| 基于DNS查询行为的Bot检测 |
| |
| 引用本文: | 李晓利,汤光明,初晓. 基于DNS查询行为的Bot检测[J]. 计算机工程与应用, 2015, 51(1): 106-109 |
| |
| 作者姓名: | 李晓利 汤光明 初晓 |
| |
| 作者单位: | 1.信息工程大学,郑州 4500042.中国人民解放军63895部队 |
| |
| 摘 要: | 提出一种基于DNS查询行为的检测方法。根据Bot的自动运行特性,从DNS查询的角度对主机中的进程进行初步过滤,缩小检测范围;分析Bot与其他进程的DNS反应行为模式的异同,构建Bot-DNS检测模型,在此基础上判断可疑进程是否为Bot。实验结果表明,该方法能够检测出处于生命周期早期阶段的Bot,且检测过程与Bot采用的协议结构无关,具有较好的检测效果。
|
| 关 键 词: | 僵尸程序 自动连接 DNS查询行为 DNS反应行为 |
Bot detection based on DNS query activities |
| |
| LI Xiaoli,TANG Guangming,CHU Xiao. Bot detection based on DNS query activities[J]. Computer Engineering and Applications, 2015, 51(1): 106-109 |
| |
| Authors: | LI Xiaoli TANG Guangming CHU Xiao |
| |
| Affiliation: | 1.Information Engineering University, Zhengzhou 450004, China2.Unit 63895 of PLA |
| |
| Abstract: | This paper proposes a new method of identifying Bot based on DNS query activities. Firstly, as Bots usually run automatically, detection rage is narrowed down from the point of view of DNS query. Secondly, a Bot-DNS detection model is created on differences of DNS reaction behavior between Bots and normal processes, to judge whether the suspicious process is Bot. The experimental results show that the method can detect Bots in the early stage. It is independent of protocol and structure, and has a better detection effect. |
| |
| Keywords: | Bots automatic connection DNS query activities DNS reaction activities |
| 本文献已被 万方数据 等数据库收录! |
| 点击此处可从《计算机工程与应用》浏览原始摘要信息 |
|
点击此处可从《计算机工程与应用》下载全文 |
