摘要
针对僵尸网络难以有效检测的问题,构建了一种基于Light GBM的僵尸网络检测模型。首先,构建了一种基于流的多变量网络流特征,该特征能够全面反映网络流量性质,并编写Zeek插件实现了高速流量下的流特征数据采集。接着,基于Light GBM构建僵尸网络检测模型,该模型的检测准确率为99.986%。最后,将该模型与基于随机森林和半监督算法的检测模型进行比较;结果表明该模型检测准确率更高,能够有效检测僵尸网络。
To solve the problem that Botnet is difficult to detect effectively,the Botnet detection model based on Light GBM is constructed.First,the multivariate network flow characteristics of flow is constructed,so that the features are able to fully reflect the nature of network traffic,and the Zeek plug-in is programmed to implement characteristics of the high-speed flow.Then,the Botnet detection model is built based on Light GBM,the accuracy of the model is 99.986%.Fi-nally,the model is compared with the detection model based on random forest and semi-super-vised algorithm.The results show that this model has higher detection accuracy and can effective-ly detect Botnet.
作者
裴兰珍
林明亮
罗赟骞
许冰
PEI Lanzhen;LIN Mingliang;LUO Yunqian;XU Bing(School of Air and Missile Defense,Air Force Engineering University,Xi爷an 710051,China;Unit 93221 of PLA,Beijing 100085,China;China Hainan Sub Center,National Computer Network Emergency Response Technology Coordination Center,Haikou 570206,China;CEC Great Wall Internet Security Technology Research Institute(Beijing)co.LTD,Beijing 100097,China)
出处
《电子信息对抗技术》
2020年第5期79-84,共6页
Electronic Information Warfare Technology
