Journal of South China University of Technology(Natural Science) >
Detection Algorithm of Scanning Worms Based on Similarity Analysis
Received date: 2010-11-23
Revised date: 2011-01-11
Online published: 2011-04-01
Supported by
国家自然科学基金资助项目( 61001157, 61003246) ; 重庆市自然科学基金资助项目( CSTC. 2010BB2242) ; 重庆市教委科学技术研究项目( KJ101403) ; 重庆大学中央高校基本科研业务费资助项目( CDJRC10160010)
In recent years,worms have gradually become serious security threats to Internet. However,the existing detection algorithms of worms are insufficient due to their high false detection rate. In order to solve this problem,a similarity-based detection algorithm of worms is proposed,which optimizes the basic cumulative abnormal detection algorithm by analyzing the similarity of abnormal data series to worm scanning characteristics,and dynamically
adapt the detection threshold to complex network environments using a Kalman filter. Simulated results indicate that,as compared with the basic cumulative abnormal detection algorithm,the proposed algorithm is more effective because it reduces the false detection rate and improves the detection accuracy.
Key words: worm; detection; similarity; threshold; Kalman filter
Huang Zhi-yong Zhou Jian-lin Chen Xin-long Shi Xing-li . Detection Algorithm of Scanning Worms Based on Similarity Analysis[J]. Journal of South China University of Technology(Natural Science), 2011 , 39(5) : 73 -77,101 . DOI: 10.3969/j.issn.1000-565X.2011.05.013
/
| 〈 |
|
〉 |