| 基于事件序列的蠕虫网络行为分析算法 |
| |
| 引用本文: | 张甲,段海新,葛连升.基于事件序列的蠕虫网络行为分析算法[J].山东大学学报(理学版),2007,42(9):36-40. |
| |
| 作者姓名: | 张甲 段海新 葛连升 |
| |
| 作者单位: | 清华大学,网络中心,北京,100084;山东大学,网络中心,山东,济南,250100 |
| |
| 基金项目: | 国家242信息安全计划 |
| |
| 摘 要: | 蠕虫以及其他一些恶意代码的更新速度越来越快,如何快速有效地分析大量恶意样本成为网络安全研究的一个问题. 因此提出了一种基于事件序列的蠕虫网络行为自动分析算法. 该算法依靠在实验环境中采集的纯净恶意流量,通过使用数据流的压缩归并等方法获取网络行为的基本轮廓以及网络特征码. 该算法的使用可以加快蠕虫等恶意代码的分析速度,提高防火墙以及网络入侵检测系统的配置效率.
|
| 关 键 词: | 网络安全 网络行为 蠕虫检测 |
| 文章编号: | 1671-9352(2007)09-0036-05 |
| 修稿时间: | 2007-05-28 |
Analysis algorithm for the worm metwork behavior based on event sequence |
| |
| ZHANG Jia,DUAN Hai-xin,GE Lian-sheng.Analysis algorithm for the worm metwork behavior based on event sequence[J].Journal of Shandong University,2007,42(9):36-40. |
| |
| Authors: | ZHANG Jia DUAN Hai-xin GE Lian-sheng |
| |
| Institution: | 1. Network Research Center, Tsinghua University, Beijing 100084, China; 2. Network Research Center, Shandong University, Jinan 250100, Shandong, China |
| |
| Abstract: | As the updating speed of the worm and other malicious codes grows faster and faster, how to analyze large sum of malicious sample quickly and effectively becomes an issue of research on internet security. Therefore, an analysis algorithm for worm network behavior based on event sequence was proposed. This algorithm uses the data flow recombination and compression methods to process the pure malicious data. With this procedure, it can get the network behavior profile and the signature of the worm. The application of this algorithm will greatly improve the efficiency of analyzing the worm network behavior, which will be significant for the deployment of firewalls and network invasion detection systems. |
| |
| Keywords: | network security network behavior worm detect |
| 本文献已被 维普 万方数据 等数据库收录! |
| 点击此处可从《山东大学学报(理学版)》浏览原始摘要信息 |
| 点击此处可从《山东大学学报(理学版)》下载免费的PDF全文 |
|
