| 基于终端通信特征的P2P僵尸主机检测 |
| |
| 引用本文: | 陈杰,陈家琪.基于终端通信特征的P2P僵尸主机检测[J].黑龙江电子技术,2014(2):49-52,55. |
| |
| 作者姓名: | 陈杰 陈家琪 |
| |
| 作者单位: | 上海理工大学光电信息与计算机学院,上海200093 |
| |
| 基金项目: | 上海市教委科研创新基金(12zzl46) |
| |
| 摘 要: | 详细分析了P2P僵尸网络的生命周期以及网络特征,从P2P软件和P2P僵尸病毒的网络行为相异性出发,提取其特征向量,并结合三种著名的数据挖掘算法,提出一种基于终端网络行为特征的P2P僵尸主机检测模型——Bot_Founder,并论述了虚拟机环境搭建和实验结果分析.实验结果表明,该模型能高效准确地区分出正常的P2P进程与P2P僵尸进程,检测出处于潜伏阶段的僵尸主机,具有较低的漏判率.
|
| 关 键 词: | 僵尸网络 对等网络 僵尸主机 数据挖掘 |
Detection P2P bot based on the terminal network behavior characteristics |
| |
| Authors: | CHEN Jie CHEN Jia-qi |
| |
| Affiliation: | ( School of Optical-Electrical and Computer Engineering, University of Shanghai for Science and Technology, Shanghai 200093, China) |
| |
| Abstract: | The life cycle and network characteristics of P2P bot net were analyzed. Then a P2P hot detection model based on the terminal network behavior characteristics-Bot_Founder was proposed, after combined the three well-known data mining algorithm with the feature vectors which are extracted from the difference between P2P software and P2P bots in network behavior. Finally, the virtual machine network environment and the analysis of the experiment result were discussed. The result shows that the model can efficiently and accurately distinguish P2P bot process from the normal process of P2P software, detect bots in a latent stage and has a lower false negative rate. |
| |
| Keywords: | bot net P2P network bot data mining |
| 本文献已被 维普 等数据库收录! |
|
