| 一种基于网络行为分析的HTTP木马检测模型 |
| |
| 引用本文: | 易军凯,刘健民,万静.一种基于网络行为分析的HTTP木马检测模型[J].北京化工大学学报(自然科学版),2014,41(3):114. |
| |
| 作者姓名: | 易军凯 刘健民 万静 |
| |
| 作者单位: | 北京化工大学信息科学与技术学院,北京 100029;北京化工大学信息科学与技术学院,北京 100029;北京化工大学信息科学与技术学院,北京 100029 |
| |
| 基金项目: | 中央高校基本科研业务费(zz1311) |
| |
| 摘 要: | 基于HTTP协议进行网络通信的木马能够躲避部分网络安全监控系统的检测,是互联网安全的一个重大威胁。通过对该类木马样本和普通程序样本网络行为的对比分析,得到该类木马的6个网络行为特征,综合利用层级聚类、Davies-Bouldin指数和k-means聚类方法提出了一种木马检测模型,实现了HTTP木马检测。结果表明,该HTTP木马检测模型准确率较高,误报率较低。
|
| 关 键 词: | 木马检测 网络行为 HTTP |
| 收稿时间: | 2013-06-28 |
A model of an HTTP-based Trojan detection based on network behavior analysis |
| |
| YI JunKai,LIU JianMin,WAN Jing.A model of an HTTP-based Trojan detection based on network behavior analysis[J].Journal of Beijing University of Chemical Technology,2014,41(3):114. |
| |
| Authors: | YI JunKai LIU JianMin WAN Jing |
| |
| Institution: | College of Information Science and Technology, Beijing University of Chemical Technology, Beijing 100029,China |
| |
| Abstract: | HTTP-based Trojans which can avoid detection by a network security monitoring system are a major threat to internet security. In this paper we obtain six characteristics that can represent the network behavior of such Trojans through analyzing and comparing the network behavior of HTTP-based Trojan and normal program samples. We propose a model for Trojan detection that utilizes a single-linkage hierarchical clustering algorithm, the Davies-Bouldin index and a k-means clustering algorithm. The results show that the model of Trojan detection is suitable for detecting Trojans with high accuracy and low false positive ratios. |
| |
| Keywords: | |
| 本文献已被 CNKI 万方数据 等数据库收录! |
| 点击此处可从《北京化工大学学报(自然科学版)》浏览原始摘要信息 |
| 点击此处可从《北京化工大学学报(自然科学版)》下载免费的PDF全文 |
