摘要
针对目前大部分僵尸网络检测技术只是对活动的僵尸计算机进行检测,而很少考虑潜伏的僵尸计算机检测问题,提出一种基于关联规则挖掘的集中式僵尸网络检测技术.根据集中式僵尸网络必定存在一台命令&控制服务器,且所有僵尸计算机都会连线到命令&控制服务器的特性,利用一台已被检测出的僵尸计算机,以关联规则挖掘技术分析彼此之间网络连线的关联性,扩展挖掘出网络中其他尚处于潜伏期的僵尸计算机.实验证明,本方法能够有效地检测出隐藏的僵尸计算机.
Aimed at the problem that most of the botnet detection technique is used only to detect active botnet computers and the detection of hidden ones is seldom taken into account, centralized botnet detec- tion technique is proposed based on association-rule mining approach. According to the fact that a set of command-control server exist necessarily in the centralized botnet and all botnet computers will be con- nected with it, a set of detected out botnet computer will be used to analyze the associativity of their con- nections with each other by using the association-rule mining technique. Experiment proves that present method can be effectively used to detect out the hidden botnet computers.
出处
《兰州理工大学学报》
CAS
北大核心
2016年第6期109-113,共5页
Journal of Lanzhou University of Technology
基金
2014年广东省教育教学成果奖(高等教育)培育项目(1182)
关键词
数据挖掘
关联规则
僵尸网络
网络安全
data mining
association-rule mining
botnet
network security