Method and system for automatically extracting worm features

An automatic extraction and worm technology, applied in the field of information security, can solve problems such as not being able to provide worm signatures

Active Publication Date: 2014-01-08
SHANGHAI TAIYU INFORMATION TECH
View PDF0 Cites 9 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

Although traffic-based worm detection can quickly detect the existence of worms, it cannot provide worm signatures that people can reuse
Based on the IDS alar

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Method and system for automatically extracting worm features
  • Method and system for automatically extracting worm features
  • Method and system for automatically extracting worm features

Examples

Experimental program
Comparison scheme
Effect test

Embodiment

[0144] In order to verify the present invention, the prototype system of automatic feature extraction based on worm trace analysis of the present invention is used to build an experimental platform for network worms. The prototype system is deployed at the exit of the network, and tcpreplay software is used to replay the combined traffic of background traffic and worm traffic. Among them, the background traffic without attacks is the network traffic captured from a company for one month in November 2006, and the worm traffic is the traffic of the lion worm and the mscan worm respectively.

[0145] 1.1 Worm detection based on historical information

[0146] Divide the traffic captured by a company into two parts: one part is used for training and learning, and the other part is merged with the traffic of lion worm and mscan worm respectively, and finally used for worm detection (the fitting of worm traffic and background traffic position is random). The proportion of split tr...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention relates to the technical field of information security, in particular to a method for automatically extracting worm features based on behavior trace analysis. The method comprises the following steps: modeling for the access habit of a network by learning the network traffic; detecting based on a CUSUM (cumulative sum) algorithm to determine that the flow which goes against a habit model in the network is a suspicious worm flow; defining and classifying behavior traces of network worms; performing correlation analysis on the behavior traces of the network worms by using Petri network in the suspicious worm flow; finally determining and extracting the feature codes of the network worms in the traces by applying an evaluation function. Experiments prove that the method can effectively and accurately extract the feature codes of the network worms. The following conclusion is obtained by combining theoretical analysis and experimental data: although identities of the worms cannot be accurately distinguished by the behavior traces of the network worms, the determination of the positions of the feature codes of the worms can be facilitated, so that the feature codes of the worms are effectively extracted.

Description

technical field [0001] The invention relates to the technical field of information security, in particular to a method and system for automatically extracting worm features based on behavior trace analysis. Background technique [0002] Since the Morris worm broke out in 1988, network worms have continuously threatened the security of the network. However, as the network is closely connected with people's economy and daily life, the outbreak of network worms often causes great harm to people's economic life. For example, the outbreak of the code red worm in 2001 cost people $270 million. In order to effectively suppress the spread of network worms, people began to pay attention to this field and did a lot of work. [0003] An ideal worm model can reveal the law of worm propagation, generate effective early warning of worm outbreaks and provide a theoretical basis for worm detection. Since the outbreak of the code red worm event in 2001, people have started to model and an...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
IPC IPC(8): H04L29/06
Inventor 郭薇周翰逊张国栋贾大宇
Owner SHANGHAI TAIYU INFORMATION TECH
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap