利用接触跟踪机制实现Email蠕虫的检测
Detecting Email Worm through Contact-Tracing Chain
-
摘要: 针对Email蠕虫逐渐成为一种主要的网络威胁,提出基于接触跟踪机制检测蠕虫的方法CTCBF。该方法利用"差分熵"对单个网络节点的异常连接行为进行检测,再通过异常节点之间的连接关系利用跟踪算法建立跟踪链,当跟踪链的长度达到设定阈值时,跟踪链上的可疑节点被确认为感染节点。针对阈值的不确定性,提出了一种动态阈值方法,根据不同的网络感染等级自适应调整阈值大小。仿真试验表明,该方法能够快速、准确地检测出蠕虫的传播行为,同时为未知蠕虫的检测提供了一种新的模式。Abstract: Email worms have recently become the most serious security threat on the internet. In this paper, a contact-tracing chain based framework (CTCBF) is proposed to detect this worm through tracing the contact behaviors among peers. This framework uses the contact tracing chain to trace abnormal peers which are screened out by isolated monitoring, and develops "difference entropy" to group peers with the same abnormal behaviors. Peers are confirmed with infectious symptoms when the length of contact tracing chain which they belong to reaches the preset threshold. Through numerical simulations, we demonstrate that the proposed contact tracing framework can quickly detect the propagation of Email Worm.