北京邮电大学学报

  • EI核心期刊

北京邮电大学学报 ›› 2007, Vol. 30 ›› Issue (2): 98-101.doi: 10.13190/jbupt.200702.98.hongzh

• 论文 • 上一篇    下一篇

应用改进的V-detector算法检测蠕虫

洪 征, 吴礼发, 王元元   

  1. (解放军理工大学 指挥自动化学院,江苏 南京 210007)
  • 收稿日期:2006-05-16 修回日期:1900-01-01 出版日期:2007-04-30 发布日期:2007-04-30
  • 通讯作者: 洪 征

Worm Detection Based on Improved V-detector Algorithm

HONG Zheng, WU Li-fa, WANG Yuan-yuan   

  1. (Institute of Command Automation, People’s Liberation Army University of Science and Technology, Nanjing 210007, China)
  • Received:2006-05-16 Revised:1900-01-01 Online:2007-04-30 Published:2007-04-30
  • Contact: HONG Zheng

PDF

403

摘要:

通过分析主机感染蠕虫后网络流量特性的变化,基于免疫系统的阴性选择机制,提出了一种蠕虫检测方法。首先改进了可变半径实值阴性选择算法V-detector,改进策略是在检测器生成过程中根据非自体空间的分布产生具有尽可能大覆盖范围的检测器。改进算法与原算法相比,所生成的检测器集合中检测器的数量大幅度下降,检测效率提高。应用改进的V-detector算法生成检测器集合监控主机的网络流量特性,以检测蠕虫攻击。实验结果表明,该方法能有效检测传统蠕虫及多维传播的多态蠕虫。

关键词: 人工免疫系统, 阴性选择, 蠕虫检测

Abstract:

A host usually changes its network traffic characteristics when infected by a worm. From the observation, a worm detection method was proposed. It drew inspiration from the negative selection of the immune system. Firstly, V-detector algorithm—a real-valued negative selection algorithm with variable-coverage detectors was improved. The improved algorithm endeavored to generate large detectors according to the non-self space distribution. Compared with V-detector, the improved algorithm generated a much smaller detector set and increased the detection efficiency. Secondly, the improved V-detector algorithm was used to generate detector sets and monitor hosts’ network traffic characteristics for worm attacks. Experiments show that the method is effective to detect traditional worms as well as multi-vector polymorphic worms.

Key words: artificial immune system, negative selection, worm detection

中图分类号: 

版权所有 © 2018 《北京邮电大学学报》编辑部 京ICP备14033833号     在线人数:今日访问 当前在线 总访问

通信地址:北京市海淀区西土城路10号北京邮电大学195信箱    邮编:100876    电话:(010)62281995    QQ:307514248    微博    留言    电子邮箱:byxb@bupt.edu.cn