摘要
传统的僵尸网络大多是基于IRC协议的集中式结构,但越来越多的僵尸网络开始转向了分布式的P2P结构,针对IRC信道的检测方法已经不适用于新型的P2P僵尸网络。提出一种面向中小型局域网,根据流量统计特性和恶意攻击活动相结合的P2P僵尸网络检测方法。这种方法对采用随机端口,数据加密等新型手段的Botnets可以进行有效检测。
Traditional botnets are central structured and run on IRC protocol.Recently,however,more and more botnets have transformed into distributed P2P structure.Therefore the IRC channel detection method no longer works fine with new types of P2P botnets.The paper introduces a P2P botnet detection method oriented to medium and small LANs that combines both flux features and malicious attacking activities.The method can effectively detect botnets with new approaches like random port,data encryption and so forth.
出处
《计算机应用与软件》
CSCD
2011年第10期80-83,共4页
Computer Applications and Software
基金
教育部科技司项目(CNGI2008-092)
