Study of Worm-Attack Detection based on Netflow

Based on analysis of the principle of Netflow and the behaviour characteristics of worm attack,a new worm-attack detection method based on Netflow is proposed.The encoding on detection module of the traffic and characteristic anomalies is implemented,the corresponding experiment environment established,and the simulation of network behavior in occurrence of worm virus RedCode also done.The experimental results show that this detection method could quickly and accurately detect the common worm attack,including the feature extraction and the warning of the new-type worm viruses.