帮助 关于我们

返回检索结果

基于模糊聚类的僵尸网络识别技术
Botnet Identification Technology Based on Fuzzy Clustering

查看参考文献23篇

文摘 融合蠕虫、后门、木马等技术为一体的僵尸网络因其可被攻击者用于发送垃圾邮件、实施拒绝服务攻击、窃取敏感信息等,已成为高持续性威胁攻击的“后盾”.现有的僵尸网络检测方法多数局限于特定的僵尸网络类型,且不能有效处理边界附近的数据.为此,提出一种基于网络流量相似性的僵尸网络识别方法.该方法不依赖于数据包内容,可处理加密流量.通过提取数据集中流和包的统计特征,分别对每个特征进行模糊聚类,判别其模糊类别的特征边界,并基于最大隶属度原则判断是否存在僵尸网络流量,根据支持度和置信度筛选关联规则,从而确定具体的僵尸网络类型.实验结果表明,该方法可有效识别僵尸网络流量,并且能够对僵尸网络的类型进行预判.
其他语种文摘 A Botnet that combining worms,backdoors,and Trojans has become the backing of Advanced Persistent Threat( APT ) attacks because it can be used by attackers to send spam,perform denial of service attacks,and steal sensitive information. Existing Botnet detection methods are mostly limited to specific Botnet types and cannot effectively process data near the boundary. Therefore,a Botnet identification method based on network traffic similarity is proposed. This method does not rely on packet content and can handle encrypted traffic. By extracting the statistical features of the data stream and the packet, each feature is fuzzy clustered,the feature boundary of the fuzzy category is discriminated, and the Botnet traffic is judged based on the principle of maximum affiliation degree. According to the support degree and confidence degree, associate rules are filtered to determine the specific Botnet type. Experimental results show that the method can effectively identify Botnet traffic and predict the type of Botnet.
来源 计算机工程 ,2018,44(10):46-50 【扩展库】
DOI 10.19678/j.issn.1000-3428.0051085
关键词 僵尸网络检测 ; 流量相似性 ; 模糊聚类 ; 特征边界 ; 最大隶属
地址

电子科技大学网络空间安全研究中心, 成都, 611731

语种 中文
文献类型 研究性论文
ISSN 1000-3428
学科 自动化技术、计算机技术
基金 国家自然科学基金 ;  国家电网公司项目
文献收藏号 CSCD:6345010

参考文献 共 23 共2页

1.  Amini P. A survey on Botnet: classification,detection and defense. Proceedings of IEEE IES'15,2015:233-238 被引 1    
2.  Alomari E. Botnet-based distributed denial of service attacks on Web servers: classification and art. International Journal of Computer Applications,2012,49(7):24-32 被引 2    
3.  Gu G. Correlation-based Botnet detection in enterprise networks,2008 被引 1    
4.  杨小燕. P2P僵尸网络检测技术研究,2012 被引 1    
5.  Dittrich D. P2P as Botnet command and control: a deeper insight. Proceedings of the 3rd International Conference on Malicious and Unwanted Software,2008:41-48 被引 2    
6.  Masud M M. Flowbased identification of Botnet traffic by mining multiple log files. Proceedings of the 1st International Conference on Distributed Framework and Applications,2008:200-206 被引 2    
7.  Wang P. Honeypot detection in advanced Botnet attacks. International Journal of Information and Computer Security,2010,4(1):30-51 被引 11    
8.  Feily M. A survey of Botnet and Botnet detection. Proceedings of the 3rd International Conference on Emerging Security Information, Systems and Technologies,2009:268-273 被引 1    
9.  Zhao D. Botnet detection based on traffic behavior analysis and flow intervals. Computers and Security,2013,39(1):2-16 被引 11    
10.  Livadas C. Usilng machine learning technologies to identify Botnet traffic. Proceedings of the 31st IEEE Conference on Local Computer Networks,2006:967-974 被引 2    
11.  Liu L. BotTracer: executionbased bot-like malware detection,2008:97-113 被引 1    
12.  Stinson E. Characterizing bots' remote control behavior. Advances in Information Security,2007,36(1):45-79 被引 1    
13.  Gu G. BotSniffer: detecting Botnet command and control channels in network traffic. Proceedings of the 10th Network and Distributed System Security Symposium,2008:215-222 被引 1    
14.  Thomas M. Kindred domains: detecting and clustering Botnet domains using DNS traffic. Proceedings of the 23rd International Conference on World Wide Web,2014:707-712 被引 1    
15.  Choi H. Identifying Botnets by capturing group activities in DNS traffic. Computer Networks,2012,56(1):20-33 被引 10    
16.  Soltani S. A survey on real world Botnets and detection mechanisms. International Journal of Information and Network Security,2014,3(2):116 被引 1    
17.  Stevanovic M. An efficient flowbased Botnet detection using supervised machine learning. Proceedings of 2014 International Conference on Computing,Networking and Communications,2014:797-801 被引 1    
18.  Ranjan S. Machine learning based botnet detection using real-time extracted traffic features: U. S. Patent 8, 682, 812,2014 被引 1    
19.  Haddadi F. How to choose from different Botnet detection systems. Proceedings of IEEE/IFIP Network Operations and Management Symposium,2016:1079-1084 被引 1    
20.  Yin C. Botnet detection based on correlation of malicious behaviors. International Journal of Hybrid Information Technology,2013,6(6):291-300 被引 1    
引证文献 2

1 程华 基于CNN的加密C&C通信流量识别方法 计算机工程,2019,45(8):31-34,41
被引 6

2 朱涛 基于日志的僵尸网络攻击数据分析 信息网络安全,2022(10):82-90
被引 0 次

显示所有2篇文献

论文科学数据集
PlumX Metrics
相关文献

 作者相关
 关键词相关
 参考文献相关

版权所有 ©2008 中国科学院文献情报中心 制作维护:中国科学院文献情报中心
地址:北京中关村北四环西路33号 邮政编码:100190 联系电话:(010)82627496 E-mail:cscd@mail.las.ac.cn 京ICP备05002861号-4 | 京公网安备11010802043238号