| 一种基于大型企业网的蠕虫早期实时检测方法 |
| |
| 引用本文: | 陈浩文,林亚平,卢新国.一种基于大型企业网的蠕虫早期实时检测方法[J].科学技术与工程,2007,7(14):3444-3450. |
| |
| 作者姓名: | 陈浩文 林亚平 卢新国 |
| |
| 作者单位: | 1. 湖南大学,计算机与通信学院,长沙,410082
2. 湖南大学,计算机与通信学院,长沙,410082;湖南大学软件学院,长沙,410082 |
| |
| 摘 要: | 随着计算机网络的迅速膨胀,网络蠕虫攻击成为目前影响企业网络安全的一个重要问题。实时监视企业网的内外网络蠕虫和扫描攻击,特别是在蠕虫传播的早期检测到蠕虫。采取相应的防御措施,减少蠕虫传播和攻击扫描造成的损失变得尤为重要。提出了一种在企业网中早期的蠕虫检测算法。通过在Linux的平台下已实现的原型系统,验证了该算法的实时性和有效性。实验表明,当企业网感染了少量的魔波蠕虫时,该算法检测到该蠕虫,并获取了其传播特征以进行预警。
|
| 关 键 词: | 网络蠕虫 随机扫描 企业网安全 预警 |
| 文章编号: | 1671-1819(2007)14-3444-07 |
| 修稿时间: | 2007-03-22 |
Real-time Early-stage Worm Detection Algorithm for Corporation Networks Method |
| |
| CHEN Hao-wen,LIN Ya-ping,LU Xin-guo.Real-time Early-stage Worm Detection Algorithm for Corporation Networks Method[J].Science Technology and Engineering,2007,7(14):3444-3450. |
| |
| Authors: | CHEN Hao-wen LIN Ya-ping LU Xin-guo |
| |
| Affiliation: | 1.College of Computer and Communication , College of Software, Hunan University, Changsha 410082, P. R. China |
| |
| Abstract: | With the rapid development of the Intemet, network worm attacks has become a main threath to the corporation security at present. It is very necessary to monitor the corporation network worm and scan attack and take measures of reducing the loss due to worm transmission and attack scan, especially in the early stage of worm transmission. A early-stage worm detection algorithm for corporation networks is proposed and the performance of real-time and validity is evaluated by experiments on Linux flat. The experiments show that the algorithm can detect the worm and obtain the transmission feature to alarm in advance when the network is affected by a litde worm moebot. |
| |
| Keywords: | Internet worm random scan enterprise network security forecast and warning |
| 本文献已被 CNKI 维普 万方数据 等数据库收录! |
| 点击此处可从《科学技术与工程》浏览原始摘要信息 |
|
点击此处可从《科学技术与工程》下载全文 |
|
