摘要
P2P僵尸网络对Internet构成巨大的安全威胁。在基于主机的P2P流量检测和恶意行为检测的基础上,提出一个P2P僵尸网络的检测模型。构建一个基于CHORD协议由监视节点组成的结构化P2P网络,将同时具有P2P流量和恶意行为的主机信息上报监视节点。通过对P2P僵尸主机行为进行融合分析,具有相似性恶意行为的主机被认为处于一个P2P僵尸网络中。
P2P Botnet is a serious threat to Internet security.A P2P botnet detecting model is proposed based on P2P traffic detection and malicious behavior detection on the host.A structured P2P network which is composed of monitoring nodes based on Chord protocol is established,the information of the hosts which have malicious behavior and P2P traffic at the same time are reported to the monitoring nodes.The hosts which have similar maliciousact behavior belong to a P2P Botnet according to fusing and analyzing the hosts behavior of P2P Botnet.
出处
《现代电子技术》
2010年第15期132-135,共4页
Modern Electronics Technique