A Signature-behavior-based P2P worm detection approach
P2P worm based on loopholes spreading in peer-topeer network is a serious security threat. According to the characteristics of P2P worms, a signature-behavior-based P2P worm detection approach detecting the known P2P worm based on characteristic string matching is proposed. In addition, this method can also detect unknown P2P worms based on behavior. This method is mainly composed of the technology of application identification, the technology of worm characteristic string matching and unknown worm detection technology. A simple and efficient, with lower time complexity of alternative suffix tree algorithm - suffix array algorithm implements matching the characteristic string of worms. Because P2P data have fragment transfer mechanism, the worm characteristic string has the chance to be assigned to different data blocks. Besides, reorganization of characteristic string can detect the worm. Experimental results show that the P2P worm detection method is an effective way to detect P2P worms and restrain its spread.
P2P worms worm detection characteristic string matching suffix array algorithm reorganization of characteristic string
Yu Yao Yong Li Fu-xiang Gao Ge Yu
Key Laboratory of Medical Image Computing (Northeastern University), Ministry of Education, School o School of Information Science and Engineering Northeastern University Shenyang, China
国际会议
2009 Ninth International Conference on Hybrid Intelligent Systems(第九届混合智能系统国际会议 HIS 2009)
沈阳
英文
1-5
2009-08-12(万方平台首次上网日期,不代表论文的发表时间)