期刊文献+
任意字段
题名或关键词
题名
关键词
文摘
作者
第一作者
机构
刊名
分类号
参考文献
作者简介
基金资助
栏目信息

基于统计特征的隐匿P2P主机实时检测系统 被引量:1

Real-time detection system for stealthy P2P hosts based on statistical features
下载PDF
导出
摘要 针对当前隐匿恶意程序多转为使用分布式架构来应对检测和反制的问题,为快速精确地检测出处于隐匿阶段的对等网络(P2P)僵尸主机,最大限度地降低其危害,提出了一种基于统计特征的隐匿P2P主机实时检测系统。首先,基于3个P2P主机统计特征采用机器学习方法检测出监控网络内的所有P2P主机;然后,再基于两个P2P僵尸主机统计特征,进一步检测出P2P僵尸主机。实验结果证明,所提系统能在5 min内检测出监控网内所有隐匿的P2P僵尸主机,准确率高达到99.7%,而误报率仅为0.3%。相比现有检测方法,所提系统检测所需统计特征少,且时间窗口较小,具备实时检测的能力。 Since most malwares are designed using decentralized architecture to resist detection and countering, in order to fast and accurately detect Peer-to-Peer (P2P) bots at the stealthy stage and minimize their destructiveness, a real-time detection system for stealthy P2P bots based on statistical features was proposed. Firstly, all the P2P hosts inside a monitored network were detected using means of machine learning algorithm based on three P2P statistical features. Secondly, P2P bots were discriminated based on two P2P bots statistical features. The experimental results show that the proposed system is able to detect stealthy P2P bots with an accuracy of 99.7% and a false alarm rate below 0.3% within 5 minutes. Compared to the existing detection methods, this system requires less statistical characteristics and smaller time window, and has the ability of real-time detection.
作者 田朔玮 杨岳湘 何杰 王晓磊 江志雄
机构地区 国防科学技术大学计算机学院
出处 《计算机应用》 CSCD 北大核心 2015年第7期1892-1896,共5页 journal of Computer Applications
基金 国家自然科学基金资助项目(61170286)
关键词 对等网络 僵尸网络 统计特征 机器学习 检测系统 Peer-to-Peer (P2P) botnet statistical feature machine learning detection system
分类号 TP393.06 [自动化与计算机技术—计算机应用技术]
  • 相关文献

参考文献18

  • 1LIU L, CHEN S, YAN G, et al. Bot Tracer: execution-based bot-like malware detection [M]// ISC'08: Proceedings of the 11th International Conference on Information Security, LNCS 5222. Berlin: Springer, 2008: 97-113.
  • 2SZYMCZYK M. Detecting botnets in computer networks using multi-Agent technology [C]// DepCos-RELCOMEX'09: Proceedings of the Fourth International Conference on Dependability of Computer Systems. Piscataway: IEEE, 2009: 192-201.
  • 3STINSON E, MITCHELL J C. Characterizing bots' remote control behavior [C]// DIMVA'07: Proceedings of the 4th International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment. Berlin: Springer, 2007: 89-108.
  • 4XU K, YAO D, MA Q, et al. Detecting infection onset with behavior-based policies [C]// NSS 2011: Proceedings of the 5th International Conference on Network and System Security. Piscataway: IEEE, 2011: 57-64.
  • 5GU G, PORRAS P, YEGNESWARAN V, et al. BotHunter: detecting malware infection through IDS-driven dialog correlation [C]// SS'07: Proceedings of 16th USENIX Security Symposium on USENIX Security Symposium. Berkeley: Usenix Security. 2007: 1-16.
  • 6SINGH K, GUNTUKU S C, THAKUR A, et al. Big data analytics framework for peer-to-peer botnet detection using random forests [J]. Information Sciences, 2014, 278: 488-497.
  • 7JIANG H, SHAO X. Detecting P2P botnets by discovering flow dependency in C&C traffic [J]. Peer-to-Peer Networking and Applications, 2014, 7(4): 320-331.
  • 8SILVA S S C, SILVA R M P, PINTO R C G, et al. Botnets: a survey [J]. Computer Networks, 2013, 57(2): 378-403.
  • 9YU X, DONG X, YU G, et al. Online botnet detection based on incremental discrete Fourier transform [J]. Journal of Networks, 2010, 5(5): 568-576.
  • 10ZHANG J, PERDISCI R, LEE W, et al. Building a scalable system for stealthy P2P-botnet detection [J]. IEEE Transactions on Information Forensics and Security, 2014, 9(1): 27-38.

二级参考文献21

  • 1杜敏,陈兴蜀,谭骏.一种新的基于BPSO和KNN的P2P流量识别算法(英文)[J].China Communications,2011,8(2):52-58. 被引量:6
  • 2GOMES J V, INACIO P R M, PEREIRA M, et al. Detection and Classification of Peer-to-Peer Traffic: A Survey[J]. ACM Computing Surveys (CSUR), 2011,45(3): Article No. 30.
  • 3KARAGIANNIS 1. BROIDO A, BROWNLEE N, et 01. Is P2P Dying or Just Hiding?[C]// Proceedings of 47th Annual IEEE Global Telecommunications Conference 2004 (GLOBECOM'04): November 27-December 3, 2004. Dallas, TX, USA, 2004, 3: 1532-1538.
  • 4MOORE A W, PAPAGIANNAKI K. Toward the Accurate Identification of Network Applications[M]. Passive and Active Network Measurement. Springer Berlin Heidelberg, 2005: 41-54.
  • 5SEN S, SPATSCHECK 0, WANG Dongmei. Ac- curate, Scalable In-Network Identification of P2P Traffic Using Application Signatures[C]// Proceedings of the 13th International Conference on World Wide Web (WWW'04): May 17-22, 2004. New York, NY, USA, 2004: 512- 521.
  • 6DHAMANKAR R, KING R. Protocol Identification via Statistical Analysis (PISA)[J]. White Paper, Tipping Point, 2007.
  • 7HULLAR B, LAKI S, GYORGY A. Early Identification of Peer-to-Peer Traffic[C]/ / Proceedings of 2011 IEEE International Conference on Communications (lCC): June 5-9, 2011. Kyoto, Japan. IEEE Press, 2011: 1-6.
  • 8FINAMORE A, MELLIA M, MEO M, et 01. Kiss: Stochastic Packet Inspection Classifier for UDP Traffic[J]. IEEE/ACM Transactions on Networking, 2010, 18(5): 1505-1515.
  • 9CHEN Luying, CONG Rong, YANG Jie, et 01. P2P Streaming Traffic Classification in High-Speed Networks[J]. China Communications, 2011. 8(5): 70-78.
  • 10MOORE A, ZUEV D, CROGAN M. Discriminators for Use in Flow-Based Classification[M]. Queen Mary and Westfield College, 2005.

共引文献1

同被引文献9

引证文献1

二级引证文献1

计算机应用
2015年 第7期

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
使用帮助 返回顶部