| 基于异常行为特征的僵尸网络检测方法研究 |
| |
| 引用本文: | 杨奇,何聚厚.基于异常行为特征的僵尸网络检测方法研究[J].电子科技,2010,23(11):109-112. |
| |
| 作者姓名: | 杨奇 何聚厚 |
| |
| 作者单位: | (陕西师范大学 计算机科学学院,陕西 西安 710062) |
| |
| 摘 要: | 基于僵尸网络通信及网络流量的异常行为,可以有效检测出僵尸频道。介绍了通过对主机响应信息的异常分析,进而判断出当前IRC频道是否为一个僵尸频道的检测算法。由此引入了基于异常行为的僵尸频道检测模型,该模型分类提取IRC频道的主机响应信息,结合检测算法分析得出结论。实验结果验证了该模型的有效性。
|
| 关 键 词: | 僵尸网络 僵尸频道 响应集群 |
Abnormal Behavior-Based Botnet Detection Algorithm |
| |
| Yang Qi,He Juhou.Abnormal Behavior-Based Botnet Detection Algorithm[J].Electronic Science and Technology,2010,23(11):109-112. |
| |
| Authors: | Yang Qi He Juhou |
| |
| Affiliation: | (School of Computer Science,Shaanxi Normal University,Xi'an 710062,China) |
| |
| Abstract: | The zombie network communications and network traffic based abnormal behavior can detect the botnet channel effectively.This paper describes an algorithm which can determine whether the current IRC channel is a botnet channel or not through the analysis of the information on the response.The Anomaly-based detection model about the botnet channel is introduced,which extracts the information on the response and draws a conclusion by the testing algorithm.The experimental results verify the validity of the mod... |
| |
| Keywords: | botnet botnet channel response clusters |
| 本文献已被 CNKI 维普 万方数据 等数据库收录! |
| 点击此处可从《电子科技》浏览原始摘要信息 |
|
点击此处可从《电子科技》下载全文 |
