摘要
僵尸网络的肆虐给互联网带来了极大的威胁,使得僵尸网络检测技术成为近年来网络安全领域的热点研究课题.首先,在对已提出的检测技术进行归纳分析的基础上,概括了僵尸网络检测的基本过程,并对这些检测技术进行了分类;然后,按照僵尸网络生命周期不同阶段的分类方法,着重分析了每种检测技术的研究思路、操作流程和优缺点;接下来,总结了现有检测技术所使用的主要方法及相应算法,提出了评价指标,并对选取的代表性技术进行了比较;最后,探讨了僵尸网络检测的关键问题及今后的研究方向.
With the rapid development of botnet, the Internet has been facing the growing and disastrous threats. These threats can disable the infrastructure and cause the financial damages, which leads to a severe challenge for the global network security. In order to defense and counter the botnet, the detection is absolutely the basis. Therefore, the research on botnet detection has recently become a hot topic in the field of network security. After analyzing the proposed detection techniques, the authors present the basic process of botnet detection, and make classification for these techniques. Furthermore, according to the different stages of the life cycle of botnet, i.e., propagation, infection, communication and attack, they go into detail about main idea, detection process, merits and shortcomings of the existing techniques. Then, they summarize the approaches and the corresponding algorithms used in the detection techniques, propose the evaluation indices in the six dimensions of source, scope, real-time, accuracy, applicability and flexibility, and compare the representative techniques based on these indices. Later, they discuss the key issues of botnet detection in the fields of multi-source information collection and fusion, essential feature extraction, detection of communication and behavior, correlation analysis and detection architecture. Finally, future research trends are reviewed.
出处
《计算机研究与发展》
EI
CSCD
北大核心
2010年第12期2037-2048,共12页
Journal of Computer Research and Development
基金
国家自然科学基金项目(90604006)
国家"八六三"高技术研究发展计划基金项目(2009AA01Z432)
国家"九七三"重点基础研究发展计划基金项目(2009CB320503)
国家科技支撑计划基金项目(2008BAH37B03)
