隐蔽式网络攻击通道的两步检测方法(英文)

来源 :中国通信 | 被引量 : 0次 | 上传用户:xurikeji
下载到本地 , 更方便阅读
声明 : 本文档内容版权归属内容提供方 , 如果您对本文有版权争议 , 可与客服联系进行内容授权或下架
论文部分内容阅读
With the rapid developments of information technology,various industries become much more dependent on networks.Driven by economic interests and the game between countries reflected by growing cyberspace confrontations,evasive network attacks on information infrastructures with high-tech,high concealment and longterm sustainability become severe threats to national security.In this paper,we propose a novel two-phased method for the detection of evasive network attacks which exploit or pretend to be common legal encryption services in order to escape security inspection.Malicious communications which camouflage themselves as legal encryption application are identified in the SSL’session structure verification phase firstly,and then by serverside X.509 certificate based anomaly detection,suspicious attack behaviors are further distinguished effectively.Experiment results show that our method is very useful for detecting the network activities of certain unknown threats or new malwares.Besides,the proposed method can be applied to other similar services easily. With the rapid developments of information technology, various industries become much more dependent on networks. Driving under economic interests and the game between countries reflected by growing cyberspace confrontations, evasive network attacks on information infrastructures with high-tech, high concealment and longterm sustainability become severe threats to national security.In this paper, we propose a novel two-phased method for the detection of evasive network attacks which exploit or pretend to be common legal encryption services in order to escape security inspection. Malicious communications which camouflage themselves as legal encryption application are identified in the SSL session mechanism verification phase first, and then by serverside X.509 certificate based anomaly detection, suspicious attack behaviors are further distinguished effectively. Trial results show that our method is very useful for detecting the network activities of yet or new malwares.Be sides, the proposed method can be applied to other similar services easily.
其他文献
有理数运算中,常发生以下几方面错误:一、概念不清例1 a和-a各是什么数?错解a是正数,-a是负数剖析:由于同学们初次学习正负数和错误的思维定势,误认为a是正数,-a是负数.正解
如果想在哪本旅游手册或者哪家旅行社的旅游线路图上找到白马湖这个名字,恐怕不是一件容易的事。可是,如果你翻开中国现代文学的卷帙,你会惊讶地发现,白马湖曾经存在于那么
高考结束后考生即面临着志愿的填报。我国高考志愿填报在方式上无外乎三种:考前填报、考后估分填报和高考成绩公布之后填报。但不管是那种方式,志愿填报都存在着一个“猜”
今年的高考早已落下帷幕。虽然考生对理综卷中的生物实验题 ,即26、27题的意见颇大 ,认为其超出了考纲 ,但笔者认为今年的实验题很有创新意识 ,是符合高考命题原则的典型题型
从电源电压和电阻这两个常规的不变量出发, 以电源电压为主线进行串联电路问题的列式求解是一种易为掌握的为大多数同学易于接受的基本简便解法。在具体做题时常用到下面的
一、错在去分母1.违背等式基本性质2,方程两边不是同乘以“同一个数”.例1 解方程(3y+7)/5=(2y-3)/7. 错解去分母,得3y+7=2y-3. 评析:方程两边应同乘以5和7的最小公倍数35,
俄罗斯铁道部长GuennadijFadeyev最近公布了下几个月内将开始实施的几项重大的俄罗斯铁路管理体制改革计划。俄罗斯总统叶利钦已批准尽快实施这些改革计划。这些改革计划是在
今人陆昕、李树琴主编的《奇联妙对传世佳话》(学苑出版社北京版)72页,编者解释书中人物王老先生所出上联“鼻孔子,眼珠子,珠子高于孔子”道:  此联中“珠”借用了“朱”的音,“珠子”实则指“朱子”孔子、朱子都是春秋时期的著名学者,但孔子的名声当然远在朱子之上……  春秋时期的著名学者中居然还有个朱子!这使我吃惊不小。我只知道,朱姓源于曹姓,周武王封颛顼之后曹挟于邾地(在今山东曲阜东南),是为邾子挟。
1974年初的一天,热爱旅行和探险的日本青年山井,在菲律宾境内偏僻的丛林里,偶然发现了一名第二次世界大战中不幸的幸运者:广己田中尉。这天,山井深入丛林探险,突然,他意外地
2003年高考英语试题给人一种平和温柔的感觉。考生反映较好,上手容易,只是得分难。试卷内容贴近生活,贴近时代,生活气息浓郁。2003年的试题总体 The 2003 college entrance