| 高速网络环境下的新型木马快速检测方法研究 |
| |
| 引用本文: | 马一腾,马兆丰,张程,钮心忻.高速网络环境下的新型木马快速检测方法研究[J].河南大学学报(自然科学版),2011,41(6). |
| |
| 作者姓名: | 马一腾 马兆丰 张程 钮心忻 |
| |
| 作者单位: | 1. 北京邮电大学信息安全中心,北京100876;北京国泰信安科技有限公司,北京100086
2. 北京邮电大学信息安全中心,北京,100876 |
| |
| 基金项目: | 国家自然科学基金(60803157,90812001); 教育部科学技术研究重点项目、国家质检公益性科研专项(10-126) |
| |
| 摘 要: | 为了适应高速网络环境下的木马检测,通过分析传统的IDS,针对其在高速网络环境下对木马检测能力的不足,提出了单引擎大特征集的木马检测方法;通过分析木马的网络数据特征,对有限自动机转换过程进行优化,缩短了编译的时间,避免了重复匹配的问题,大幅度提高了基于正则表达式的木马检测方法的效率.
|
| 关 键 词: | 网络 木马 检测 正则表达式 有限状态自动机 |
New Fast Monitor Methods of Trojans under High-Speed Network Environment |
| |
| MA Yi-teng,MA Zhao-feng,ZHANG Cheng,NIU Xin-xin.New Fast Monitor Methods of Trojans under High-Speed Network Environment[J].Journal of Henan University(Natural Science),2011,41(6). |
| |
| Authors: | MA Yi-teng MA Zhao-feng ZHANG Cheng NIU Xin-xin |
| |
| Institution: | MA Yi-teng1,2,MA Zhao-feng1,ZHANG Cheng1,NIU Xin-xin1 (1.Information Security Center,Beijing University of Posts and Telecommunications,Beijing 100876,China,2.Beijing National Security Science and Technology Co.Ltd,Beijing 100086,China) |
| |
| Abstract: | In order to meet the needs of the up-to-date development of the Internet and Trojan Horse,and resolve the problem that current traditional IDS lacks the capability to detect Trojan Horse under high speed Internet environment,we proposed a single-engine method for detecting Trojan horse based on a huge set of characteristics.With the analysis of the Trojan horse's network data characteristics,and the optimization of the transition process of finite automation,our method can reduce the compiling time,avoid re... |
| |
| Keywords: | network Trojan inspection regular expression FSM |
| 本文献已被 CNKI 万方数据 等数据库收录! |
|
