期刊文献+
任意字段
题名或关键词
题名
关键词
文摘
作者
第一作者
机构
刊名
分类号
参考文献
作者简介
基金资助
栏目信息

基于IP分布及请求响应时间的恶意fast-flux域名检测算法 被引量:3

Malicious Fast-Flux Domains Detection Algorithm Based on IP Distribution and Request Response Time
下载PDF
导出
摘要 提出了一种基于域名对应IP分布及IP对请求响应时间波动的恶意fast-flux域名检测算法。该算法基于合法域名与fast-flux僵尸网络域名在域名解析IP的分布特性与IP对请求响应时间波动特性方面的差异,将解析IP分布特性与IP对请求响应时间的波动性作为参量生成两维特征,给出具体的特征表示。通过SVM分类器进行实验验证了该两维特征的分类效果。特征分析及实验结果表明,相比于现有的检测方法,文章算法能够更准确地检测恶意fastflux域名,虚警率、漏报率较低。 A malicious fast-flux domains detection algorithm is proposed based on IP distribution corresponding to a domain and fluctuation of request response time by IPs.Based on differences in IP distribution and fluctuation of request response time of legitimate domains and malicious fast-flux domains,the proposed algorithm uses IP distribution and fluctuation of request response time as parameters,generates two features and gives concrete representations of them; and this paper conducts the experiment with SVM classifier and validates the classifying effect.Features analysis and experimental result show that compared to the existing algorithms,the algorithm proposed by this paper can detect malicious fast-flux domains more accurately,and both false alarm rate and rate of missing report are very low.
作者 袁福祥 王琤 刘粉林 巩道福
机构地区 信息工程大学 数学工程与先进计算国家重点实验室 国家电网郑州供电公司信息通信分公司
出处 《信息工程大学学报》 2017年第5期601-606,共6页 Journal of Information Engineering University
基金 国家自然科学基金资助项目(61379151 61272489 61302159 61401512) 河南省杰出青年基金资助项目(144100510001)
关键词 fast-flux域名 IP分布 响应时间 检测 fast-flux domains IP distribution response time detection
分类号 TP301.6 [自动化与计算机技术—计算机系统结构]
  • 相关文献

参考文献3

二级参考文献73

  • 1孙彦东,李东.僵尸网络综述[J].计算机应用,2006,26(7):1628-1630. 被引量:29
  • 2Porras P, Saidi H, Yegneswaran V. A foray into Conficker's logic and rendezvous points [R/OL]. Berkeley, CA: USENIX, 2009. [2011-06-10]. http://www, usenix, org/ events/leet09/tech/full papers/porras/porras_html/.
  • 3CNCERT.中国互联网网络安全报告[EB/OL].2011.[201-06-10].http://www.cert.org.cn/UserFiles/File/2010%20first%20half.pdf.2010.
  • 4Symantec Inc. Symantec global Internet security threat report trends for 2009 volume XV [EB/OL]. 2010. E2011 06-101. http://eval, symantee, com/mktginfo/enterprise/white_ papers/b-whitepaper_internet security threat report xv 04 2010. en-us, pdf.
  • 5Holz T, Gorecki C, Rieck C, et al. Detection and mitigation of fast-flux service networks [C] //Proc of the 15th Annual Network and Distributed System Security Symposium. Berkeley, CA: USENIX, 2008.
  • 6Stone-Gross B, Cova M, Cavallaro L, et al. Your botnet is my botnet: Analysis of a botnet takeover[C] //Proc of the 16th ACM Conf on Computer and Communications Security. New York: ACM, 2009:635-647.
  • 7Cui Xiang, Fang Towards advanced Usenix Workshop Threats. Berkeley, Binxing, Yin Lihua, et al. Andbot: mobile bomets [C] //Proc of the 4th on Large-scale Exploits and Emergent CA: USENIX, 2011:No 11.
  • 8Wang P, Sparks S, Zou C C. An advanced hybrid peer-topeer botnet [C] //Proc of the 1st Conf on 1st Workshop on Hot Topics in Understanding Botnets. Berkeley, CA: USENIX, 2007: No 2.
  • 9Holz T, Steiner M, Dahl F, et al. Measurements an mitigation of peer-to peer-based botnets:A case study o storm worm [C] //Proc of the 1st USENIX Workshop o Large-scale Exploits and Emergent Threats. Berkeley, CA USENIX, 2008: No 9.
  • 10Kanich C, Levchenko K, Enright B, et al. The Heisenbot uncertainty problem: Challenges in separating bots from chaff [C] //Proc of the 1st USENIX Workshop on Large- Scale Exploits and Emergent Threats. Berkeley, CA: USENIX, 2008:1-9.

共引文献112

同被引文献20

引证文献3

二级引证文献3

信息工程大学学报
2017年 第5期

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
使用帮助 返回顶部