| 一个针对蠕虫攻击的分布式入侵检测框架 |
| |
| 引用本文: | 卢桂莲,颜俊松,刘刚.一个针对蠕虫攻击的分布式入侵检测框架[J].实验室研究与探索,2012,31(4):50-53. |
| |
| 作者姓名: | 卢桂莲 颜俊松 刘刚 |
| |
| 作者单位: | 华南师范大学南海校区实验中心,广东佛山,528225 |
| |
| 基金项目: | 国家自然科学基金,国家863 高技术研究发展基金,华南师范大学南海校区科研项目 |
| |
| 摘 要: | 蠕虫已成为全球网络最严重的安全威胁,但由于其有别于其他攻击方法的特点,现有的网络防御方法对蠕虫的攻击显得无能为力。针对传统防御方法在防御蠕虫入侵方面的不足,在针对网络蠕虫攻击特点的基础上,提出一个新的分布式入侵检测框架,来尽早发现蠕虫的踪迹,并立即进行防御。此框架不仅能够实时检测未知类型的网络蠕虫攻击,还能分析蠕虫攻击中扫描过程的网络传输特征和在网络内可能感染的主机列表。基于框架原型系统对CodeRed II蠕虫攻击检测得到的实验结果,证明该框架对蠕虫的早期扫描行为更加敏感,并具有更低的误报率。
|
| 关 键 词: | 网络安全 入侵检测系统 蠕虫攻击 框架 端口扫描 |
A Distributed Intrusion Detection Framework for Worm Attacks |
| |
| LU Gui-lian
,
YAN Jun-song
,
LIU Gang.A Distributed Intrusion Detection Framework for Worm Attacks[J].Laboratory Research and Exploration,2012,31(4):50-53. |
| |
| Authors: | LU Gui-lian YAN Jun-song LIU Gang |
| |
| Institution: | (Department of Computer Engineering,Nanhai College,South China Normal University,Foshan 528225,China) |
| |
| Abstract: | Worm attacks are the greatest threat to the Internet nowadays,but owing to their special attack model,there are not effective methods to detect and defend worm attacks.Based on the characteristics of network worms attack,a new distributed intrusion detection system framework is proposed to detect unknown network worms earlier and take some measures to defend the attack.The framework can not only achieve real-time detection of unknown worms,but also extract possible features of worm scan and derive the list of likely infected hosts.The experiment of Code Red II attack shows that the framework can detect the worm attack accurately. |
| |
| Keywords: | network security intrusion detection system worm attack framework port scan |
| 本文献已被 CNKI 万方数据 等数据库收录! |
|
