Research of worm detection based on remote software authentication and sequential probability ratio analysis
GUO Qiang1, ZHANG Chongyang2
1.Information Technology Center, China National Offshore Oil Corporation, Beijing 100010, China;2.School of Computer Science and Technology, Nanjing University of Science and Technology, Nanjing 210094, China
Abstract:As the only authentication method can't detect infected nodes that is not in the random selection set, an improved method is proposed, which uses sequential probability ratio analysis (SPRA) and remote software authentication to detect worm propagation. Firstly, the detector is used to observe the communication mode in the wireless sensor network, and identify the connection chains that will not appear in the normal traffic. Then, when the probe node detects the worm propagation mode, the remote software authentication is initiated, and the regional nodes capture the worm propagation through the SPRA collaboration. The simulation results show the effectiveness of the proposed method. Compared with the only authentication method and the support vector regression (SVR) method, the proposed method has better robustness to worm detection. In worm environment, the number of authentication times required for worm detection and blocking is higher than that of the only authentication method, but lower than that of the SVR method. And the total cost is good.
郭 强,张重阳. 基于远程软件认证和序贯概率比分析的蠕虫检测[J]. 华中师范大学学报(自然科学版), 2018, 52(4): 461-467.
GUO Qiang,ZHANG Chongyang. Research of worm detection based on remote software authentication and sequential probability ratio analysis. journal1, 2018, 52(4): 461-467.
2018, Vol. 52 
