| 僵尸网络关系云模型分析算法 |
| |
| 引用本文: | 臧天宁, 云晓春, 张永铮, 门朝光. 僵尸网络关系云模型分析算法[J]. 武汉大学学报 ( 信息科学版), 2012, 37(2): 247-251. |
| |
| 作者姓名: | 臧天宁 云晓春 张永铮 门朝光 |
| |
| 作者单位: | 1中国科学院信息工程研究所,北京市海淀区闵庄路27号100097;2哈尔滨工程大学计算机科学与技术学院,哈尔滨市南通大街145号150001;3信息内容安全技术国家工程实验室,北京市海淀区闵庄路27号100097 |
| |
| 基金项目: | 国家自然科学基金资助项目,国家863计划资助项目 |
| |
| 摘 要: | 通过分析僵尸网络内部的通信行为,提取了相同僵尸网络的通信特征,利用这些特征定义了僵尸网络之间关系的云模型,并设计了基于云模型的僵尸网络关系分析算法。通过典型僵尸程序样本的评测结果表明,即使对采用加密通信和无固定通信时间间隔的僵尸程序,该算法仍然能够有效地识别出这些僵尸网络之间的关系。通过与相关研究工作的对比表明,该算法在分析的准确度、僵尸网络的类型和加密通信等方面均优于相关研究成果。
|
| 关 键 词: | 僵尸网络 云模型 迁移 相似度 |
| 收稿时间: | 2011-12-15 |
A Botnet Relationship Analyzer Based on Cloud Model |
| |
| ZANG Tianning, YUN Xiaochun, ZHANG Yongzheng, MEN Chaoguang. A Botnet Relationship Analyzer Based on Cloud Model[J]. Geomatics and Information Science of Wuhan University, 2012, 37(2): 247-251. |
| |
| Authors: | ZANG Tianning YUN Xiaochun ZHANG Yongzheng MEN Chaoguang |
| |
| Affiliation: | 1 Institute of Information Engineering,Chinese Academy of Sciences,27 Minzhuang Road,Haidian District, Beijing 100097,China;2 College of Computer Science and Technology,Harbin Engineering University,145 Nantong Street,Harbin 150001,China;3 National Engineering Laboratory for Information Security Technologie,27 Minzhuang Road,Haidian District, Beijing 100097,China |
| |
| Abstract: | An approach for analyzing the relationship among botnets was presented.Several botnet communication characteristics were extracted,including the amount of data flows within a botnet,the number of packets per data flow,the payload of communication and data packets in the master hosts.Statistical similarity functions of botnet characteristics were defined.Based on the cloud model and the defined statistical similarity functions,the analysis model of botnet relationship was build,and the similarities of botnet characteristics were synthetically evaluated.The analysis experiments were conducted based on a simulation network environment.The experimental results show that the presented method was valid and efficient,even in the case of encrypted botnet communication messages.The result is better than the research production in the report on the interrelated research achievements. |
| |
| Keywords: | botnet cloud model migration similarity |
| 本文献已被 CNKI 万方数据 等数据库收录! |
| 点击此处可从《武汉大学学报(信息科学版)》浏览原始摘要信息 |
|
点击此处可从《武汉大学学报(信息科学版)》下载全文 |
|
