共查询到20条相似文献,搜索用时 265 毫秒
1.
2.
目前僵尸网络主要是通过网络流量分析的方法来进行检测,这往往依赖于僵尸主机的恶意行为,或者需要外部系统提供信息。另外传统的流量分析方法计算量很大,难以满足实时要求。为此该文提出一种基于MapReduce的僵尸网络在线检测算法,该算法通过分析网络流量并提取其内在的关联关系检测僵尸网络,并在云计算平台上进行数据分析,使数据获取和数据分析工作同步进行,实现在线检测。实验结果表明该算法的检测率可达到90%以上,误报率在5%以下,并且数据量较大时加速比接近线性,验证了云计算技术在僵尸网络检测方面的可行性。 相似文献
3.
4.
5.
6.
7.
针对现有网络流量异常检测方法不适用于实时无线传感器网络(WSN)检测环境、缺乏合理异常判决机制的问题,该文提出一种基于平衡迭代规约层次聚类(BIRCH)的WSN流量异常检测方案.该方案在扩充流量特征维度的基础上,利用BIRCH算法对流量特征进行聚类,通过设计动态簇阈值和邻居簇序号优化BIRCH聚类过程,以提高算法的聚类... 相似文献
8.
如今,对网络流量中各种应用进行准确分类和识别已经变得越来越重要,针对目前流量分析研究的不足,本文综合国内外相关研究成果,提出了在双向动态网络流模型的基础上,采用细粒度的Packet-Level序列特征属性对流量进行分析,建立序列特征属性与网络流类型之间的关联关系,实现了一种高效的、与端口无关的网络流分类方法. 相似文献
9.
随着物联网的广泛应用,物联网的安全问题受到越来越多的关注.针对物联网环境下异常网络流量问题,提出了基于机器学习的物联网异常流量检测方法.首先通过使用聚类算法分析物联网一段时间内网络数据的特征,然后使用连续假设检验算法对特征进行分类,并对恶意流量的空间分布进行二次特征分析.实验表明,相对于传统的异常流量检测方法,该检测方... 相似文献
10.
《现代电子技术》2016,(14)
网络入侵具有较强的破坏以及不可控性,受到入侵攻击后的网络流量存在冲突、约束数据带宽等随机因素,使得网络流量产生波动,稳定性降低。以往网络波动控制方法,在网络波动性高于设置的阈值后,控制方法不能对网络波动进行有效控制。因此,基于自抗扰控制器,设计并实现网络波动控制系统,该系统包括流量采集模块、流量汇总模块、流量异常检测和控制模块以及警示模块,并且具备网络探析部件、主机探析部件、策略管理中心、控制台四大功能。系统采用自抗扰处理器对入侵攻击产生的流量波动进行控制,确保网络流量的均衡性。实验结果表明,所提方法下的网络入侵行为显著降低,具有较低的网络入侵性能。 相似文献
11.
Botnets are networks composed with malware-infect ed computers.They are designed and organized to be controlled by an adversary.As victims are infected through their inappropriate network behaviors in most cases,the Internet protocol(IP) addresses of infected bots are unpredictable.Plus,a bot can get an IP address through dynamic host configuration protocol(DHCP),so they need to get in touch with the controller initiatively and they should attempt continuously because a controller can’t be always online.The whole process is carried out under the command and control(C&C) channel.Our goal is to characterize the network traffic under the C&C channel on the time domain.Our analysis draws upon massive data obtained from honeynet and a large Internet service provider(ISP) Network.We extract and summarize fingerprints of the bots collected in our honeynet.Next,with the fingerprints,we use deep packet inspection(DPI) Technology to search active bots and controllers in the Internet.Then,we gather and analyze flow records reported from network traffic monitoring equipments.In this paper,we propose a flow record interval analysis on the time domain characteristics of botnets control traffic,and we propose the algorithm to identify the communications in the C&C channel based on our analysis.After that,we evaluate our approach with a 3.4 GB flow record trace and the result is satisfactory.In addition,we believe that our work is also useful information in the design of botnet detection schemes with the deep flow inspection(DFI) technology. 相似文献
12.
基于信誉度的移动自组网入侵检测分簇算法 总被引:1,自引:0,他引:1
针对已有基于路由的分簇算法,不适用于移动自组网入侵检测的特性要求,文中提出了一种基于信誉度的入侵检测分簇算法(CIDS).该算法从簇结构安全、稳定的角度出发,采用信誉度的概念对网络节点属性进行数学抽象,定义了节点信誉度的数学表达式,选择综合信誉度高的节点收集网络教据、检测网络行为.为移动自组网入侵检测系统提供了稳定、安全的支持. 相似文献
13.
