基于远程软件认证和序贯概率比分析的蠕虫检测

针对仅认证方法无法检测到不在随机选择集合中的被感染节点，提出一种改进方法，应用序贯概率比分析(SPRA)和远程软件认证以检测蠕虫传播.首先，利用检测器观察无线传感器网络中的通信模式，识别正常流量中不会出现的连接链；然后，当探测器节点检测到蠕虫传播模式，则发起远程软件认证，且区域节点通过SPRA协作捕捉蠕虫传播.仿真结果验证了所提方法的有效性.与仅认证方法和支持向量回归(SVR)方法相比，所提方法的蠕虫检测鲁棒性更好.在蠕虫环境下，进行蠕虫检测和阻止所需的认证次数高于仅认证方法，低于SVR方法，总体开销较低.

Research of worm detection based on remote software authentication and sequential probability ratio analysis

As the only authentication method can't detect infected nodes that is not in the random selection set， an improved method is proposed， which uses sequential probability ratio analysis (SPRA) and remote software authentication to detect worm propagation. Firstly， the detector is used to observe the communication mode in the wireless sensor network， and identify the connection chains that will not appear in the normal traffic. Then， when the probe node detects the worm propagation mode， the remote software authentication is initiated， and the regional nodes capture the worm propagation through the SPRA collaboration. The simulation results show the effectiveness of the proposed method. Compared with the only authentication method and the support vector regression (SVR) method， the proposed method has better robustness to worm detection. In worm environment， the number of authentication times required for worm detection and blocking is higher than that of the only authentication method， but lower than that of the SVR method. And the total cost is good.