| 利用数据挖掘技术检测多形态蠕虫 |
| |
| 引用本文: | 刘竞杰. 利用数据挖掘技术检测多形态蠕虫[J]. 合肥学院学报(自然科学版), 2007, 17(1): 60-62 |
| |
| 作者姓名: | 刘竞杰 |
| |
| 作者单位: | 安徽工贸职业技术学院,计算机系,安徽,淮南,232007 |
| |
| 摘 要: | 理想的多形态蠕虫可以避开任何基于特征的入侵检测系统,为此提出了基于字符特征匹配和数据挖掘的多形态蠕虫检测方法.基于蠕虫攻击模型,提出了通过数据挖掘,如Bayes和ANN,识别JUMP地址检测多形态蠕虫的方法.通过对多种实际蠕虫及其多形态变种进行测试,结果表明该方法检测率和性能比传统的IDS有大幅的提升.
|
| 关 键 词: | 多形态蠕虫 Bayes 数据挖掘 |
| 文章编号: | 1673-162X(2007)01-0060-03 |
| 修稿时间: | 2006-10-31 |
Use Data-mining to Detect Polymorphic Worms |
| |
| LIU Jing-jie. Use Data-mining to Detect Polymorphic Worms[J]. Journal of Hefei University(Natural Sciences Edition), 2007, 17(1): 60-62 |
| |
| Authors: | LIU Jing-jie |
| |
| Abstract: | Because ideal polymorphic worms can evade any intrusion-testing system which is based on feature,they have tremendous jeopardy.For this reason,this paper puts forward the polymorphic worms-detecting method which is based on character-matching and data-mining.According to the worm-attack model,the author analyzes the features of polymorphic worms and puts forward the method which polymorphic worms are detected by data mining(such as Bayes and ANN) and by identifying JUMP address.By testing various actual worms and their variants,the result shows that,compared with traditional IDS,this method upgrades the detecting rate and performance greatly. |
| |
| Keywords: | polymorphic worm Bayes data-mining |
| 本文献已被 CNKI 万方数据 等数据库收录! |
|