A standout amongst the most dangers to the cyber security is known as Botnet since it offers a conveyed stage for many undesirable activities. From the network traffic flow, the identification of Botnet is a fundamental test. Artificial Neural Network–Particle Swarm Optimization (ANN–PSO) based botnet discovery is proposed in this paper. In this paper, ISCX dataset is utilized for botnet location. The features are classified as botnet flow and normal flow by giving the features separated from the dataset as a contribution to the grouping. For grouping, we have displayed ANN–PSO which lessens the false classification ratio and time multifaceted nature to 3.3% and 14 s. We contrast our proposed work with other existing work and demonstrate that our work is superior to anything that of alternate works in the simulation results.
相似文献14.
Jie He Yuexiang Yang Xiaolei Wang Zhiguo Tan 《International Journal of Network Management》2017,27(5)
Peer‐to‐peer (P2P) botnets have become one of the major threats to network security. Most existing botnet detection systems detect bots by examining network traffic. Unfortunately, the traffic volumes typical of current high‐speed Internet Service Provider and enterprise networks are challenging for these network‐based systems, which perform computationally complex analyses. In this paper, we propose an adaptive traffic sampling system that aims to effectively reduce the volume of traffic that P2P botnet detectors need to process while not degrading their detection accuracy. Our system first identifies a small number of potential P2P bots in high‐speed networks as soon as possible, and then samples as many botnet‐related packets as possible with a predefined target sampling rate. The sampled traffic then can be delivered to fine‐grained detectors for further in‐depth analysis. We evaluate our system using traffic datasets of real‐world and popular P2P botnets. The experiments demonstrate that our system can identify potential P2P bots quickly and accurately with few false positives and greatly increase the proportion of botnet‐related packets in the sampled packets while maintain the high detection accuracy of the fine‐grained detectors. 相似文献
15.
Machine learning technology has wide application in botnet detection.However,with the changes of the forms and command and control mechanisms of botnets,selecting features manually becomes increasingly difficult.To solve this problem,a botnet detection system called BotCatcher based on deep learning was proposed.It automatically extracted features from time and space dimension,and established classifier through multiple neural network constructions.BotCatcher does not depend on any prior knowledge which about the protocol and the topology,and works without manually selecting features.The experimental results show that the proposed model has good performance in botnet detection and has ability to accurately identify botnet traffic . 相似文献
16.
17.
Mahsa Nazemi Gelian Hoda Mashayekhi Yoosof Mashayekhi 《International Journal of Communication Systems》2019,32(16)
Botnets have been recently recognized as one of the most formidable threats on the Internet. Different approaches have been designed to detect these types of attacks. However, as botnets evolve their behavior to mislead the signature‐based detection systems, learning‐based methods may be deployed to provide a generalization capacity in identifying unknown botnets. Developing an adaptable botnet detection system, which incrementally evolves with the incoming flow stream, remains as a challenge. In this paper, a self‐learning botnet detection system is proposed, which uses an adaptable classification model. The system uses an ensemble classifier and, in order to enhance its generalization capacity, updates its model continuously on receiving new unlabeled traffic flows. The system is evaluated with a comprehensive data set, which contains a wide variety of botnets. The experiments demonstrate that the proposed system can successfully adapt in a dynamic environment where new botnet types are observed during the system operation. We also compare the system performance with other methods. 相似文献
18.
19.
基于决策树的僵尸流量检测方法研究 总被引:1,自引:0,他引:1
僵尸网络目前是互联网面临的安全威胁之一,检测网络中潜在的僵尸网络流量对提高互联网安全性具有重要意义。论文重点研究了基于IRC协议的僵尸网络,以僵尸主机与聊天服务器之间的会话特征为基础,提出了一种基于决策树的僵尸网络流量检测方法。实验证明该方法是可行的。 相似文献
20.
密度峰聚类(DPC)算法采用点的密度与距离属性对数据进行划分。该算法对大多数数据集能获得较好的聚类结果。然而,对于存在交叉、重叠情况的数据集,DPC算法的最近邻居分配方法将造成较大误差。针对这一缺陷,本文考虑到数据点的大部分邻居属于相同的簇,提出一种多邻居投票的聚类方法。该方法采取多个邻居的投票结果来决定未知点的归属。数值实验表明,基于投票法的密度峰聚类算法在面对点分布存在交叉、重叠情况的数据集时优于DPC算法。 相似文献