关键词: 网络安全, 网络行为, 蠕虫检测

Abstract: As the updating speed of the worm and other malicious codes grows faster and faster, how to analyze large sum of malicious sample quickly and effectively becomes an issue of research on internet security. Therefore, an analysis algorithm for worm network behavior based on event sequence was proposed. This algorithm uses the data flow recombination and compression methods to process the pure malicious data. With this procedure, it can get the network behavior profile and the signature of the worm. The application of this algorithm will greatly improve the efficiency of analyzing the worm network behavior, which will be significant for the deployment of firewalls and network invasion detection systems.

Key words: worm detect , network behavior, network security