• 主题
高级搜索  >
历史搜索 清空历史
首页> 外文会议>Information Networking: Advances in Data Communications and Wireless Networks; Lecture Notes in Computer Science; 3961 >Detecting Unknown Worms Using Randomness Check
【24h】

Detecting Unknown Worms Using Randomness Check

机译:使用随机性检查检测未知蠕虫

获取原文
获取原文并翻译 | 示例
页面导航
  • 摘要
  • 著录项
  • 相似文献
  • 相关主题

摘要

From the appearance of CodeRed and SQL Slammer worm, we have learned that the early detection of worm epidemics is important to reduce the damage caused by their outbreak. One prominent characteristic of Internet worms is to choose next targets randomly by using a random generator. In this paper, we propose a new worm detection mechanism by checking the random distribution of destination addresses. Our mechanism generates the traffic matrix and checks the value of rank of it to detect the spreading of Internet worms. From the fact that a random binary matrix holds a high value of rank, ADUR (Anomaly Detection Using Randomness check) is proposed for detecting unknown worms based on the rank of the traffic matrix. From the experiments on various environments, we show that the ADUR mechanism effectively detects the spread of new worms in an early stage, even when there is only one host infected in a monitoring network.
机译:从CodeRed和SQL Slammer蠕虫的出现,我们了解到,蠕虫流行的早期检测对于减少其爆发所造成的破坏非常重要。 Internet蠕虫的一个突出特征是使用随机生成器随机选择下一个目标。在本文中,我们通过检查目标地址的随机分布,提出了一种新的蠕虫检测机制。我们的机制生成流量矩阵并检查其等级值以检测Internet蠕虫的传播。鉴于随机二进制矩阵具有较高的秩值,提出了基于流量矩阵的秩来检测未知蠕虫的ADUR(使用随机性检查的异常检测)。通过在各种环境下进行的实验,我们发现ADUR机制可以在早期阶段有效地检测到新蠕虫的传播,即使在监视网络中只有一台主机被感染时也是如此。

著录项

相似文献

  • 外文文献
  • 中文文献
  • 专利
获取原文

客服邮箱:kefu@zhangqiaokeyan.com

京公网安备:11010802029741号 ICP备案号:京ICP备15016152号-6 六维联合信息科技 (北京) 有限公司©版权所有

  • 客服微信

  • 服务号