| P2P僵尸网络的快速检测技术 |
| |
| 引用本文: | 于戈,于晓聪,董晓梅,秦玉海.P2P僵尸网络的快速检测技术[J].东北大学学报(自然科学版),2010,31(12):1709-1712. |
| |
| 作者姓名: | 于戈 于晓聪 董晓梅 秦玉海 |
| |
| 作者单位: | 东北大学,信息科学与工程学院,辽宁沈阳110004;中国刑事警察学院,计算机犯罪侦查系,辽宁沈阳110035 |
| |
| 基金项目: | 国家高技术研究发展计划项目,国家自然科学基金资助项目 |
| |
| 摘 要: | 以僵尸网络为平台的攻击发展迅速,其控制协议与结构不断演变,基于P2P协议的分布式结构僵尸网络得到快速发展.现有的P2P僵尸网络检测技术大都通过分析历史网络流量信息来进行离线检测,很难保证检测结果的准确性,也较难满足实时性需求.针对这种情况,提出P2P僵尸网络快速检测技术,首先采用一种改进的增量式分类技术,在线分离出满足P2P协议的网络流量;然后利用P2P僵尸主机的通信模式具有行为相似性和周期性的特点,通过动态聚类技术和布尔自相关技术,快速检测出可疑僵尸主机.实验结果表明该技术能够高效实现P2P僵尸网络的快速检测.
|
| 关 键 词: | P2P僵尸网络 快速检测 增量式分类 动态聚类 布尔自相关 |
Rapid Detection Technique for P2P-Based Botnets |
| |
| YU Ge,YU Xiao-cong,DONG Xiao-mei,QIN Yu-hai.Rapid Detection Technique for P2P-Based Botnets[J].Journal of Northeastern University(Natural Science),2010,31(12):1709-1712. |
| |
| Authors: | YU Ge YU Xiao-cong DONG Xiao-mei QIN Yu-hai |
| |
| Institution: | YU Ge1,YU Xiao-cong2,DONG Xiao-mei1,QIN Yu-hai2(1.School of Information Science & Engineering,Northeastern University,Shenyang 110004,China,2.Department of Computer Crime Detection,China Criminal Police College,Shenyang 110035,China) |
| |
| Abstract: | The attacks due to P2P-based botnet are increasingly one of the most serious threats to the Internet.The existing detection strategies for P2P-based botnets just focus on the offline detection methods by tracking the historical network traffic,which can hardly meet the requirement for real-time and precision.A new technique is therefore proposed to detect the P2P-based botnet activities rapidly,where an improved incremental classification technique is introduced to distinguish the P2P-based network traffic ... |
| |
| Keywords: | P2P-based botnet rapid detection incremental classification dynamical clustering Boolean auto-correlation |
| 本文献已被 CNKI 万方数据 等数据库收录! |
| 点击此处可从《东北大学学报(自然科学版)》浏览原始摘要信息 |
| 点击此处可从《东北大学学报(自然科学版)》下载免费的PDF全文 |
|
