• 主题
高级搜索  >
历史搜索 清空历史
首页> 外文会议>International Symposium on Performance Evaluation of Computer and Telecommunication Systems >On the Performance of SWORD in Detecting Zero-Day-Worm-Infected Hosts
【24h】

On the Performance of SWORD in Detecting Zero-Day-Worm-Infected Hosts

机译:论剑探测零天蠕虫感染宿主的性能

获取原文
页面导航
  • 摘要
  • 著录项
  • 相似文献
  • 相关主题

摘要

Once a host is infected by an Internet worm, prompt action must be taken before that host does more harm to its local network and the rest of the Internet. It is therefore critical to quickly detect that a worm has infected a host. In this paper, we enhance our SWORD system to allow for the detection of infected hosts and evaluate its performance. This enhanced version of SWORD inherits the advantages of the original SWORD - it does not rely on inspecting traffic payloads to search for worm byte patterns or setting up a honeypot to lure worm traffic. Furthermore, while acting as a host-level detection system, it runs at a network's gateway and stays transparent to individual hosts. We show that our enhanced SWORD system is able to quickly and accurately detect if a host is infected by a zero-day worm. Furthermore, the detection is shown to be effective against worms of different types and speeds, including polymorphic worms.
机译:一旦主持人被互联网蠕虫感染,必须在该主机对其本地网络和互联网的其余部分造成更多伤害之前进行迅速的操作。因此,快速检测到蠕虫感染了宿主至关重要。在本文中,我们加强了我们的剑系统,以允许检测受感染的宿主并评估其性能。这种增强版的剑是继承了原始剑的优势 - 它不依赖于检查流量有效载荷以搜索蠕虫字节模式或设置蜜罐以引诱蠕虫交通。此外,在充当主机级检测系统的同时,它在网络的网关中运行并保持对单个主机的透明。我们表明我们的增强剑系统能够快速准确地检测宿主是否受零蠕虫感染。此外,检测被证明对不同类型和速度的蠕虫有效,包括多态蠕虫。

著录项

相似文献

  • 外文文献
  • 中文文献
  • 专利
获取原文

客服邮箱:kefu@zhangqiaokeyan.com

京公网安备:11010802029741号 ICP备案号:京ICP备15016152号-6 六维联合信息科技 (北京) 有限公司©版权所有

  • 客服微信

  • 服务号