计算机应用
計算機應用
계산궤응용
COMPUTER APPLICATION
2009年
8期
2236-2239
,共4页
蠕虫邮件%传播因子%陷阱邮箱%陷阱系数%行为识别
蠕蟲郵件%傳播因子%陷阱郵箱%陷阱繫數%行為識彆
연충유건%전파인자%함정유상%함정계수%행위식별
worm E-mail%propagation factor%dummy E-mail address%dummy factor%behavior recognition
为在免疫机制生效前最大限度地控制邮件蠕虫的传播,提出了一种以动态分布的陷阱邮箱为基础的蠕虫邮件行为模式识别方法.该方法通过陷阱诱骗及行为模型匹配两个方面对蠕虫邮件进行互补过滤,克服了以往检测方法对传播延时较长的邮件蠕虫活动敏感度不高的缺点.模拟试验结果表明,对于不同传播因子的邮件蠕虫,新方法在控制病毒的传播上有显著的成效.
為在免疫機製生效前最大限度地控製郵件蠕蟲的傳播,提齣瞭一種以動態分佈的陷阱郵箱為基礎的蠕蟲郵件行為模式識彆方法.該方法通過陷阱誘騙及行為模型匹配兩箇方麵對蠕蟲郵件進行互補過濾,剋服瞭以往檢測方法對傳播延時較長的郵件蠕蟲活動敏感度不高的缺點.模擬試驗結果錶明,對于不同傳播因子的郵件蠕蟲,新方法在控製病毒的傳播上有顯著的成效.
위재면역궤제생효전최대한도지공제유건연충적전파,제출료일충이동태분포적함정유상위기출적연충유건행위모식식별방법.해방법통과함정유편급행위모형필배량개방면대연충유건진행호보과려,극복료이왕검측방법대전파연시교장적유건연충활동민감도불고적결점.모의시험결과표명,대우불동전파인자적유건연충,신방법재공제병독적전파상유현저적성효.
For the purpose of the furthest controlling E-mail worm's propagation before the immune mechanism came into force, this paper proposed a new method for identifying worm E-mail's behaviors based on dummy E-mail address, which could be assigned dynamically. By dummy luring and behavior models matching, complementary to each other, the new method can filter most of the worm E-mails, and overcome the shortcoming of the low sensitivity caused by the worm's long propagation lag-time. The test results show that the propagation of E-mail worm is well controlled by this means.
