摘要
近些年出现的采用Fast—flux技术的僵尸网络,给网络安全带来了极大的威胁。因此,有效检测Fast—flux僵尸网络就成为网络安全研究者关注的热点问题。目前的检测方法都存在误报率较高的问题。针对这个不足,通过对Fast—flux僵尸网络数据进行分析,选取Fast—flux僵尸网络的六个典型特征,提出了基于SVM的Fast—flux僵尸网络的检测方法。实验表明,基于SVM的Fast—flux僵尸网络检测方法明显地降低误报率。
In recent years, a new type ofbotnet, using fast-flux technology, brings great challenges to network security. So how to detect fast-flux botnet effectively has become a hot topic for network security researchers. The detection methods nowadays have the common shortage of high false alarming rate. In this paper, six common features of fast-flux hornet are selected by a long time of observation and a fast-flux hornet detection method based on SVM is proposed. Experiment shows that fast-flux botnet detection method based on SVM reduces the false-alarming rate significantly.
作者
康乐
李东
余翔湛
KANG Le, LI Dong, YU Xiangzhan (School of Computer Science & Technology, Harbin Institute of Technology, Harbin 150001, China)
出处
《智能计算机与应用》
2011年第1X期24-27,共4页
Intelligent Computer and Applications
基金
基金项目:973项目(2007CB311101),863项目(2010AA012504),自然科学基金(60903166).
