期刊文献+
任意字段
题名或关键词
题名
关键词
文摘
作者
第一作者
机构
刊名
分类号
参考文献
作者简介
基金资助
栏目信息

蜜罐自动捕获蠕虫病毒的设计和实现 被引量:1

Design and implementation of honeypot system of automatic capture of worm
在线阅读 下载PDF
导出
摘要 自动捕捉蠕虫是分析、遏制、对抗蠕虫的前提条件。通过深入分析各种实际蠕虫,提出了蠕虫传播的特性———异常数据来自不同的源地址,感染机发送相同的数据到大量目的地址。基于该特性,设计实现了基于蜜罐的蠕虫自动捕捉系统,系统自动分析发出和之前进入蜜罐机的数据包,通过特征分析和阀值比较,发现并捕获蠕虫。实验结果表明,系统可以获得良好的结果。 The automatic capture of the intemet worm is a pre-step to analyze, restrain and resist the worms. Through deep analysis of the real worms the features of the worm propagation are obtained: abnormal data coming from various source addresses and sending to diverse destination addresses. Based on those features the honeypot system to capture the intemet worm automatically is designed and implemented. The honeypot system analyzes the flow coming in and out of the sensor, then captures the suspicious worm flow by the feature comparison. The result shows that the system has good performance.
作者 谢卓 罗代升 王炜
机构地区 四川大学图像信息研究所
出处 《成都信息工程学院学报》 2007年第1期41-45,共5页 Journal of Chengdu University of Information Technology
关键词 网络安全 病毒防御 蜜罐机 蠕虫捕获 network security worm vaccination honeypot automatic capture
分类号 TP309.5 [自动化与计算机技术—计算机系统结构]
  • 相关文献

参考文献6

二级参考文献36

  • 1卿斯汉,文伟平,蒋建春,马恒太,刘雪飞.一种基于网状关联分析的网络蠕虫预警新方法[J].通信学报,2004,25(7):62-70. 被引量:40
  • 2何慧,张宏莉,张伟哲,方滨兴,胡铭曾,陈雷.一种基于相似度的DDoS攻击检测方法[J].通信学报,2004,25(7):176-184. 被引量:36
  • 3[2]CERT Advisory CA-2001-23. Continued Threat of the "Code Red Ⅱ" Worm. http:∥www. cert. org/advisories/CA-2001-23 .html
  • 4[3]Moore D. The Spread of the Code-Red Worm (CRv2). http:∥www. caida.org/analysis/security/-code-red/coderedv2 analysis.xml, Nov 2001
  • 5[4]Staniford S, Paxson V, Weaver N. How to Own the Internet in Your Spare Time. In: Proc of the USENIX Security Symposium, 2002
  • 6[5]Das Bistro Project's anti-code-red default.ida. http:∥www. dasbitro.com/default.ida
  • 7[6]Douglas Knowles, Frederic Perriot and Peter Szor, Symantec security response: W32/Nachi. A,http:∥www. f-prot.com/virusinfo/descriptions/nachi_A.html
  • 8[7]Douglas Knowles, Frederic Perriot and Peter Szor, Symantec security response: W32.Blaster. Worm,http:∥securityresponse.symantec.com/avcenter/venc/data/w32.blaster, worm.html
  • 9[8]Cliff Changchun Zou, Don Towsley, Email Virus Propagation Modeling and Analysis, Umass ECE Technical Report TR-03-CSE-04, May, 2003
  • 10[9]Michael Liljenstam, A Mixed Abstraction Level Simulation Model of Large-Scale Internet Worm Infestations, In: Proceedings of the Tenth IEEE/ACM Symposium on Modeling, Analysis and Simulation of Computer and Telecommunication Systems (MASCOTS), IEEE Computer Society Press, Fort Worth,TX, Oct 2002

共引文献30

同被引文献18

  • 1胡文广,张颖江,兰义华.蜜罐研究与应用[J].网络安全技术与应用,2006(5):48-49. 被引量:5
  • 2张登银,骆涛.应用蜜罐技术防御DoS攻击的研究[J].南京邮电大学学报(自然科学版),2007,27(2):40-43. 被引量:4
  • 3陈尚义.透明文件加解密技术及其应用[J].信息安全与通信保密,2007,29(11):75-77. 被引量:33
  • 4诸葛建伟,韩心慧,周勇林,宋程昱,郭晋鹏,邹维.HoneyBow:一个基于高交互式蜜罐技术的恶意代码自动捕获器[J].通信学报,2007,28(12):8-13. 被引量:44
  • 5TeoLawrence, Sun Yu-An, Ahn Gail-Joon. Defeating internet attacks using risk awareness and active honeypots[ C ].Proceedings of IEEE International Information Assurance Workshop,2004.
  • 6SpitznerL.Honeypost-defnitioinsand value of honeypost [EB/OL]. http://www.tracking-hackers.com/papers/honeypots.html,2003.
  • 7TheHoneynet Project. Know your enemy: Honeynets. The Honeynet Project White Paper, 2011.http://old.honeynet.org/papers/honeynet/.
  • 8MicrosoftCompany. Microsoft Windows Installable File SystemKitDoc- umentation [EB].2002,3:20-40.
  • 9TheHoneynet Project. GSoC 2010 proposed ideas. 2011. http://www. honeynet. org/gsoc2010/ideas.
  • 10TheHoneynet Project. Know your enemy: Honeywall CDROM Roo. In: Proc. of the 3rd Generation Technology. The Honeynet Project White Papers, 2011. http://old.honeynet.org/papers/cdrom/roo/.

引证文献1

成都信息工程学院学报
2007年 第1期

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
使用帮助 返回顶部