计算机科学与探索 ›› 2008, Vol. 2 ›› Issue (2): 131-138.

• 综述·探索 • 上一篇    下一篇

多态蠕虫的研究与进展

徐晓萌+,郭山清,徐秋亮   

  1. 山东大学 计算机科学与技术学院,济南 250101
  • 收稿日期:1900-01-01 修回日期:1900-01-01 出版日期:2008-04-20 发布日期:2008-04-20
  • 通讯作者: 徐晓萌

Polymorphic worm’s research and revolution

XU Xiaomeng+, GUO Shanqing, XU Qiuliang

  

  1. College of Computer Science and Technology, Shandong University, Ji’nan 250101, China
  • Received:1900-01-01 Revised:1900-01-01 Online:2008-04-20 Published:2008-04-20
  • Contact: XU Xiaomeng

摘要: 随着网络系统应用及复杂性的增加,网络蠕虫成为网络系统安全的重要威胁。最近,蠕虫本身又有了新的进展,即多态蠕虫的出现,其通过使用多种变形技术可以很容易地避开现有入侵检测系统的检测,成为未来威胁到互联网络安全的一个重大隐患。目前,针对多态蠕虫的检测技术的研究已经成为现在蠕虫研究的热点。首先综合论述了多态蠕虫本身的结构,然后对近几年针对多态蠕虫的防治技术进行了归纳总结和比较分析,最后给出针对多态网络蠕虫研究的热点问题及展望。

关键词: 多态蠕虫, 内容过滤, 基于行为的检测, 语义分析

Abstract: As the improvement of network applications and complexity, Internet worms have become the threat to the security of the network. Recently, worms have new revolution that is polymorphic worms, which could use many metamorphic techniques to evade the detection of the existing IDSes. At present, the detection technologies of polymorphic worms have become the focus of the worm research. The structure of polymorphic worms is firstly presented, then some detection techniques in recent years are concluded and an analysis is given, and finally some problems and research trends in this area are proposed.

Key words: polymorphic worm, content-sifting, behavior-based detection, semantic analysis