| 基于行为相似性的P2P僵尸网络检测模型 |
| |
| 引用本文: | 李翔,胡华平,刘波,陈新. 基于行为相似性的P2P僵尸网络检测模型[J]. 现代电子技术, 2010, 33(15): 132-135 |
| |
| 作者姓名: | 李翔 胡华平 刘波 陈新 |
| |
| 作者单位: | 1. 国防科学技术大学,计算机学院,湖南,长沙,410073
2. 国防科学技术大学,计算机学院,湖南,长沙,410073;61070部队,福建,福州,350003 |
| |
| 摘 要: | P2P僵尸网络对Internet构成巨大的安全威胁。在基于主机的P2P流量检测和恶意行为检测的基础上,提出一个P2P僵尸网络的检测模型。构建一个基于CHORD协议由监视节点组成的结构化P2P网络,将同时具有P2P流量和恶意行为的主机信息上报监视节点。通过对P2P僵尸主机行为进行融合分析,具有相似性恶意行为的主机被认为处于一个P2P僵尸网络中。
|
| 关 键 词: | P2P 僵尸网络 网络安全 CHORD协议 |
P2P Botnet Detecting Model Based on Behavior Similarity |
| |
| LI Xiang,HU Hua-ping,LIU Bo,CHEN Xin. P2P Botnet Detecting Model Based on Behavior Similarity[J]. Modern Electronic Technique, 2010, 33(15): 132-135 |
| |
| Authors: | LI Xiang HU Hua-ping LIU Bo CHEN Xin |
| |
| Affiliation: | 1.College of Computer,National University of Defense Technology,Changsha 410073,China;2.Unit 61070 of PLA,Fuzhou 350003,China) |
| |
| Abstract: | P2P Botnet is a serious threat to Internet security.A P2P botnet detecting model is proposed based on P2P traffic detection and malicious behavior detection on the host.A structured P2P network which is composed of monitoring nodes based on Chord protocol is established,the information of the hosts which have malicious behavior and P2P traffic at the same time are reported to the monitoring nodes.The hosts which have similar maliciousact behavior belong to a P2P Botnet according to fusing and analyzing the hosts behavior of P2P Botnet. |
| |
| Keywords: | P2P |
| 本文献已被 维普 万方数据 等数据库收录! |
|
