| 基于组特征过滤器的僵尸主机检测方法的研究 |
| |
| 引用本文: | 王劲松,刘帆,张健.基于组特征过滤器的僵尸主机检测方法的研究[J].通信学报,2010,31(2):29-35. |
| |
| 作者姓名: | 王劲松 刘帆 张健 |
| |
| 作者单位: | 1. 天津理工大学,计算机视觉与系统省部共建教育部重点实验室,天津,300191;天津理工大学,智能计算及软件新技术天津市重点实验室,天津,300191
2. 国家计算机病毒应急处理中心,天津,300457 |
| |
| 基金项目: | 国家高技术研究发展计划("863"计划)基金资助项目,天津市科技支撑计划重点项目(08ZCKFGX00600):国家自然科学基金资助项目 |
| |
| 摘 要: | 提出了一种基于组特征过滤器的检测方法,使用多个成员特征对内网主机数据分组进行过滤,以O(tmn)的空间开销为代价,应对短特征串和特征串的分组分散问题,并能与传统的特征匹配算法相兼容.模拟实验证明了该检测算法的正确性和有效性.
|
| 关 键 词: | 网络安全 僵尸检测 组特征 |
Botnet detecting method based on group-signature filter |
| |
| WANG Jin-song,LIU Fan,ZHANG Jian.Botnet detecting method based on group-signature filter[J].Journal on Communications,2010,31(2):29-35. |
| |
| Authors: | WANG Jin-song LIU Fan ZHANG Jian |
| |
| Affiliation: | WANG Jin-song1,2,LIU Fan1,ZHANG Jian3(1.Key Laboratory of Computer Vision , System,Ministry of Education,Tianjin University of Technology,Tianjin 300191,China,2.Tianjin Key Lab of Intelligent Computing & Novel Software Technology,3.National Computer Virus Emergency Response Center,Tianjin 300457,China) |
| |
| Abstract: | A botnet detecting method was presented based on group-signature filter,suitable for the traditional signatures matching algorithm.Using multiple member signatures to filter the packets of hosts from Intranet,the proposed method is able to handle the shortened and scattered signatures at a space expense of O(tmn).The simulated experiment proves the correctness and validity of the detecting method. |
| |
| Keywords: | DPI P2P network security botnet detection group signature DPI P2P |
| 本文献已被 CNKI 万方数据 等数据库收录! |
| 点击此处可从《通信学报》浏览原始摘要信息 |
|
点击此处可从《通信学报》下载全文 |
|
