检索规则说明:AND代表“并且”;OR代表“或者”;NOT代表“不包含”;(注意必须大写,运算符两边需空一格)
检 索 范 例 :范例一: (K=图书馆学 OR K=情报学) AND A=范并思 范例二:J=计算机应用与软件 AND (U=C++ OR U=Basic) NOT M=Visual
机构地区:[1]电子科技大学信息安全实验中心,四川成都611731
出 处:《计算机安全》2013年第9期14-18,共5页Network & Computer Security
摘 要:基于主机的检测系统对文件检测能力更强,但是因为开销,成本过高,因此实际中基于网络的检测系统应用场景更广泛,可以部署的节点更多,提升网络恶意代码检测系统的检测能力可以更有效地为之后的恶意代码防御做出支持。但是其节点设备数量虽然多,却相对低端,单台成本更低,不能像主机检测一样将捕捉到的网络数据包还原,即使可以,也费时费力,处理速度跟不上网络流量,将会造成大量的丢包。因此,如果能让检测系统的前端主机在能够不重组数据包就检测出数据包是否为恶意代码意义重大,在不还原数据包的情况下,通过对单包的内容进行检测从而对有问题的包产生告警信息,可以显著增强基于网络的恶意代码检测系统前端主机的检测能力,使其在病毒种植过程中就能探测到异常。Although the HIDS has strong detection capability for documents, its cost of economy and system overhead are too high.Actualiy the NIDS' s application scenario is more widely, and more detecting nodes can be deployed, so that enhance detection capabilities of NIDS can support malicious code defense more effectively. However, the number of NIDS multi node devices is huge. but the devices are low-end relatively, lower unit costs, for these reasons the NIDS can not be the same as the HIDS to do the recombination for captured network packets . Even if you can, but also time-consuming, and processing speed can not keep up with network traffic speed. That will cause a lot of packets loss. So find a way to make the front end hosts in NIDS detect malicious code without doing data packets recombination is signality. In the case of not to restructuring the packets, through the way of detecting single packages' contents to find the questionable packages and produce alarm information, can significantly enhance the detection capacity of front end hosts in NIDS, and make the NIDS have the ability to detect abnormality in the process of viral transmission.
分 类 号:TP311[自动化与计算机技术—计算机软件与理论]
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在链接到云南高校图书馆文献保障联盟下载...
云南高校图书馆联盟文献共享服务平台 版权所有©
您的IP:216.73.216.222
