留言板

尊敬的读者、作者、审稿人, 关于本刊的投稿、审稿、编辑和出版的任何问题, 您可以本页添加留言。我们将尽快给您答复。谢谢您的支持!

姓名
邮箱
手机号码
标题
留言内容
验证码

基于应用识别的P2P蠕虫检测

夏春和 石昀平 李肖坚

夏春和, 石昀平, 李肖坚等 . 基于应用识别的P2P蠕虫检测[J]. 北京航空航天大学学报, 2006, 32(08): 998-1002.
引用本文: 夏春和, 石昀平, 李肖坚等 . 基于应用识别的P2P蠕虫检测[J]. 北京航空航天大学学报, 2006, 32(08): 998-1002.
Xia Chunhe, Shi Yunping, Li Xiaojianet al. P2P worm detection based on traffic classification and application identification[J]. Journal of Beijing University of Aeronautics and Astronautics, 2006, 32(08): 998-1002. (in Chinese)
Citation: Xia Chunhe, Shi Yunping, Li Xiaojianet al. P2P worm detection based on traffic classification and application identification[J]. Journal of Beijing University of Aeronautics and Astronautics, 2006, 32(08): 998-1002. (in Chinese)

基于应用识别的P2P蠕虫检测

基金项目: 航空基金资助项目(03F51060); 北京市教委共建项目建设计划基金资助项目(SYS100060412); 国防基础科研资助项目
详细信息
    作者简介:

    夏春和(1965-),男,江苏海安人,教授,xch@buaa.edu.cn.

  • 中图分类号: TP 393.08

P2P worm detection based on traffic classification and application identification

  • 摘要: 对等网中基于漏洞传播的P2P蠕虫是严重的安全威胁.根据P2P蠕虫的传播特点,提出了一种P2P蠕虫检测方法PWD (P2P Worm Detection).PWD主要由基于应用识别技术的预处理和基于未知蠕虫检测技术的P2P蠕虫检测2部分组成,改进了干扰流量的识别和过滤规则,提出了P2P蠕虫检测规则,并引进博弈论的研究方法讨论了检测周期的选取问题.仿真结果和局域网环境下的实验结果都表明,PWD是检测P2P蠕虫和遏制其传播的有效方法.

     

  • [1] Zhou L, Zhang L, McSherry F, et al. A first look at Peer-to-Peer worms:threats and defenses Proceedings of the Peer-to-Peer Systems 4th International Workshop. Ithaca ,2005:24-25 [2] Staniford S, Paxson V, Weaver N. How to own the internet in your spare time Proceedings of the 11th VSENZX Security Symposium. San Francisco:, 2002:149-167 [3] Kannan J. Implications of Peer-to-Peer networks on worm attacks and defenses . California:CS294-4 Project,2003 .http://www.cs.berkeley.edu/~kubitron/courses/cs294-4-F03/projects/karthik jayanth.pdf [4] Xia Chunhe, Shi Yunping, Li Xiaojian. Research on propagation models of P2P worm in structured Peer-to-Peer networks[J]. Chinese Journal of Computer,2006,6:952-959 [5] Kreibich C, Crowcroft J. Honeycomb in creating intrusion detection signatures using honeypots Proceedings of the USENIX/ACM Workshop on Hot Topics in Networking. Cambridge:ACM Press,2003 [6] Kim K, Karp B. Autograph:toward automated distributed worm signature detection Proceedings of the USENIX Security Symposium. California:Usenix Association, 2004:271-286 [7] Sumeet S, Cristian E, George V, et al. Automated worm fingerprinting Proc of the 6th USENIX Symposium on Operating Systems Design and Implementation (OSDI). :Usenix Association, 2004:45-60 [8] Fraleigh C, Moon S, Lyles B, et al. Packet-level traffic measurements from the sprint IP backbone[J]. IEEE Network, 2003,17(6):6-16 [9] Choi T, Kim C, Yoon S, et al. Content-aware internet application traffic measurement and analysis IEEE/IFIP Network Operations & Management Symposium. New York:IEEE Communications Society,2004 [10] Krishnamurthy B, Wang J, Xie Y. Early measurements of a cluster-based architecture for P2P systems Proceedings of ACM Sigcomm Internet Measurement Workshop. New York:ACM Press,2001 [11] Sen S, Wang J. Analyzing Peer-to-Peer traffic across large networks . ACM/IEEE Transactions on Networking, 2004,12(2):219-232 [12] Karagiannis T, Broido A, Faloutsos M. Transport layer identification of p2p traffic ACM SIGCOMM/USENIX Internet Measurement Conference. Italy:ACM SIGCOMM, 2004 [13] Stoica I, Morris R, Karger D, et al. Chord:a scalable Peer-to-Peer lookup service for Internet applications Proceedings of the ACM SIGCOMM 2001 Conference. California:ACM SIGCOMM,2001:149-160
  • 加载中
计量
  • 文章访问数:  3167
  • HTML全文浏览量:  197
  • PDF下载量:  993
  • 被引次数: 0
出版历程
  • 收稿日期:  2005-09-21
  • 网络出版日期:  2006-08-31

目录

    /

    返回文章
    返回
    常见问答