检索规则说明:AND代表“并且”;OR代表“或者”;NOT代表“不包含”;(注意必须大写,运算符两边需空一格)
检 索 范 例 :范例一: (K=图书馆学 OR K=情报学) AND A=范并思 范例二:J=计算机应用与软件 AND (U=C++ OR U=Basic) NOT M=Visual
名 称:
注 释:
机构地区:[1]北京工业大学,北京100022
出 处:《华北科技学院学报》2008年第1期94-97,111,共5页Journal of North China Institute of Science and Technology
摘 要:提出了一种基于NetFlow的动态基线的蠕虫检测新方法。该方法利用NetFlow网络信息监测工具,每五分钟采集一次各通讯端口的信息,以其通讯端口、时间、流量三个维度所建立的信息基线过滤与基线偏离的信息,便可筛选出符合蠕虫行为的信息数据,进而找出可能的蠕虫及受感染的节点。According to the characteristics of network attacks, the author collected the information about NetFlow containing char- acteristics of the worm and put forward a new method of worm detection based on a dynamic baseline of NetFlow. The method used NetFlow information network monitoring tools to collect the information of communications port every five minutes. Through the deviations of the baseline and the selection of information baseline on the basis of three dimensions of communication port, time and flow, we can get the information and data of worm behavior, and thereby identify possible worm and the infected node. The experimental results show that the method can accurately detect worm attacks and this mechanism will be able to play a role at the beginning of a new worm attack.
分 类 号:TP393.08[自动化与计算机技术—计算机应用技术]
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在链接到云南高校图书馆文献保障联盟下载...
云南高校图书馆联盟文献共享服务平台 版权所有©
您的IP:3.15.10.218