| 基于通信流量特征的隐秘P2P僵尸网络检测 |
| |
| 引用本文: | 李晓利,汤光明.基于通信流量特征的隐秘P2P僵尸网络检测[J].计算机应用研究,2013,30(6):1867-1870. |
| |
| 作者姓名: | 李晓利 汤光明 |
| |
| 作者单位: | 1. 1. 信息工程大学, 郑州 450004; 2. 解放军63895部队, 河南 孟州 454750
2. 信息工程大学,郑州,450004 |
| |
| 摘 要: | 针对目前基于网络的P2P僵尸网络检测中特征建模不完善、不深入的问题, 以及僵尸网络中通信具有隐蔽性的特点, 提出一种对通信流量特征进行聚类分析的检测方法。分析P2P僵尸网络在潜伏阶段的通信流量统计特征, 使用结合主成分分析法和X-means聚类算法的两阶段聚类方法对特征数据集进行聚类分析, 进而达到检测P2P僵尸网络的目的。实验结果表明, 该方法具有较高的检测率和较好的识别准确性, 并保证了较快的执行效率。
|
| 关 键 词: | P2P僵尸网络 通信流量特征 潜伏阶段 两阶段聚类 主成分分析 X-means聚类算法 |
Detecting stealthy P2P botnets based on communication traffic characteristics |
| |
| LI Xiao-li,TANG Guang-ming.Detecting stealthy P2P botnets based on communication traffic characteristics[J].Application Research of Computers,2013,30(6):1867-1870. |
| |
| Authors: | LI Xiao-li TANG Guang-ming |
| |
| Affiliation: | 1. Information Engineering University, Zhengzhou 450004, China; 2. Unit 63895 of PLA, Mengzhou Henan 454750, China |
| |
| Abstract: | Aiming at the problems that feature modeling was deficient and unthorough in network-based P2P botnet detection, and the characteristic that communication in botnet was elusive, this paper proposed a detecting method based on communication traffic characteristics. Firstly, it analyzed the communication traffic characteristics of P2P botnets in latency. Secondly, it used two-stages clustering algorithm which combined principal components analysis and X-means clustering algorithm to cluster flow attributes set, so as to achieve the purpose of detecting P2P botnets. Experimental results show that the method has a higher detection rate and better recognition accuracy, ensuring faster execution efficiency at the same time. |
| |
| Keywords: | P2P botnets communication traffic characteristics latency two-stage clustering principal components analysis X-means clustering algorithm |
| 本文献已被 万方数据 等数据库收录! |
| 点击此处可从《计算机应用研究》浏览原始摘要信息 |
|
点击此处可从《计算机应用研究》下载全文 |
|
