| 利用C-F模型识别僵尸网络迁移 |
| |
| 引用本文: | 臧天宁,云晓春,张永铮,门朝光.利用C-F模型识别僵尸网络迁移[J].武汉大学学报(信息科学版),2010(5). |
| |
| 作者姓名: | 臧天宁 云晓春 张永铮 门朝光 |
| |
| 作者单位: | 哈尔滨工程大学计算机科学与技术学院;中国科学院计算技术研究所;信息内容安全技术国家工程实验室; |
| |
| 基金项目: | 国家863计划资助项目(2007AA01Z444,2007AA01Z467,2007AA01Z474,2007AA010501); 国家自然科学基金资助项目(60703021,60873138); 国家博士后科研启动基金资助项目(LBH-Q08124) |
| |
| 摘 要: | 基于C-F模型识别僵尸网络的迁移,以僵尸网络迁移过程中表现出的多个特征为基础,提出了一种识别僵尸网络迁移的方法,能够协同多个特征判断给定的两批僵尸主机是否具有迁移关系。通过几个典型僵尸样本的评测,有效地识别了僵尸网络的迁移行为。与单纯采用IP地址重合度的方法进行了对比,在僵尸网络成员数量动态变化的情况下,仍然保持了理想的识别结果。
|
| 关 键 词: | 僵尸网络 迁移 C-F模型 |
A Botnet Migration Analyzer Based on the C-F Model |
| |
| ZANG Tianning, YUN Xiaochun, ZHANG Yongzheng, MEN Chaoguang.A Botnet Migration Analyzer Based on the C-F Model[J].Geomatics and Information Science of Wuhan University,2010(5). |
| |
| Authors: | ZANG Tianning YUN Xiaochun ZHANG Yongzheng MEN Chaoguang |
| |
| Institution: | ZANG Tianning1,2,3 YUN Xiaochun1,3 ZHANG Yongzheng2,3 MEN Chaoguang1(1 School of Computer Science , Technology,Harbin Engineering University,145 Nantong Street,Harbin 150001,China)(2 Institute of Computing , Technology,Chinese Academy of Sciences,6 South Kexueyuan Road,Beijing 100190,China)(3 National Engineering Laboratory for Information Security Technologie,China) |
| |
| Abstract: | This paper analyzes several features in the progress of botnet migration and proposes a botnet migration analyzer for analyzing botnet migration based on C-F model.The analyzer fuses these features to decide whether a botnet migrates to another one.Several typical bot samples have been used to evaluate the mothed,most of these bot migration behavior have been identified.Such result is better than the method of decide botnet migration only by the size of duplicated IP addresses. |
| |
| Keywords: | botnet migration C-F model |
| 本文献已被 CNKI 等数据库收录! |
|
