In order to improve the accuracy of detecting the new P2P(peer-to-peer)botnet,a novel P2P botnet detection method based on the network behavior features and Dezert-Smarandache theory is proposed.It focuses on the netw...In order to improve the accuracy of detecting the new P2P(peer-to-peer)botnet,a novel P2P botnet detection method based on the network behavior features and Dezert-Smarandache theory is proposed.It focuses on the network behavior features,which are the essential abnormal features of the P2P botnet and do not change with the network topology,the network protocol or the network attack type launched by the P2P botnet.First,the network behavior features are accurately described by the local singularity and the information entropy theory.Then,two detection results are acquired by using the Kalman filter to detect the anomalies of the above two features.Finally,the above two detection results are fused with the Dezert-Smarandache theory to obtain the final detection results.The experimental results demonstrate that the proposed method can effectively detect the new P2P botnet and that it considerably outperforms other methods at a lower degree of false negative rate and false positive rate,and the false negative rate and the false positive rate can reach 0.09 and 0.12,respectively.展开更多
the Information-Centric Networking(ICN) paradigm is proved to have the advantages of decreasing data delivery latency, enhancing user mobility, etc. However, current implementations of ICN require changing the infrast...the Information-Centric Networking(ICN) paradigm is proved to have the advantages of decreasing data delivery latency, enhancing user mobility, etc. However, current implementations of ICN require changing the infrastructure of Internet, which hinders its deployment and development. Meanwhile, Software Defined Networking(SDN) emerges as a viable solution to facilitate the deployment of new network paradigm without disrupting production traffic by decoupling the control plane from data forwarding plane. In this paper, the essential properties which reflect ICN working principles are summarized, and a framework called SDICN is designed in accordance to the SDN philosophy. The algorithmic frameworks of SDICN which can satisfy the essential properties are designed based on the programmability and virtualization functions of SDN. Based on Open Flow and data center technology, a prototype of SDICN is implemented. By comparing the performance with the CCNx, the SDICN is proved to be feasibility and availability.展开更多
基金The National High Technology Research and Development Program of China(863 Program)(No.2011AA7031024G)the National Natural Science Foundation of China(No.61133011,61373053,61472161)
文摘In order to improve the accuracy of detecting the new P2P(peer-to-peer)botnet,a novel P2P botnet detection method based on the network behavior features and Dezert-Smarandache theory is proposed.It focuses on the network behavior features,which are the essential abnormal features of the P2P botnet and do not change with the network topology,the network protocol or the network attack type launched by the P2P botnet.First,the network behavior features are accurately described by the local singularity and the information entropy theory.Then,two detection results are acquired by using the Kalman filter to detect the anomalies of the above two features.Finally,the above two detection results are fused with the Dezert-Smarandache theory to obtain the final detection results.The experimental results demonstrate that the proposed method can effectively detect the new P2P botnet and that it considerably outperforms other methods at a lower degree of false negative rate and false positive rate,and the false negative rate and the false positive rate can reach 0.09 and 0.12,respectively.
基金supported by the State Key Development Program for Basic Research of China under Grant No.2012CB315806National Natural Science Foundation of China(No.61379149,No.61402521 and No.61103225)+1 种基金Natural Science Foundation of Jiangsu(BK 20140070,BK20140068)Jiangsu Future Network Innovation Institute Research Project on Future Networks(BY2013095-1-06)
文摘the Information-Centric Networking(ICN) paradigm is proved to have the advantages of decreasing data delivery latency, enhancing user mobility, etc. However, current implementations of ICN require changing the infrastructure of Internet, which hinders its deployment and development. Meanwhile, Software Defined Networking(SDN) emerges as a viable solution to facilitate the deployment of new network paradigm without disrupting production traffic by decoupling the control plane from data forwarding plane. In this paper, the essential properties which reflect ICN working principles are summarized, and a framework called SDICN is designed in accordance to the SDN philosophy. The algorithmic frameworks of SDICN which can satisfy the essential properties are designed based on the programmability and virtualization functions of SDN. Based on Open Flow and data center technology, a prototype of SDICN is implemented. By comparing the performance with the CCNx, the SDICN is proved to be feasibility and availability.
