application,2005(10):49-51. |
| |
| Authors: | Huang Jialin Zhang Chao Sun Qian |
| |
| Affiliation: | Huang Jialin,Zhang Chao,Sun Qian The School of Information Science and Engineering Central South University,Hunan,410083 |
| |
| Abstract: | Network security events became more and more prominent with development of network,especially abnormal flows such as network worm.worm detection system must act quickly to identify and quarantine scan- ning worms,as network worm have been able to infect the majority of vulnerable hosts on the Internet in a matter of minutes.So we present a Netflow-based arithmetic of detected worm,this approach can detect most of scan- ning worm and have a high affectivity. |
| |
| Keywords: | Netflow worm statistical test first connection |
| 本文献已被 CNKI 万方数据 等数据库收录! |
|
