| 基于状态转移相似性的P2P僵尸网络检测方法 |
| |
| 引用本文: | 蒲倩妮,范明钰. 基于状态转移相似性的P2P僵尸网络检测方法[J]. 计算机安全, 2011, 0(5): 44-47 |
| |
| 作者姓名: | 蒲倩妮 范明钰 |
| |
| 作者单位: | 电子科技大学计算机科学与工程学院; |
| |
| 基金项目: | 国家高技术研究发展计划863项目(2009AA01Z435,2009AA01Z403) |
| |
| 摘 要: | 随看对等网络(P2P)的不断发展,基于P2P架构的僵尸网络(Botnet)也应运而生.在对P2P僵尸网络从案例和全局进行深入研究,分析现有检测方法的优缺点后,提出了一种根据Bot主机状态转移的相似性来进行检测的方法,使用隐马尔科夫链进行建模,采用分布式存储异常行为数据,集中数据挖掘方式提升检测的效率和准确率.
|
| 关 键 词: | 对等网络 僵尸网络 状态转移 数据挖掘 隐马尔科夫链 |
Detecting P2P Botnet based on The Similarity of State Transition |
| |
| PU Qian-ni,FAN Ming-Yu. Detecting P2P Botnet based on The Similarity of State Transition[J]. Network & Computer Security, 2011, 0(5): 44-47 |
| |
| Authors: | PU Qian-ni FAN Ming-Yu |
| |
| Affiliation: | PU Qian-ni,FAN Ming-Yu(School of Computer Science and Engineering,University of Electronic Science and Technology,Chengdu,Sichuan 611731,China) |
| |
| Abstract: | With the continuous development of P2P networks,P2P-based botnet came into being.In this paper,I studied the cases of P2P-based botnet,analysed the advantages and disadvantages of current detection methods,put forwarl a detection method which is detecting botnet according to the similarity of the compromised bot' transition of state,modeling with the hidden Markov model.Store abnormal behavior distributed,Mining data in centralized platform,in order to enhance the efficiency and accuracy of detection. |
| |
| Keywords: | PPN Botnet State Transferring DM HMM |
| 本文献已被 CNKI 维普 万方数据 等数据库收录! |
|
