基于应用识别的P2P蠕虫检测  被引量:5

P2P worm detection based on traffic classification and application identification

在线阅读下载全文

作  者:夏春和[1] 石昀平[1] 李肖坚[1] 

机构地区:[1]北京航空航天大学网络技术北京市重点实验室,北京100083

出  处:《北京航空航天大学学报》2006年第8期998-1002,共5页Journal of Beijing University of Aeronautics and Astronautics

基  金:航空基金资助项目(03F51060);北京市教委共建项目建设计划基金资助项目(SYS100060412);国防基础科研资助项目

摘  要:对等网中基于漏洞传播的P2P蠕虫是严重的安全威胁.根据P2P蠕虫的传播特点,提出了一种P2P蠕虫检测方法PWD(P2P W orm Detection).PWD主要由基于应用识别技术的预处理和基于未知蠕虫检测技术的P2P蠕虫检测2部分组成,改进了干扰流量的识别和过滤规则,提出了P2P蠕虫检测规则,并引进博弈论的研究方法讨论了检测周期的选取问题.仿真结果和局域网环境下的实验结果都表明,PWD是检测P2P蠕虫和遏制其传播的有效方法.P2P worm exploits common vulnerabilities in Peer-to-Peer networks. It is a severe security threat. A P2P worm detection method was presented, which called P2P worm detection (PWD) based on the worm's propagation characteristics. PWD consists of a preprocess procedure which is based on application identification technology and a P2P worm detection procedure which is based on unknown worm detection technology. Improved heuristics was also advanced to identify and disturbing traffic was eliminated as well as heuristics to detect P2P worm. The selection of detection period was discussed by applying methodologies of game theory. Simulation result and LAN-scope experimental result both indicate that PWD is an effective method to detect and block P2P worm.

关 键 词:P2P蠕虫 蠕虫检测 应用识别 

分 类 号:TP393.08[自动化与计算机技术—计算机应用技术]

 

参考文献:

正在载入数据...

 

二级参考文献:

正在载入数据...

 

耦合文献:

正在载入数据...

 

引证文献:

正在载入数据...

 

二级引证文献:

正在载入数据...

 

同被引文献:

正在载入数据...

 

相关期刊文献:

正在载入数据...

相关的主题
相关的作者对象
相关的机构对象