摘要
僵尸网络是僵尸主机(botmaster)远程控制的受感染主机集群。传统的僵尸网络检测方法相对简单,主要来自网络数据包、结构等大量传入信息进行处理和预处理来实现的,可能存在较低的检测率,难以适应当前互联网的快速发展。针对僵尸网络检测问题,提出了一种基于时空残差特征的僵尸网络检测模型Res-1DCNN-LSTM。利用多层1DCNN和LSTM并行提取僵尸网络的空域和时序特征,然后在层与层之间引入捷径连接技术(shortcut connections)。实验结果表明,在公开数据集上,二分类和多分类的正确率可达98.89%和87.53%,在精度、召回率和F1值方面具有良好的性能。
Botnet is an infected host cluster remotely controlled by botmaster. The traditional botnet detection method is relatively simple, mainly from the processing and preprocessing of a large number of incoming information such as network packets and structures. It may have a low detection rate and is difficult to adapt to the rapid development of the current Internet. Aiming at the problem of botnet detection, a botnet detection model Res-1DCNN-LSTM based on Spatial-temporal residual features is proposed. Multi-layer 1DCNN and LSTM are used to extract the spatial and temporal characteristics of botnet in parallel, and then the shortcut connections are introduced between layers. The experimental results show that the accuracy of binary and multi-classification can reach 98.89% and 87.53% on public datasets, and it has good performance in precision, recall and F1 value.
出处
《计算机科学与应用》
2022年第4期1054-1060,共7页
Computer Science and Application
