| 僵尸网络在线检测技术研究 |
| |
| 引用本文: | 于晓聪,董晓梅,于戈,秦玉海.僵尸网络在线检测技术研究[J].武汉大学学报(信息科学版),2010(5). |
| |
| 作者姓名: | 于晓聪 董晓梅 于戈 秦玉海 |
| |
| 作者单位: | 东北大学信息科学与工程学院;中国刑事警察学院计算机犯罪侦查系; |
| |
| 基金项目: | 国家自然科学基金资助项目(60873199); 国家973计划子项目资助项目(2006CB303000) |
| |
| 摘 要: | 僵尸网络为平台的攻击发展迅速,当前大多数的检测方法是通过分析历史网络流量信息来发现特定协议的僵尸网络,难以满足实时需要,且不能通用。针对这种情况,提出了一种独立于控制协议与结构的僵尸网络在线检测技术,能够从网络流量数据中快速检测出可疑僵尸主机。模拟实验结果表明,该技术能够高效地实现僵尸网络在线检测。
|
| 关 键 词: | 僵尸网络 在线检测 增量式分类 动态聚类 |
Online Botnet Detection Techniques |
| |
| YU Xiaocong, DONG Xiaomei YU Ge QIN Yuhai.Online Botnet Detection Techniques[J].Geomatics and Information Science of Wuhan University,2010(5). |
| |
| Authors: | YU Xiaocong DONG Xiaomei YU Ge QIN Yuhai |
| |
| Institution: | YU Xiaocong1,2 DONG Xiaomei1 YU Ge1 QIN Yuhai2(1 School of Information Science , Engineering,Northeastern University,11 Wenhua Road,Shenyang 110004,China)(2 Department of Computer Crime Detection,China Criminal Police College,83 Tawan Street,Shenyang 110035,China) |
| |
| Abstract: | Botnet-based attacking is becoming one of the most serious threats on the Internet.Lots of approaches have been proposed to detect the presence of botnet.However,most of them just focus on offline detection methods by tracking the historical network traffic,which is not suitable for real-time and general detection.In this paper,we propose a new technique that can detect the botnet activities in an online fashion,which is also independent of the botnet structure.The experimental evaluations show that this ap... |
| |
| Keywords: | botnet online detection incremental classification dynamical clustering |
| 本文献已被 CNKI 等数据库收录! |
|
