一种基于bot优先抽样的P2P botnet在线检测技术

Bot priority sampling based P2P botnet online detection technique

下载PDF

导出

摘要僵尸网络利用高效灵活的一对多控制机制,为攻击者提供了储备、管理和使用网络攻击能力的基础架构和平台,已成为当前Internet最严重且持续增长的安全威胁之一。为满足在高速网络实时检测P2P僵尸网络的需求,提出了一种基于bot优先抽样的在线检测技术。该方法利用bot优先的分级算法和基于优先级的包抽样算法,使得检测系统能够高效利用计算资源,在整体抽样率有限条件下,优先对疑似P2P僵尸通信数据包进行抽样,并使用流信息重构技术和流簇分析技术对抽样包进行统计分析来发现P2P僵尸主机。实验结果表明,所提出的在线检测技术能够有效提高对疑似P2P僵尸网络流量亚群的包抽样率,具有良好的在线检测效率和P2P僵尸检测命中率。 Botnets pose a steady and growing threat to network security and have become one of the most significant threats to the Internet. Using highly efficient and flexible one-to-many control mechanisms, botnets provide a infrastructure of reserves, management and use of eyber attack capabilities. To meet the instant detection requirements of P2P botnets on high-speed networks, a bot priority sampling based online detection technique was presented. In order to efficiently use as many as possible the limited computing re- sources and sample packets of suspicious P2P bots, a bot priority classification algorithm and a priority- based sampling algorithm were proposed. Flow information recovering and flow cluster analyzing approa- ches were used to identify the suspicious P2P bots based on the sampled packets. The experimental evalua- tion results show that the proposed technique can increase the sampling rates packets from P2P botnets traffic subpopulations and has a good sampling efficiency and P2P bots detection hit rate.

作者李华波胡谷雨杨云赖海光

机构地区解放军理工大学指挥信息系统学院北方电子设备研究所

出处《解放军理工大学学报（自然科学版）》 EI 北大核心 2013年第2期139-144,共6页 Journal of PLA University of Science and Technology(Natural Science Edition)

基金江苏省自然科学基金资助项目(BK2011115)

关键词僵尸网络 P2P 在线检测抽样 botnet P2P online detection sampling

分类号 TP393.4 [自动化与计算机技术—计算机应用技术]

引文网络
相关文献

参考文献8

1MERRICK F. Expert: Botnets No. 1 Emerging internet threat [R/OL]. [2012-05-15]. http://www. gtise. gatech. edu/pdf/enn_botnets_01 3106. pdf, 2006.
2GU Guofei, PERDISCI R, ZHANG Junjie, et al. Bot- Miner: clustering analysis of network traffic for protocol-and structure-independent botnet detection [C]. Berkeley: Proceedings of the 17th Conference on Seeurity Symposium (SS08), 2008.
3NOH S, OH J, LEE J, et al. Detecting P2P botnets using a multi-phased flow model [C]. Washington: Proceedings of the 2009 Third International Conference on Digital Society (ICDS09), 2009.
4NAGARAJA S, MITTAL P, HONG C, et al. Bot- Grepz finding P2P bots with structured graph analysis [-C7. Berkeley: Proceedings of the 19th USENIX conference on Security, 2010.
5RAMACHANDRAN A, SEETHARAMAN S, FEAMSTER N. Fast monitoring of traffic subpopulations [C]. New York: Proceedings of the 8th ACM SIGCOMM conference on Internet measurement (IMC'08), 2008.
6ZHANG Janjie, PERDISCI R, LEE W, et al. Detecting stealthy P2P botnets using statistical traffic fingerprints [C]. Washington: Proceedings of the 2011 IEEE/IFIP 41st International Conference on Dependable Systems & Networks (DSN'11), 2011.
7PELLEG D, MOORE A W. X-means: extending K- means with efficient estimation of the number of clusters [C]. San Francisco: Proceedings of the Seven- teenth International Conference on Machine Learning (ICML'00), 2000.
8SAAD S, TRAORE I, GHORBANI A, et al. Detecting P2P botnets through network behavior analysis and machine learning [C]. Montreal: Proceedings of 9th Annual Conference on Privacy, Security and Trust (PST'11), 2011.

1王中帅,林承森.局域网的安全防卫[J].无线互联科技,2013,10(3):22-22.
2徐诚.浅论局域网安全管理[J].信息与电脑（理论版）,2010(1):7-7. 被引量：15
3局域网安全[J].计算机,2001(52):28-28.
4陈德春.局域网安全与防护[J].经济技术协作信息,2007(16):75-75.
5邱剑,刘莉丽.局域网技术与安全管理[J].信息技术,2009(5):134-136.
6王劲松,刘帆,张健.基于组特征过滤器的僵尸主机检测方法的研究[J].通信学报,2010,31(2):29-35. 被引量：11
7罗印升,李人厚,张维玺.一种基于克隆选择的聚类算法[J].控制与决策,2005,20(11):1261-1264. 被引量：7
8康健,宋元章.利用多维观测序列的KCFM混合模型检测新型P2P botnet[J].武汉大学学报（信息科学版）,2010,35(5):520-523. 被引量：3
9林文广,李雪芳.有限条件下Photoshop上机考试方案研究[J].大庆师范学院学报,2010,30(3):13-14.
10李军伟,戴紫彬,南龙梅,戴乐育,李伟.多引擎密码SoC并行处理技术研究与设计[J].计算机工程与设计,2014,35(7):2312-2316. 被引量：4

解放军理工大学学报（自然科学版）

2013年第2期

浏览历史

内容加载中请稍等...

一种基于bot优先抽样的P2P botnet在线检测技术

参考文献8

相关作者

相关机构

相关主题

浏览历史