The research of worm distributed detection technology based on network security
At present there are some worm detection systems, primarily for a single LAN or with hardware router environment, which main use worm propagation characteristics for detection and has high false alarm rate, but it is not applicable for large-scale network for detecting. This paper presents a distributed worm detection technology, which is divided into two parts, client end and the console end program. The system uses the rule-based detection methods to monitor network worms, and the console side manages and coordinates the multiple side work of detecting. Experimental results show that the method can be good applicable for worms conduct surveillance based on a single or multiple local area network and is used for worm alarming, the method has high detection rate and low false alarm rate.
Worm worm propagation distributed worm detection technology intrusion detection rule-based detection
Tong Xiaojun Zhao Zhangquan Shuai Huimin Wang Zhu
School of Computer Science and Technology, Harbin Institute of Technology, Weihai 264209, China School of Information, Harbin Institute of Technology, Weihai 264209, China
国际会议
北京
英文
1-5
2010-06-25(万方平台首次上网日期,不代表论文的发表时间)