| 半分布式P2P僵尸网络的伪蜜罐检测方法 |
| |
| 引用本文: | 谢静,谭良.半分布式P2P僵尸网络的伪蜜罐检测方法[J].计算机工程,2010,36(14):111-113. |
| |
| 作者姓名: | 谢静 谭良 |
| |
| 作者单位: | 1. 四川师范大学计算机学院,成都,610068
2. 四川师范大学计算机学院,成都,610068;中国科学院计算技术研究所,北京,100080 |
| |
| 基金项目: | 四川省科技厅应用基础研究基金,四川省教育厅自然科学基金,四川省教育厅计算机软件重点实验室专项基金 |
| |
| 摘 要: | 在攻击与防御的博弈中,半分布式P2P僵尸网络随着P2P的广泛应用已成为僵尸网络最主要的形式。为此,描述攻击者组建的半分布式P2P僵尸网络的构建原理和增长模型,提出蜜罐与流量分析技术相结合的“伪蜜罐”检测模型,即在主机出现网络异常时,关闭已知程序和服务,使主机向蜜罐身份靠近,并用流量分析技术检测的一种模型。实验结果表明,该检测方法能够有效地提高半分布式P2P僵尸网络的检出率。
|
| 关 键 词: | 半分布式P2P僵尸网络 伪蜜罐 流量分析 模型分析 |
Fake-honeypot Detection Method for Semi-distributed Peer-to-Peer Botnet |
| |
| XIE Jing,TAN Liang.Fake-honeypot Detection Method for Semi-distributed Peer-to-Peer Botnet[J].Computer Engineering,2010,36(14):111-113. |
| |
| Authors: | XIE Jing TAN Liang |
| |
| Affiliation: | (1. College of Computer, Sichuan Normal University, Chengdu 610068; 2. Institute of Computing Technology, Chinese Academy of Sciences, Beijing 100080) |
| |
| Abstract: | In the game of attack and defense, semi-distributed P2P botnet becomes the most dominant form of botnet as the applications of P2P are widely used. This paper describes the basic principle of how the attackers create their semi-distributed botnet and the model of its increasing, proposes the “faked honeypot” detection model, which combines honeypot and the flow analysis. When anomalies appear in host network, the programs and services are closed, the host is made to lay aboard to the honeypot, and detected by flow analysis. Experimental result shows that the method can effectively improve the detection rate of semi-distributed P2P botnet. |
| |
| Keywords: | semi-distributed P2P botnet fake-honeypot analysis of flow model analysis |
| 本文献已被 维普 万方数据 等数据库收录! |
| 点击此处可从《计算机工程》浏览原始摘要信息 |
|
点击此处可从《计算机工程》下载全文 |
|
