Research on Worm Detection Technology Based on Payload

In view of the present situation of large scale and high speed network.A method of worm detection was presented based on analysis of similarity of payload of connection which compute similarity of connection by using computing hanming distance of payload of connection.Comparing with arithmetic of longest common subsequence,this method can reduce computational resource consumption.And on this basis,present a detection system com bining with the coarse-grained anomaly detection and fine-grained analysis of behavior.Further exclude non worm traffic,focus on worm traffic and reduce the similarity calculation.The experiment proved this method can detect unknown worm.