| P2P环境下的蠕虫检测算法 |
| |
| 引用本文: | 王秀英,邵志清,刘百祥.P2P环境下的蠕虫检测算法[J].计算机工程,2009,35(3):173-175. |
| |
| 作者姓名: | 王秀英 邵志清 刘百祥 |
| |
| 作者单位: | 1. 华东理工大学信息科学与工程学院,上海,200237上;海新侨职业技术学院计算机信息系,上海,200237
2. 华东理工大学信息科学与工程学院,上海,200237 |
| |
| 基金项目: | 上海高校选拔培养优秀青年教师科研专项基金 |
| |
| 摘 要: | P2P下载与网络蠕虫具有相似的搜索机制,导致网络蠕虫难以被检测并定位。该文提出一种融合危险理论和ID3分类算法的检测算法D—ID3。利用熵理论分析P2P应用、蠕虫、正常主机的属性特征,得到轴属性。利用ID3分类算法得到可以区分蠕虫、P2P和正常流量的分类规则。实验结果表明,该算法能成功检测出网络蠕虫,其误警率较低。
|
| 关 键 词: | 网络蠕虫 ID3算法 危险理论 P2P流量 熵 |
| 修稿时间: | |
Worm Detection Algorithm Under P2P Circumstances |
| |
| WANG Xiu-ying,SHAO Zhi-qing,LIU Bai-xiang.Worm Detection Algorithm Under P2P Circumstances[J].Computer Engineering,2009,35(3):173-175. |
| |
| Authors: | WANG Xiu-ying SHAO Zhi-qing LIU Bai-xiang |
| |
| Affiliation: | 1. School of Information Science and Engineering;East China University of Science and Technology;Shanghai 200237;2. Department of Computer and Information;Shanghai Xinqiao Vocational and Technical College;Shanghai 200237 |
| |
| Abstract: | It is difficult to detect Internet worm in LAN,because of the similarity of probing mechanism between the P2P and internet worm. This paper proposes a detection algorithm names D-ID3 that is based on danger theory and ID3 classification algorithm. The entropy theory is used to analyz P2P application,worm,natural mainframe,and extract axis attributes. ID3 and danger theory are applied to get classification rules that can differentiate worm,P2P and natural traffic. Experimental results show that this algorith... |
| |
| Keywords: | Internet worm ID3 algorithm danger theory P2P traffic entropy |
| 本文献已被 CNKI 维普 万方数据 等数据库收录! |
| 点击此处可从《计算机工程》浏览原始摘要信息 |
|
点击此处可从《计算机工程》下载全文 |
