[转载]Entropy Based Worm and Anomaly Detection in Fast IP Networks
信息来源:邪恶八进制信息安全团队([url]www.eviloctal.com[/url])We have developed an entropy-based approach, that determines and reports entropy contents of traffic parameters such as IP addresses. Changes in the entropy content indicate a massive network event. We give analyses on two Internet worms as proof-of-concept. While our primary focus is detection of fast worms, our approach should also be able to detect other network events. We discuss implementation alternatives and give benchmark results. We also show that our approach scales very well.
页:
[1]