欢迎来到天天文库
浏览记录
ID:33500481
大小:575.94 KB
页数:6页
时间:2019-02-26
《host behaviour based early detection of worm outbreaks in internet backbones》由会员上传分享,免费在线阅读,更多相关内容在教育资源-天天文库。
1、HostBehaviourBasedEarlyDetectionofWormOutbreaksinInternetBackbonesThomasD¨ubendorfer†,BernhardPlattnerComputerEngineeringandNetworksLaboratory(TIK)SwissFederalInstituteofTechnology,Zurich{duebendorfer,plattner}@tik.ee.ethz.chAbstractBasedontheobservationthathosts
2、infectedbythesamewormexecutethesamecodeforscanningandtransferringWeproposeanovelnearreal-timemethodforearlyexploitandwormcode,weassumethatduringawormdetectionofwormoutbreaksinhigh-speedInternetback-outbreakthenetworkbehaviourofmanyhostswillsud-bones.Ourmethodattr
3、ibutesseveralbehaviouralproper-denlychangeinasimilarway.Inthispaper,weproposetiestoindividualhostslikeratioofoutgoingtoincominganovelnearreal-timemethodforearlydetectionofwormtraffic,responsivenessandnumberofconnections.Theseoutbreaksinhigh-speedInternetbackbones.
4、Byanalysingpropertiesareusedtogrouphostsintodistinctbehaviourbackbonetrafficatflow-level,wecanattributevariousbe-classes.Weuseflow-level(CiscoNetFlow)informationex-haviouralpropertiestohostslikeratioofoutgoingtoin-portedbytheborderroutersofaSwissInternetbackbonecomi
5、ngtraffic,responsivenessandnumberofconnections,provider(AS559/SWITCH).Bytrackingthecardinalityofwhichallarestronglyinfluencedbyawormoutbreak.eachclassovertimeandalarmingonfastincreasesandThesepropertiesareusedtogrouphostsintodistinctclassesothersignificantchanges,we
6、canearlyandreliablyde-accordingtotheircurrentbehaviour.Weshowthatbytrack-tectwormoutbreaks.Wesuccessfullyvalidatedourmethodingthecardinality∗oftheseclassesforsignificantchangeswitharchivedflow-leveltracesofrecentmajorInternete-overtime,wormoutbreakeventscanreliably
7、bedetectedmailbasedwormssuchasMyDoom.AandSobig.F,andandasetofpotentiallyinfectedhostscanbeidentified.fastspreadingnetworkwormslikeWittyandBlaster.OurTheoutlineofthispaperisasfollows:AfterasurveyofmethodisgenericinthesensethatitdoesnotrequireanyrelatedworkinSection
8、2andNetFlowtracesinSection3,previousknowledgeabouttheexploitsandscanningmethodwepresentinSection4ourhostbehaviourbasedwormde-usedbytheworms.Itcangiveasetofsusp
此文档下载收益归作者所有