摘要： 针对日益增多的IM蠕虫，提出一种基于IM蠕虫传播特性的检测方案，在网关处监测所有的IM消息，通过统计可疑消息的增长情况来检测蠕虫，采用动态队列减少存储量，并利用用户验证模块对可疑消息进行确认，提高检测的准确性。实验表明，该方案在保证检测成功率的基础上，能有效减轻服务器负担，节约存储资源，并且减少了对正常通信的影响。

关键词: IM蠕虫, 行为特征, 扼杀, 检测

Abstract: This paper presents a method of detecting Instant Messaging(IM) worm on the base of its propagation characteristics. It monitors all the IM messages at the gateway and detects worm through statistical growth of suspicious messages. It adopts dynamical queues to reduce the storage and implements a user confirmation module to verify suspicious messages which improves the detection accuracy. Experiments show that on the basis of assuring the detection accuracy, it can effectively reduce the burden of the server, save the memory resources and reduce the impact on normal communication.

Key words: Instant Messaging(IM) worm, behavior characteristic, stifling, detection

中图分类号: 

• TP393.08