期刊文献+
任意字段
题名或关键词
题名
关键词
文摘
作者
第一作者
机构
刊名
分类号
参考文献
作者简介
基金资助
栏目信息

基于心跳行为分析的木马快速检测方法 被引量:4

Trojan Rapid Detection Method Based on Heartbeat Behavior Analysis
下载PDF
导出
摘要 基于通信行为分析的木马检测算法的计算复杂度较高。为此,提出一种基于心跳行为分析的木马快速检测方法,通过对木马通信中心跳行为的描述,选取2个会话特征对木马通信流与正常通信流进行分类,基于该方法设计一个木马快速检测系统TRDS。实验结果表明,TRDS能够在百兆线速网络中快速有效地检测出木马通信。 Trojan detection algorithm based on behavior analysis of communication has high computational complexity. Addressing the problem, this paper proposes a Trojan rapid detection based on heartbeat behavior analysis. The method selects two session attributes to describe the difference between Trojan communication flow and normal communication flow on the basis of description of heartbeat behavior in the Trojan communication large numbers of analysis on Trojan samples. And then Trojan Rapid Detection System(TRDS) is built based on the method. Experimental results show that TRDS can detect the Trojan communication in the 100 Mbit/s network rapidly and efficiently.
作者 孟磊 刘胜利 刘龙 陈嘉勇 孙海涛
机构地区 解放军信息工程大学信息工程学院
出处 《计算机工程》 CAS CSCD 2012年第14期13-16,20,共5页 Computer Engineering
基金 郑州市科技创新团队基金资助项目(10CXTD150)
关键词 木马检测 会话特征 通信流分析 行为分析 心跳行为 快速检测 Trojan detection session feature communication flow analysis behavior analysis heartbeat behavior rapid detection
分类号 TP393.08 [自动化与计算机技术—计算机应用技术]
  • 相关文献

参考文献4

  • 1Zhang Like, White G B. An Approach to Detect Executable Content tbr Anomaly Based Network Intrusion Detection[C]//Proc. of Parallel and Distributed Processing Symposium. Long Beach, USA: [s. n.], 2007: 1-8.
  • 2Dusi M. Tunnel Hunter: Detecting Application-layer Tunnels with Statistical Fingerprinting[J]. Computer Networks, 2009, 53(1): 81-97.
  • 3Liu Ting, Guan Xiaohong, Zheng Qinghua, et al. Prototype Demonstration: Trojan Detection and Defense System[C]//Proc. of the 6th IEEE Cont~rence on Consumer Communications and Networking Conference. Piscataway, USA: [s. n.], 2009: 64-65.
  • 4孙海涛,刘胜利,陈嘉勇,孟磊.基于操作行为的隧道木马检测方法[J].计算机工程,2011,37(20):123-126. 被引量:10

二级参考文献5

  • 1Castro S. Covert Channel and Tunneling over the HTTP Protocol Detection[EB/OL]. (2010-11-02). http://gray-world.net/projects/ papers/html/ cctde.html.
  • 2Allix P. Covert Channels Analysis in TCP/IP Networks[EB/OL]. (2010-11-23). http://gray-world.net/papers/ALLIX_Covert_Cha- nnels_analysis_in_TPC_IP_networks.pdf.
  • 3Rowland C H. Covert Channels in the TCP/IP Protocol Suite[J]. First Monday, 1997, 2(5): 1-8.
  • 4Pack D, Willian S, Seth W, et a1. Detecting HTTP Tunneling Activities[C]//Proc. of the 3rd Annual Information Assurance Workshop. New York, USA: IEEE Press, 2002.
  • 5郑洪英,侯梅菊,王渝.入侵检测中的快速特征选择方法[J].计算机工程,2010,36(6):262-264. 被引量:23

共引文献9

同被引文献37

  • 1易军凯,刘健民,万静.一种基于网络行为分析的HTTP木马检测模型[J].北京化工大学学报(自然科学版),2014,41(3):114-118. 被引量:3
  • 2李世淙,云晓春,张永铮.一种基于分层聚类方法的木马通信行为检测模型[J].计算机研究与发展,2012,49(S2):9-16. 被引量:12
  • 3张波云,殷建平,唐文胜,蒿敬波.基于模糊模式识别的未知病毒检测[J].计算机应用,2005,25(9):2050-2053. 被引量:7
  • 4张波云,殷建平,唐文胜.一种未知病毒智能检测系统的研究与实现[J].计算机工程与设计,2006,27(11):1936-1938. 被引量:4
  • 5国家互联网应急中心.CNCERT互联网安全威胁报告[EB/OL].http://www.cert.org.cn/publish/main/upload/File/2014monthlyl2.pdf, 2014-12.
  • 6Kolter J z, Maloof M A. Learning to detect and classify malicious executables in the wild[J]. The Journal of Machine Learning Research, 2006,( 7): 2721-2744.
  • 7Gao D, Reiter M K, Song D. Binhunt: Automatically finding semantic differences in binary programs[M]. Heidelberg: Springer Berlin, 2008.
  • 8Chen Q Z, Cheng 1K, Gu YJ. Classification algorithms of Trojan horse detection based on behavior[C] International Conference on IEEE, 2009, (2): 510-513.
  • 9liu Yu feng, Zhang Li-wei, Liang Jian, et al. Detecting trojan horses based on system behavior using machine learning method[C]// Proceedings of the Ninth International Conference on Machine Learning and Cybernetics, Qingdao, 2010,(7):11-14.
  • 10Bayer U, Comparetti P M, Hlauschek C, et al. Scalable, Behavior- Based Malware Clustering[C]//NDSS. 2009, (9): 8-11.

引证文献4

二级引证文献18

计算机工程
2012年 第14期

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
使用帮助 返回顶部