| 一种基于NetFlow的网络蠕虫检测算法 |
| |
| 引用本文: | 陈鸣,许博.一种基于NetFlow的网络蠕虫检测算法[J].解放军理工大学学报,2006,7(4):336-340. |
| |
| 作者姓名: | 陈鸣 许博 |
| |
| 作者单位: | 解放军理工大学,指挥自动化学院,江苏,南京,210007;解放军理工大学,指挥自动化学院,江苏,南京,210007 |
| |
| 摘 要: | 为了论证网络传播蠕虫时将出现网络流量的异常特征的现象,分析了网络蠕虫的工作机制和扫描策略,提出了基于N etF low流信息检测网络蠕虫的检测方案,设计了一种检测网络蠕虫的逐步求精三级算法NDW(N etF low based detecting w orm)。算法通过依次检测主机总流量、特征端口和行为规律,快速有效地定位和判断异常主机。理论分析表明,该算法的时间复杂性不大于H(εM O)(1))。实验结果表明,算法能够有效、准确地发现被网络蠕虫感染的主机。
|
| 关 键 词: | 网络蠕虫 检测算法 NetFlow 流量 |
| 文章编号: | 1009-3443(2006)04-0336-05 |
| 收稿时间: | 2005-12-07 |
| 修稿时间: | 2005年12月7日 |
NetFlow based detecting worm algorithm |
| |
| CHEN Ming and XU Bo.NetFlow based detecting worm algorithm[J].Journal of PLA University of Science and Technology(Natural Science Edition),2006,7(4):336-340. |
| |
| Authors: | CHEN Ming and XU Bo |
| |
| Institution: | Institute of Command Automation,PLA Univ.of Sci.& Tech.,Nanjing 210007,China;Institute of Command Automation,PLA Univ.of Sci.& Tech.,Nanjing 210007,China |
| |
| Abstract: | The mechanism and st rateg y of netw ork w o rm w ere analyzed a nd the phenomena tha t a bnormal
behavio rs of netw ork t raffic occur red while spreading netwo rk w orm w as demo nst ra ted. The solutio n to
detecting netw ork wo rm based o n NetFlow f low info rmation w as put fo rwa rd and an three-lev el-stepwise
alg orithm detecting netw o rk w o rm called NetFlow based Detecting Wo rm( NDW) algo ri thm w as desig ned,
in w hich by mo nitoring host traf fic, w ell-know n po rts and behavior characteristics in turn, abno rmal ho sts
could be determined a nd loca ted fast and ef ficiently. The analysis result s show tha t the time complexi ty of
N DW is no t more than H(XM+ O) ( 1) ) . The experimental result s show the N DW ca n locate infected ho sts
ef fectiv ely and accurately. |
| |
| Keywords: | NetFlow |
| 本文献已被 CNKI 维普 万方数据 等数据库收录! |
| 点击此处可从《解放军理工大学学报》浏览原始摘要信息 |
| 点击此处可从《解放军理工大学学报》下载免费的PDF全文 |
|
