| 基于应用识别的P2P蠕虫检测 |
| |
| 引用本文: | 夏春和,石昀平,李肖坚. 基于应用识别的P2P蠕虫检测[J]. 北京航空航天大学学报, 2006, 32(8): 998-1002 |
| |
| 作者姓名: | 夏春和 石昀平 李肖坚 |
| |
| 作者单位: | 北京航空航天大学 网络技术北京市重点实验室, 北京 100083 |
| |
| 基金项目: | 航空基础科学基金,北京市教委共建项目,国防科技应用基础研究基金 |
| |
| 摘 要: | 对等网中基于漏洞传播的P2P蠕虫是严重的安全威胁.根据P2P蠕虫的传播特点,提出了一种P2P蠕虫检测方法PWD (P2P Worm Detection).PWD主要由基于应用识别技术的预处理和基于未知蠕虫检测技术的P2P蠕虫检测2部分组成,改进了干扰流量的识别和过滤规则,提出了P2P蠕虫检测规则,并引进博弈论的研究方法讨论了检测周期的选取问题.仿真结果和局域网环境下的实验结果都表明,PWD是检测P2P蠕虫和遏制其传播的有效方法.
|
| 关 键 词: | P2P蠕虫 蠕虫检测 应用识别 |
| 文章编号: | 1001-5965(2006)08-0998-05 |
| 收稿时间: | 2005-09-21 |
| 修稿时间: | 2005-09-21 |
P2P worm detection based on traffic classification and application identification |
| |
| Xia Chunhe,Shi Yunping,Li Xiaojian. P2P worm detection based on traffic classification and application identification[J]. Journal of Beijing University of Aeronautics and Astronautics, 2006, 32(8): 998-1002 |
| |
| Authors: | Xia Chunhe Shi Yunping Li Xiaojian |
| |
| Affiliation: | Key Laboratory of Beijing Network Technology, Beijing University of Aeronautics and Astronautics, Beijing 100083, China |
| |
| Abstract: | P2P worm exploits common vulnerabilities in Peer-to-Peer networks. It is a severe security threat. A P2P worm detection method was presented, which called P2P worm detection(PWD) based on the worm′s propagation characteristics. PWD consists of a preprocess procedure which is based on application identification technology and a P2P worm detection procedure which is based on unknown worm detection technology. Improved heuristics was also advanced to identify and disturbing traffic was eliminated as well as heuristics to detect P2P worm. The selection of detection period was discussed by applying methodologies of game theory. Simulation result and LAN-scope experimental result both indicate that PWD is an effective method to detect and block P2P worm. |
| |
| Keywords: | P2P worm worm detection application identification |
| 本文献已被 CNKI 维普 万方数据 等数据库收录! |
| 点击此处可从《北京航空航天大学学报》浏览原始摘要信息 |
|
点击此处可从《北京航空航天大学学报》下载全文 |
