摘要
提出了一种基于排列熵和决策级多传感器数据融合的P2P僵尸网络检测算法。首先分别构建流量异常检测传感器和异常原因区分传感器:前者利用排列熵刻画网络流量的复杂度特征(该特征并不依赖于特定类型的P2P僵尸网络),通过利用Kalman滤波器检测该特征是否存在异常;后者利用TCP流量特征在一定程度上减弱P2P应用等网络应用程序对P2P僵尸网络检测的误差影响。最后利用D-S证据理论对上述传感器的检测结果进行决策级数据融合以获得最终的检测结果。实验表明,提出的方法可有效检测新型P2P僵尸网络。
Aiming at the problems of the existing P2P botnet detection methods,a novel P2P botnet detection algorithm based on the permutation entropy and the multi-sensor data fusion on the decision level was proposed. Firstly, it builds the abnormalities detection sensor and the reasons of abnormalities distinguishing sensor. The former sensor uses the permutation entropy to describe accurately the complexity characteristics of network traffic, which does not vary with the structure of P2P network, the P2P protocol and the attack. And the Kalman filter is used to detect the abnormalities of the complexity characteristics of network traffic. Considering that the traffic flow of Web applications is likely to af- fect the detection result, the latter sensor utilizes the features of TCP flow to solve the problem. Finally, the final result was obtained by fusing the results of two above sensors with the D-S evidence theory. The experiments show that the algorithm proposed in the paper is able to detect P2P botnet with high accuracy.
出处
《计算机科学》
CSCD
北大核心
2016年第7期141-146,共6页
Computer Science
基金
国家863高技术研究发展计划资助项目(2011AA7031024G)
国家自然科学基金资助项目(90204014)资助
