摘要
传统指纹识别方法在检测新型未知木马时漏报率较高。为此,提出基于时序分析的无指纹木马控制行为识别方法。该方法先对数据流进行时序分簇处理,再计算分簇数据的加权欧氏距离,通过分簇数据的时序关系来识别木马控制行为。实验表明,该方法无需特征指纹库,且检测准确率高,占用资源少,能实现实时检测和处理。
Traditional detection approach based on fingerprint has a higher rate of false negatives. To this end, this paper put forward a detection approach of Trojans control behavior based on timing analysis of network sessions. Firstly, it calculats the weighted Euclidean distance between clustering dataflow, then the Trojans control behavior can be detected by ti-ming relationships of clustering data. Experiments show that the approach did not need fingerprint database, and can achieve higher correct detection rate,less constimption of resource real-time detection and processing.
出处
《计算机科学》
CSCD
北大核心
2013年第06A期337-339,共3页
Computer Science
基金
国家自然科学基金项目(90818021
60973105)资助
关键词
时序分析
分簇
木马控制
行为识别
入侵检测
Timing analysis,Clustering,Trojan control,Behavior recognition,Intrusion detection