摘要
传统僵尸网络恶意数据流跟踪方法时间维度大、数据跟踪复杂度高,其方法存在响应时间长、吞吐量偏低的问题。提出一种新的半分布式僵尸网络恶意数据流实时跟踪方法。利用数据模糊均值提取半分布式僵尸网络特征,获取僵尸网络自适应度数值。利用邻近值法划分原理,对数据预分类,得到恶意数据流所在区域。通过模式快照策略确定存储模式的时间间隔,保存恶意数据信息,并将其数据映射到空间网格单元中。利用对相关数据维度单元数量的控制,降低时间复杂度,对所得参数模式匹配,实现僵尸网络恶意数据流实时跟踪。仿真结果表明,所提方法具有较短的响应时长、较高的吞吐量,其时间复杂度较小,一直稳定在10%~20%之间,并具有良好的应用性能与前景。
Traditionally,the botnet malicious data flow tracking method has large time dimension,high data tracking complexity,long response time and low throughput.Therefore,a real-time tracking method for malicious dataflow in semi-distributed botnet was proposed.The feature of semi-distributed botnet was extracted by data fuzzy mean,and the value of adaptive degree was obtained.The grading principle of proximity method was adopted for pre-classification of data,so that the region of malicious dataflow was obtained.Then,the time interval of storage mode was determined by snapshot strategy,and malicious data information was saved.Moreover,the data were mapped into spatial grid cells.Finally,the real-time tracking of malicious dataflow in botnet was realized by controlling the number of dimension units,reducing the time complexity and matching the parameters.Simulation results show that the proposed method has shorter response time,higher throughput and less time complexity.Meanwhile,its time complexity is between 10%and 20%,so this method has good application performance and prospects.
作者
程欣宇
CHENG Xin-yu(College of Mathematics and Computer Science,Jianghan University,Wuhan Hubei 430056,China)
出处
《计算机仿真》
北大核心
2020年第3期279-283,共5页
Computer Simulation
