期刊文献+
任意字段
题名或关键词
题名
关键词
文摘
作者
第一作者
机构
刊名
分类号
参考文献
作者简介
基金资助
栏目信息

一种基于网络行为分析的HTTP木马检测模型 被引量:3

A model of an HTTP-based Trojan detection based on network behavior analysis
原文传递
导出
摘要 基于HTTP协议进行网络通信的木马能够躲避部分网络安全监控系统的检测,是互联网安全的一个重大威胁。通过对该类木马样本和普通程序样本网络行为的对比分析,得到该类木马的6个网络行为特征,综合利用层级聚类、Davies-Bouldin指数和k-means聚类方法提出了一种木马检测模型,实现了HTTP木马检测。结果表明,该HTTP木马检测模型准确率较高,误报率较低。 HTTP-based Trojans which can avoid detection by a network security monitoring system are a major threat to internet security. In this paper we obtain six characteristics that can represent the network behavior of such Trojans through analyzing and comparing the network behavior of HTTP-based Trojan and normal program samples. We propose a model for Trojan detection that utilizes a single-linkage hierarchical clustering algorithm,the Davies-Bouldin index and a k-means clustering algorithm. The results show that the model of Trojan detection is suitable for detecting Trojans with high accuracy and low false positive ratios.
作者 易军凯 刘健民 万静
机构地区 北京化工大学信息科学与技术学院
出处 《北京化工大学学报(自然科学版)》 CAS CSCD 北大核心 2014年第3期114-118,共5页 Journal of Beijing University of Chemical Technology(Natural Science Edition)
基金 中央高校基本科研业务费(zz1311)
关键词 木马检测 网络行为 HTTP Trojan detection network behavior HTTP
分类号 TP393.08 [自动化与计算机技术—计算机应用技术]
  • 相关文献

参考文献4

二级参考文献11

  • 1李洁,高新波,焦李成.基于特征加权的模糊聚类新算法[J].电子学报,2006,34(1):89-92. 被引量:114
  • 2Castro S. Covert Channel and Tunneling over the HTTP Protocol Detection[EB/OL]. (2010-11-02). http://gray-world.net/projects/ papers/html/ cctde.html.
  • 3Allix P. Covert Channels Analysis in TCP/IP Networks[EB/OL]. (2010-11-23). http://gray-world.net/papers/ALLIX_Covert_Cha- nnels_analysis_in_TPC_IP_networks.pdf.
  • 4Rowland C H. Covert Channels in the TCP/IP Protocol Suite[J]. First Monday, 1997, 2(5): 1-8.
  • 5Pack D, Willian S, Seth W, et a1. Detecting HTTP Tunneling Activities[C]//Proc. of the 3rd Annual Information Assurance Workshop. New York, USA: IEEE Press, 2002.
  • 6Li Feifei, Yu Xiangzhan, Wu Gang. Design and Implementation of High Availability Distributed System Based on Multi-level Heart- beat Protocol[C] //Proc. of the International Conference on Control, Automation and Systems Engineering. [S. l.] : IEEE Press, 2009: 83-87.
  • 7Zhao Haijun, Ma Yan, Huang Xiaohong, et al. Forecasting Heart- beat Delay for Failure Detection over Internet Using Nonlinear System[C] //Proc. of the World Congress on Computer Science and Information Engineering. [S. l.] : IEEE Press, 2009: 589-593.
  • 8Hou Zonghao, Huang Yongxiang, Zheng Shouqi, et al. Design and Implementation of Heartbeat in Multi-machine Environment[C] // Proc. of the 17th International Conference on Advanced Infor- mation Networking and Applications. Xi’an, China: [s. n.] , 2003: 583-586.
  • 9Babaoglu P O, Binci T, Jelasity P M, et al. Firefly-inspired Heart- beat Synchronization in Overlay Networks[C] //Proc. of the 1st International Conference on Self-adaptive and Self-organizing Systems. [S. l.] : IEEE Press, 2009: 77-86.
  • 10Li Huaming, Tan Jindong. Heartbeat-driven Medium-access Control for Body Sensor Networks[J]. IEEE Transactions on Information Technology in Biomedicine, 2010, 14(1): 44-51.

共引文献1083

同被引文献19

引证文献3

二级引证文献4

北京化工大学学报(自然科学版)
2014年 第3期

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
使用帮助 返回顶部