| 基于动态基线分析方法的网络蠕虫检测机制的研究 |
| |
| 引用本文: | 马艳春,肖创柏.基于动态基线分析方法的网络蠕虫检测机制的研究[J].华北科技学院学报,2008,5(1):94-98. |
| |
| 作者姓名: | 马艳春 肖创柏 |
| |
| 作者单位: | 北京工业大学,北京,100022 |
| |
| 摘 要: | 提出了一种基于NetFlow的动态基线的蠕虫检测新方法。该方法利用NetFlow网络信息监测工具,每五分钟采集一次各通讯端口的信息,以其通讯端口、时间、流量三个维度所建立的信息基线过滤与基线偏离的信息,便可筛选出符合蠕虫行为的信息数据,进而找出可能的蠕虫及受感染的节点。
|
| 关 键 词: | 网络安全 网络蠕虫 基线分析 网络管理 |
| 文章编号: | 1672-7169(2008)01-0094-04 |
| 修稿时间: | 2008年1月12日 |
On Network Worm Detection Mechanism Based on Dynamic Baseline Analysis |
| |
| MA Yanchun,XIAO Chuangbai.On Network Worm Detection Mechanism Based on Dynamic Baseline Analysis[J].Journal of North China Institute of Science and Technology,2008,5(1):94-98. |
| |
| Authors: | MA Yanchun XIAO Chuangbai |
| |
| Institution: | ( Beijing University of Technology, Beijing 100022) |
| |
| Abstract: | According to the characteristics of network attacks, the author collected the information about NetFlow containing char- acteristics of the worm and put forward a new method of worm detection based on a dynamic baseline of NetFlow. The method used NetFlow information network monitoring tools to collect the information of communications port every five minutes. Through the deviations of the baseline and the selection of information baseline on the basis of three dimensions of communication port, time and flow, we can get the information and data of worm behavior, and thereby identify possible worm and the infected node. The experimental results show that the method can accurately detect worm attacks and this mechanism will be able to play a role at the beginning of a new worm attack. |
| |
| Keywords: | Network Security Internet worm baseline analysis network management |
| 本文献已被 维普 万方数据 等数据库收录! |
