J4 ›› 2011, Vol. 33 ›› Issue (4): 19-24.doi: 10.3969/j.issn.1007130X.2011.
• 论文 • Previous Articles Next Articles
XIAO Fengtao1,WANG Wei2,LIU Bo1,CHEN Xin1
Received:
Revised:
Online:
Published:
Abstract:
With the propagation speed getting faster and faster, the damages caused by worms are getting more and more serious. To detect worms quickly, three wormrelated process traffic behaviors are described: the total amount of source port in wormlike traffic, the change frequency of source port in wormlike traffic and the ratio of wormlike traffic and total traffic for a single process. And based on the three behaviors, a worm detection system based on process traffic behaviors is presented and its definitions, framework design and key implementation are also introduced. Finally, through experimenting with the worms and normal applications in the real world, the system is proved to be able to detect worms quickly and correctly, and has only few false positives.
Key words: 蠕虫检测;进程流量行为;蠕虫行为;行为检测
XIAO Fengtao1,WANG Wei2,LIU Bo1,CHEN Xin1. A Worm Dectection System Based on Process Traffic Behaviors[J]. J4, 2011, 33(4): 19-24.
0 / / Recommend
Add to citation manager EndNote|Ris|BibTeX
URL: http://joces.nudt.edu.cn/EN/10.3969/j.issn.1007130X.2011.
http://joces.nudt.edu.cn/EN/Y2011/V33/I4/19
