摘要
为了快速定位局域网中存在的僵尸网络,提高网络管理效率,通过对IRC僵尸网络运行机制的深入研究,结合经典数学定义在三层交换机上抓取流量并做预处理,按照流量数据的相同元素(源地址,目的地址)划分集合并得到三个向量(IRC命令、包速率和包大小)集合,基于改进的k-means动态聚类算法,合理定义时间滑动窗口,对数据集的三个向量集合进行动态聚类分析,结合聚类结果准确定位僵尸网络,仿真结果表明,该算法能够通过图形数据方式快速定位局域网中存在IRC僵尸网络,可以为僵尸网络的检测提供依据.
In order to locate the botnets in the LAN and improve the efficiency of network management,through the research on the mechanism of the IRC botnet,this paper proposed a dynamical clustering algorithm based on the improvement of k-means.After the preprocessing of flow grasped from layer 3 switches by classical mathematical definition,according to the same element(source address,destination address),three vectors such as IRC instruction,package rate and package size were gained,these vectors based on the reasonable definition of time sliding window were analyzed.So the position of IRC botnet accurately combining with clustering results could be located.The results showed that the algorithm can locate the IRC botnets existing in the LAN quickly through the graphics data,which could provide the gist for detecting botnets.
出处
《哈尔滨商业大学学报(自然科学版)》
CAS
2011年第5期713-716,共4页
Journal of Harbin University of Commerce:Natural Sciences Edition
基金
山东省社科规划项目(09DJGZ18)
