中文摘要：

提出一种基于连接载荷相似度的蠕虫检测方法,利用汉明距离计算载荷相似度检测未知蠕虫.与最长公共子串算法相比,这种方法更能减少计算资源消耗.并在此基础上,提出结合粗粒度异常检测和细粒度行为分析的检测系统.进一步排查非蠕虫流量,锁定蠕虫报文组,减少相似度的计算量.实验证明,这种方法能够检测出未知蠕虫.

英文摘要：

In view of the present situation of large scale and high speed network.A method of worm detection was presented based on analysis of similarity of payload of connection which compute similarity of connection by using computing hanming distance of payload of connection.Comparing with arithmetic of longest common subsequence,this method can reduce computational resource consumption.And on this basis,present a detection system com bining with the coarse-grained anomaly detection and fine-grained analysis of behavior.Further exclude non worm traffic,focus on worm traffic and reduce the similarity calculation.The experiment proved this method can detect unknown worm.