关键词:正态分布; 异常流量; 可信区间; 蠕虫
Worm detection technology research of net-flow dynamic
critical line established based on statistical analytic method
WANG Yong-chaoa, XIE Yong-kaia, ZHU Zhi-pinga, LIN Huai-zhongb
(a.Center of Network & Information, b.Institute of Artificial Intelligence, Zhejiang University, Hangzhou 310027, China)
Abstract:This paper raised a method detect the abnormal net-flow based on normal distribution, then estimated the existence of Internet worm in internal network. According to the normal distribution character of the history flow, this method computed the normal behavior trusted zone of data flow in network, judged the inspected flow abnormal flow if it went beyond the trusted zone, and alarmed the threat of Internet worm. Combined with this method, further analyzed how to use two-factor model ana-lysis of the number of Internet worms in network. ......