| 基于网络的恶意代码检测技术 |
| |
| 引用本文: | 吴 冰,云晓春,高 琪.基于网络的恶意代码检测技术[J].通信学报,2007,28(11):87-91. |
| |
| 作者姓名: | 吴 冰 云晓春 高 琪 |
| |
| 作者单位: | 1. 哈尔滨工业大学,计算机网络与信息安全技术研究中心,黑龙江,哈尔滨,150001
2. 中国科学院,计算技术研究所,北京,100080 |
| |
| 摘 要: | 通过对传统分布式IDS的分析,指出基于详细协议分析的多引擎小规则集的系统结构用于网络级恶意代码检测的缺陷,设计了单引擎大特征集的网络级恶意代码检测模型及恶意代码特征描述语言;分析了网络数据流的特征,通过对特征串进行优化的方法,避免特征串后缀与数据流的频繁碰撞及链表分支不平衡的问题,大幅度提高了WM算法检测网络恶意代码的效率。
|
| 关 键 词: | 计算机网络 恶意代码检测 检测模型 模式集优化 |
| 文章编号: | 1000-436X(2007)11-0087-05 |
| 收稿时间: | 2007-06-16 |
| 修稿时间: | 2007-10-20 |
Network-based malcode detection technology |
| |
| WU Bing,YUN Xiao-chun,GAO Qi.Network-based malcode detection technology[J].Journal on Communications,2007,28(11):87-91. |
| |
| Authors: | WU Bing YUN Xiao-chun GAO Qi |
| |
| Abstract: | Following the analysis for traditional distributed IDS, disadvantages that applying structure of multiple engine and small rules set to detect network-level malcode were pointed out, which is based on detailed protocol decoding. Detection model and anti-malcode markup language of network-level malcode were designed for single engine and big rules set. The characteristics of network data flow were analyzed. By optimization of patterns, frequent collisions between suffix with data flow and unbalanced branched of chained list were avoided. The efficiency by using WM algorithm to detect malcode on network level can be remarkably increased. |
| |
| Keywords: | computer network malcode detection detection model pattern-set optimization |
| 本文献已被 CNKI 维普 万方数据 等数据库收录! |
| 点击此处可从《通信学报》浏览原始摘要信息 |
|
点击此处可从《通信学报》下载全文 |
