[关键词]
[摘要]
在大规模网络蠕虫爆发时获取蠕虫的传播路径,可以提高网络的抗打击能力.现有的推测蠕虫传播路径方法只能运行于离线方式且准确率较低.提出了使用滑动检测窗口推测网络蠕虫传播路径的在线聚积算法,可快速获取网络蠕虫的传播源和初期传播路径.解决了传播路径选择冲突和相邻推测阶段传播路径合并等问题.分析了算法的准确率和运行性能.实验结果表明,在线聚积算法在蠕虫爆发初期即可检测出感染边,聚积算法具有90%以上的准确率,所需路径推测时间只有同类工作的1%.
[Key word]
[Abstract]
Tracing online propagation paths when worm breaks out on a large scale can improve the network’s anti-attackability. The existing tracing approaches to obtain worm propagation path are all based on off-line analysis and usually have a lower accuracy. This paper proposes an online Accumulation Algorithm with sliding detection windows, which can fleetly and efficiently trace the origin and initial causal edges of the worm. The algorithm solves the conflicts in choosing causal edges and tackles the problem of merging propagation paths in the consecutive reconstruction phase. The algorithm’s accuracy and performance have been analyzed. Experimental results reveal that the online Accumulation Algorithm can dig out causal edge even at the initial stage, and the Accumulation Algorithm can achieve detection accuracy higher than 90% while its running time is only 1% of related works.
[中图分类号]
[基金项目]
Supported by the National Natural Science Foundation of China under Grant No.60703023 (国家自然科学基金); the Science and Technology Development Plan of Jilin Province of China under Grant No.20080108 (吉林省科技发展计划资助项目)