| 基于动态聚类算法的IRC僵尸网络检测 |
| |
| 引用本文: | 刘建波.基于动态聚类算法的IRC僵尸网络检测[J].哈尔滨商业大学学报(自然科学版),2011,27(5):713-716. |
| |
| 作者姓名: | 刘建波 |
| |
| 作者单位: | 山东财政学院计算机网络中心,济南,250014 |
| |
| 基金项目: | 山东省社科规划项目(09DJGZ18) |
| |
| 摘 要: | 为了快速定位局域网中存在的僵尸网络,提高网络管理效率,通过对IRC僵尸网络运行机制的深入研究,结合经典数学定义在三层交换机上抓取流量并做预处理,按照流量数据的相同元素(源地址,目的地址)划分集合并得到三个向量(IRC命令、包速率和包大小)集合,基于改进的k- means动态聚类算法,合理定义时间滑动窗口,对数据集的三个...
|
| 关 键 词: | IRC 聚类算法 动态检测 k- means算法 滑动窗口 |
Detection of IRC botnet based on dynamical clustering algorithm |
| |
| LIU Jian-bo.Detection of IRC botnet based on dynamical clustering algorithm[J].Journal of Harbin University of Commerce :Natural Sciences Edition,2011,27(5):713-716. |
| |
| Authors: | LIU Jian-bo |
| |
| Institution: | LIU Jian-bo(Network Center,Shandong University of Finance,Jinan 250014,China) |
| |
| Abstract: | In order to locate the botnets in the LAN and improve the efficiency of network management,through the research on the mechanism of the IRC botnet,this paper proposed a dynamical clustering algorithm based on the improvement of k-means.After the preprocessing of flow grasped from layer 3 switches by classical mathematical definition,according to the same element(source address,destination address),three vectors such as IRC instruction,package rate and package size were gained,these vectors based on the reas... |
| |
| Keywords: | IRC clustering algorithm dynamical detection k-means sliding window |
| 本文献已被 CNKI 万方数据 等数据库收录! |
|
