| 僵尸网络在线检测技术研究 |
| |
| 引用本文: | 于晓聪, 董晓梅, 于戈, 秦玉海. 僵尸网络在线检测技术研究[J]. 武汉大学学报 ( 信息科学版), 2010, 35(5): 578-581. |
| |
| 作者姓名: | 于晓聪 董晓梅 于戈 秦玉海 |
| |
| 作者单位: | 1东北大学信息科学与工程学院,沈阳市和平区文化路三号巷11号110004;2中国刑事警察学院计算机犯罪侦查系,沈阳市皇姑区塔湾街83号,110035;3中国刑事警察学院计算机犯罪侦查系,沈阳市皇姑区塔湾街83号110035 |
| |
| 基金项目: | 国家自然科学基金资助项目(60873199); 国家973计划子项目资助项目(2006CB303000) |
| |
| 摘 要: | 僵尸网络为平台的攻击发展迅速,当前大多数的检测方法是通过分析历史网络流量信息来发现特定协议的僵尸网络,难以满足实时需要,且不能通用。针对这种情况,提出了一种独立于控制协议与结构的僵尸网络在线检测技术,能够从网络流量数据中快速检测出可疑僵尸主机。模拟实验结果表明,该技术能够高效地实现僵尸网络在线检测。
|
| 关 键 词: | 僵尸网络 在线检测 增量式分类 动态聚类 |
| 收稿时间: | 2010-03-15 |
| 修稿时间: | 2013-07-09 |
Online Botnet Detection Techniques |
| |
| YU Xiaocong, DONG Xiaomei, YU Ge, QIN Yuhai. Online Botnet Detection Techniques[J]. Geomatics and Information Science of Wuhan University, 2010, 35(5): 578-581. |
| |
| Authors: | YU Xiaocong DONG Xiaomei YU Ge QIN Yuhai |
| |
| Affiliation: | 1School of Information Science and Engineering,Northeastern University,11 Wenhua Road,Shenyang 110004,China;2Department of Computer Crime Detection,China Criminal Police College,83 Tawan Street,Shenyang 110035,China |
| |
| Abstract: | Botnet-based attacking is becoming one of the most serious threats on the Internet.Lots of approaches have been proposed to detect the presence of botnet.However,most of them just focus on offline detection methods by tracking the historical network traffic,which is not suitable for real-time and general detection.In this paper,we propose a new technique that can detect the botnet activities in an online fashion,which is also independent of the botnet structure.The experimental evaluations show that this ap... |
| |
| Keywords: | botnet online detection incremental classification dynamical clustering |
| 本文献已被 CNKI 等数据库收录! |
| 点击此处可从《武汉大学学报(信息科学版)》浏览原始摘要信息 |
|
点击此处可从《武汉大学学报(信息科学版)》下载全文 |
|
