首页>
外国专利>
A METHOD AND A DEVICE FOR NETWORK-BASED INTERNET WORM DETECTION WITH THE VULNERABILITY ANALYSIS AND ATTACK MODELING
A METHOD AND A DEVICE FOR NETWORK-BASED INTERNET WORM DETECTION WITH THE VULNERABILITY ANALYSIS AND ATTACK MODELING
展开▼
机译:具有漏洞分析和攻击建模的基于网络的互联网蠕虫检测方法和装置
展开▼
页面导航
摘要
著录项
相似文献
摘要
A method and a device for detecting Internet worms based on the network by using vulnerability analysis and attack modeling are provided to efficiently detect and control the Internet worms determined as an attack packet before real attack by analyzing vulnerability of application programs and modeling the attacks. A vulnerability information storing part(150) stores vulnerability information, which is needed for detecting attack, of application programs. A risk determiner(120) determines whether the received packet is transmitted to a vulnerable application program. A packet contents extractor(140) extracts information needed for determining an attack packet from the packet transmitted to the vulnerable application program by using the vulnerability information. An attack determiner(170) determines the attack packet by comparing/analyzing the information extracted from the packet and the vulnerability information stored in the vulnerability storing part. A divided packet processor(130) integrates the information divided from the packet transmitted to the vulnerable application program or corrects order of the divided information before the information for the packet is output to the packet contents extractor.
展开▼