[转载]Entropy Based Worm and Anomaly Detection in Fast IP Networks

EvilOctal

团队执行官

Rank: 8 Rank: 8

E.S.T社区执行帐号

帖子: 9802
精华: 768
积分: 40165
阅读权限: 200
性别: 男
在线时间: 3967 小时
注册时间: 2004-7-4
最后登录: 2008-7-6

发短消息
加为好友
当前离线

楼主大中小发表于 2006-3-9 03:01 只看该作者

[转载]Entropy Based Worm and Anomaly Detection in Fast IP Networks

信息来源：邪恶八进制信息安全团队（www.eviloctal.com）

We have developed an entropy-based approach, that determines and reports entropy contents of traffic parameters such as IP addresses. Changes in the entropy content indicate a massive network event. We give analyses on two Internet worms as proof-of-concept. While our primary focus is detection of fast worms, our approach should also be able to detect other network events. We discuss implementation alternatives and give benchmark results. We also show that our approach scales very well.

附件

wetice05_entropy.rar (113 KB): 2006-3-9 03:01, 下载次数: 43

曾几何时，有人对我说：装B遭雷劈。我说：去你妈的。于是，这个人又对我说：如果再说脏话，上帝会惩罚你的。我说：我操上帝。结论：彪悍的人生不需要上帝。

TOP

‹‹ 上一主题 | 下一主题 ››

邪恶八进制信息安全团队技术讨论组 » 骨干网络运营{ Backbone Security } » 蠕虫监控[ Anti DDoS ] » [转载]Entropy Based Worm and Anomaly Detection in Fast IP Networks