使用行为模型检测网络攻击

Proceedings of the 6th IEEE International Conference on Intelligent Data Acquisition and Advanced Computing Systems Pub Date : 2011-11-10 DOI:10.1109/IDAACS.2011.6072871

J. Schafer, M. Drozd

{"title":"使用行为模型检测网络攻击","authors":"J. Schafer, M. Drozd","doi":"10.1109/IDAACS.2011.6072871","DOIUrl":null,"url":null,"abstract":"In this paper we're dealing with the problem of detecting malware using behaviour model. For better malware description we have divided this model into two parts — malware spreading model and malware statistical behavioural model. Spreading models are typical epidemiological models like SI model, advanced SIR and SEIR models and empiric file spreading model. In statistical behavioural model we're describing characteristics of malware trojan communication and communication characteristics of a typical user, we're describing basic detection for both models (behavioural statistic and spreading), we're proposing some standard and specific countermeasures based on these models as same as possibility of detection of malware communication, attacks like DoS and Network scanning detection and detection of Malware propagation.","PeriodicalId":106306,"journal":{"name":"Proceedings of the 6th IEEE International Conference on Intelligent Data Acquisition and Advanced Computing Systems","volume":"34 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2011-11-10","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"4","resultStr":"{\"title\":\"Detecting network attacks using behavioural models\",\"authors\":\"J. Schafer, M. Drozd\",\"doi\":\"10.1109/IDAACS.2011.6072871\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"In this paper we're dealing with the problem of detecting malware using behaviour model. For better malware description we have divided this model into two parts — malware spreading model and malware statistical behavioural model. Spreading models are typical epidemiological models like SI model, advanced SIR and SEIR models and empiric file spreading model. In statistical behavioural model we're describing characteristics of malware trojan communication and communication characteristics of a typical user, we're describing basic detection for both models (behavioural statistic and spreading), we're proposing some standard and specific countermeasures based on these models as same as possibility of detection of malware communication, attacks like DoS and Network scanning detection and detection of Malware propagation.\",\"PeriodicalId\":106306,\"journal\":{\"name\":\"Proceedings of the 6th IEEE International Conference on Intelligent Data Acquisition and Advanced Computing Systems\",\"volume\":\"34 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2011-11-10\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"4\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Proceedings of the 6th IEEE International Conference on Intelligent Data Acquisition and Advanced Computing Systems\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/IDAACS.2011.6072871\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Proceedings of the 6th IEEE International Conference on Intelligent Data Acquisition and Advanced Computing Systems","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/IDAACS.2011.6072871","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 4

摘要

本文研究了利用行为模型检测恶意软件的问题。为了更好地描述恶意软件，我们将该模型分为恶意软件传播模型和恶意软件统计行为模型两部分。传播模型是典型的流行病学模型，如SI模型、高级SIR和SEIR模型和经验文件传播模型。在统计行为模型中，我们描述了恶意软件木马的通信特征和典型用户的通信特征，我们描述了这两种模型的基本检测(行为统计和传播)，我们基于这些模型提出了一些标准和具体的对策，如恶意软件通信的检测可能性，DoS攻击和网络扫描检测以及恶意软件传播的检测。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

Detecting network attacks using behavioural models

In this paper we're dealing with the problem of detecting malware using behaviour model. For better malware description we have divided this model into two parts — malware spreading model and malware statistical behavioural model. Spreading models are typical epidemiological models like SI model, advanced SIR and SEIR models and empiric file spreading model. In statistical behavioural model we're describing characteristics of malware trojan communication and communication characteristics of a typical user, we're describing basic detection for both models (behavioural statistic and spreading), we're proposing some standard and specific countermeasures based on these models as same as possibility of detection of malware communication, attacks like DoS and Network scanning detection and detection of Malware propagation.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

Proceedings of the 6th IEEE International Conference on Intelligent Data Acquisition and Advanced Computing Systems

自引率

0.00%

发文量