期刊文献+
任意字段
题名或关键词
题名
关键词
文摘
作者
第一作者
机构
刊名
分类号
参考文献
作者简介
基金资助
栏目信息

基于改进神经网络算法的木马控制域名检测方法 被引量:6

Detection Method of Trojan's Control Domain Based on Improved Neural Network Algorithm
下载PDF
导出
摘要 首先对木马利用域名进行回连控制的特点进行了分析,对采用DNS进行网络木马检测的方法进行了概述,接着基于对木马域名的静态、动态特征的分析,提取了域名使用时间、访问域名周期性、IP地址变化速度、IP地址所属国变更、IP地址为私有地址、同域名多IP地址分属不同国家、TTL值、域名搜索量8个指标作为BP神经网络算法的输入,并提出了一种改进BP神经网络算法来解决大量DNS域名训练效率、平均误差值大的问题;最后用改进的神经网络算法对样本进行了实验评估测试,结果显示改进算法和传统算法的检出率相当,但检测效率大为提高。 Firstly, the character that the Trojans use domain name to control was analyzed and the method that DNS adopted to detect Trojans was introduced. Secondly, based on the analysis of static and dynamic characters for Trojan domain name, eight indicators were obtained as the input of BP neural network algorithm, including operation time of domain name, the period to visit the domain name, the variation speed of IP address, the country change of IP address, IP address of private address, the same domain name with multiple IP address for different countries, TTL value and search times of domain name. An improved BP neural network algorithm was proposed to solve training efficiency for a great number of domain names, and large average error. Finally, the experimental evaluation of samples was tested by improved neural network algorithm. Compared with traditional neural network algorithm, the detection efficiency is better.
作者 刘爱江 黄长慧 胡光俊
机构地区 公安部科技信息化局 公安部第一研究所
出处 《电信科学》 北大核心 2014年第7期39-42,共4页 Telecommunications Science
关键词 木马病毒 域名 神经网络 Trojan, domain name, neural network
分类号 TP183 [自动化与计算机技术—控制理论与控制工程]
  • 相关文献

同被引文献48

  • 1王欢,章翔凌.基于“白名单”技术思路构建应用安全容器[J].保密科学技术,2012(10):18-22. 被引量:2
  • 2ROSSOW C, DIETRICH C, BOS H. Detection of intrusions and malware, and vulnerability assessment[M]. Berlin: Springer, 2013.
  • 3MAHMOUD M, NIR M, MATRAWY A. A survey on botnet architec-tures, detection and defences[J]. International Journal of Network Se-curity, 2015, 17(3): 272-289.
  • 4PU Y, CHEN X, CUI X, et al. Data stolen trojan detection based on network behaviors[J]. Procedia Computer Science, 2013, 17: 828-835.
  • 5NIRMAL K, JANET B, KUMAR R. Phishing-the threat that still exists[C]//International Conference on Computing and Communica-tions Technologies(ICCCT). IEEE, 2015: 139-143.
  • 6CHEN C M, CHENG S T, CHOU J H. Detection of fast-flux domains[J]. Journal of Advances in Computer Networks, 2013, 1(2): 148-152.
  • 7VANIA J, MENIYA A, JETHVA H B. A review on botnet and detec-tion technique[J]. International Journal of Computer Trends and Tech-nology, 2013, 4(1): 23-29.
  • 8KHATTAK S, RAMAY N R, KHAN K R, et al. A taxonomy of botnet behavior, detection and defense[J]. Communications Surveys & Tuto-rials, IEEE, 2014, 16(2): 898-924.
  • 9GARCíA S, UHLí? V, REHAK M. Identifying and modeling botnet C&C behaviors[C]//The 1st International Workshop on Agents and Cyber Security. ACM, 2014.
  • 10YADAV S, REDDY A K K, REDDY A L, et al. Detecting algorithmi-cally generated malicious domain names[C]//The 10th ACM SIG-COMM Conference on Internet Measurement. Melbourne, Australia, 2010: 48-61.

引证文献6

二级引证文献50

电信科学
2014年 第7期

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
使用帮助 返回顶部