Network worm detection method and detection system

A detection method and worm technology, applied in the field of network security, can solve the problems that it is difficult to meet the requirements of large-scale high-speed network real-time detection, and the false positive rate of the worm detection method is high, so as to achieve good real-time performance and practicality, simple method, and improved accuracy sexual effect

Inactive Publication Date: 2009-09-02
INST OF COMPUTING TECH CHINESE ACAD OF SCI
View PDF0 Cites 9 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0007] The purpose of the present invention is to overcome the defects of the existing worm detection method, such as high false alarm rate and difficulty in meeting the requirements of large-scale high-speed network real-time detection, thereby providing an efficient and accurate network worm detection method

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Network worm detection method and detection system
  • Network worm detection method and detection system
  • Network worm detection method and detection system

Examples

Experimental program
Comparison scheme
Effect test

example

[0113] K 1 :E 1 → H CF 1 (H,E)

[0114] K 2 :E 2 → H CF 2 (H,E)

[0115] K 3 :E 3 ∨E 4 → H CF 3 (H,E)

[0116] K 4 :E 5 ∨E 6 → H CF 4 (H,E)

[0117] K 5 :E 7 → H CF 5 (H,E)

[0118] K 6 :E 8 → H CF 6 (H,E)

[0119] Among them, E i (i=1~8) means 8 pieces of evidence obtained from the aforementioned 8 detection features, H means the conclusion event "there is a worm attack", CF i (H, E) (i=1~6) represents the credibility of knowledge, the credibility of each knowledge is directly given by domain experts, or calculated from objective historical data through learning or training methods, its measurement principle It should be ensured that the higher the degree of support for the conclusion being true by the appearance of evidence, the greater the value of knowledge credibility. In the knowledge base, the CF i (H, E) (i=1 to 6) are known values.

[0120] The calculation formula of the credibility will not change wit...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention provides a network worm detection method including the steps of receiving a network data packet and extracting detection characters relevant to network worm detection and used for proving the existence of network worms in the network data packet; taking the detection characters as an evidence in a naive confidence level model and computing the confidence level of the evidence; establishing knowledge in the naive confidence level model according to the detection characters and computing the confidence level of the knowledge; substituting the confidence level of the evidence and the confidence level of the knowledge into a confidence level computing formula of the naive confidence level model and computing the confidence level of the event with the conclusion of worm attack existed in the network. The naive confidence level model is inosculated with five species and eight kinds of network flows and behavior characteristics including short connection level, flux, data packet uniformity, threaded tree chart-pattern, packet number increase, and the like, thereby the invention can earlier find worms and improve the accuracy of detection; in addition, the invention has favorable real-time and practicability and is suitable for detecting unknown worms of a large-scale high-speed network and the mutation thereof.

Description

technical field [0001] The invention relates to the field of network security, in particular to a network worm detection method and detection system. Background technique [0002] With the rapid development of network technology, network security issues are becoming more and more prominent. Among them, network worms have become an important issue affecting network security due to their fast propagation speed and large destructive characteristics. Early detection and early warning of network worms are of great significance to control the spread of worms. Therefore, people have carried out in-depth research on worm detection technology. Worm detection technology mainly includes misuse detection and anomaly detection. Since the anomaly detection method has the advantage of discovering unknown worms, it has gradually become a research hotspot. [0003] According to the key behavioral characteristics of network worms in the propagation process, the anomaly detection methods used...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): H04L29/06G06N5/00
Inventor 张永铮侯春军云晓春
Owner INST OF COMPUTING TECH CHINESE ACAD OF SCI
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap