| 基于流量时空特征的fast-flux僵尸网络检测方法 |
| |
| 引用本文: | 牛伟纳,蒋天宇,张小松,谢娇,张俊哲,赵振扉.基于流量时空特征的fast-flux僵尸网络检测方法[J].电子与信息学报,2020,42(8):1872-1880. |
| |
| 作者姓名: | 牛伟纳 蒋天宇 张小松 谢娇 张俊哲 赵振扉 |
| |
| 作者单位: | 1.电子科技大学计算机科学与工程学院/网络空间安全研究院 成都 6117312.鹏城实验室网络空间安全研究中心 深圳 5180403.四川大学网络空间安全学院 成都 610065 |
| |
| 基金项目: | 国家重点研发计划(2016QY06X1205, 2018YFB0804050),国家自然科学基金(61572115) |
| |
| 摘 要: | 僵尸网络已成为网络空间安全的主要威胁之一,虽然目前可通过逆向工程等技术来对其进行检测,但是使用了诸如fast-flux等隐蔽技术的僵尸网络可以绕过现有的安全检测并继续存活。现有的fast-flux僵尸网络检测方法主要分为主动和被动两种,前者会造成较大的网络负载,后者存在特征值提取繁琐的问题。因此为了有效检测fast-flux僵尸网络并解决传统检测方法中存在的问题,该文结合卷积神经网络和循环神经网络,提出了基于流量时空特征的fast-flux僵尸网络检测方法。结合CTU-13和ISOT公开数据集的实验结果表明,该文所提检测方法和其他方法相比,准确率提升至98.3%,召回率提升至96.7%,精确度提升至97.5%。
|
| 关 键 词: | 僵尸网络 Fast-flux 卷积神经网络 循环神经网络 |
| 收稿时间: | 2019-09-19 |
Fast-flux Botnet Detection Method Based on Spatiotemporal Feature of Network Traffic |
| |
| Weina NIU,Tianyu JIANG,Xiaosong ZHANG,Jiao XIE,Junzhe ZHANG,Zhenfei ZHAO.Fast-flux Botnet Detection Method Based on Spatiotemporal Feature of Network Traffic[J].Journal of Electronics & Information Technology,2020,42(8):1872-1880. |
| |
| Authors: | Weina NIU Tianyu JIANG Xiaosong ZHANG Jiao XIE Junzhe ZHANG Zhenfei ZHAO |
| |
| Affiliation: | 1.Institute for Cyber Security, School of Computer Science and Engineering, University of Electronic Science and Technology of China, Chengdu 611731, China2.Cyberspace Security Research Center, Peng Cheng Laboratory, Shenzhen 518040, China3.College of Cybersecurity, Sichuan University, Chengdu 610065, China |
| |
| Abstract: | Botnets have become one of the main threats to cyberspace security. Although they can be detected by techniques such as reverse engineering, botnets using covert technologies such as fast-flux can successfully bypass existing security detection and continue to survive. The existing fast-flux botnet detection methods are mainly divided into active and passive, the former will cause a large network load, and the latter has the problem of cumbersome feature value extraction. In order to effectively detect fast-flux botnets and alleviate the problems in traditional detection methods, a fast-flux botnet detection method based on spatiotemporal features of network traffic is proposed, combined with convolutional neural networks and recurrent neural network models, the fast-flux botnet is detected from both spatial and temporal dimensions. Experiments performed on the CTU-13 and ISOT public data sets show that compared with other methods, the accuracy rate of the proposed method is 98.3%, the recall rate is 96.7%, and the accuracy is 97.5%. |
| |
| Keywords: | |
|
| 点击此处可从《电子与信息学报》浏览原始摘要信息 |
|
点击此处可从《电子与信息学报》下载全文 |
|
