In this paper, we to detect encrypted botnet propose a novel method traffic. During the traffic preprocessing stage, the proposed payload extraction method can identify a large amount of encrypted applications traffic...In this paper, we to detect encrypted botnet propose a novel method traffic. During the traffic preprocessing stage, the proposed payload extraction method can identify a large amount of encrypted applications traffic. It can filter out a large amount of non-malicious traffic, greatly in, roving the detection efficiency. A Sequential Probability Ratio Test (SPRT)-based method can find spatialtemporal correlations in suspicious botnet traffic and make an accurate judgment. Experimental resuks show that the false positive and false nega- tive rates can be controlled within a certain range.展开更多
Detecting traffic anomalies is essential for diagnosing attacks. HighSp eed Backbone Net works (HSBN) require Traffic Anomaly Detection Systems (TADS) which are accurate (high detec tion and low false positive ra...Detecting traffic anomalies is essential for diagnosing attacks. HighSp eed Backbone Net works (HSBN) require Traffic Anomaly Detection Systems (TADS) which are accurate (high detec tion and low false positive rates) and efficient. The proposed approach utilizes entropy as traffic distributions metric over some traffic dimensions. An efficient algorithm, having low computational and space complexity, is used to estimate entro py. Entropy values over all dimensions are展开更多
基金supported by the National Basic Research Program of China(973 Program)under Grant No.2011CB302903the Priority Academic Program Development of Jiangsu Higher Education Institutions under Grant No.YX002001
文摘In this paper, we to detect encrypted botnet propose a novel method traffic. During the traffic preprocessing stage, the proposed payload extraction method can identify a large amount of encrypted applications traffic. It can filter out a large amount of non-malicious traffic, greatly in, roving the detection efficiency. A Sequential Probability Ratio Test (SPRT)-based method can find spatialtemporal correlations in suspicious botnet traffic and make an accurate judgment. Experimental resuks show that the false positive and false nega- tive rates can be controlled within a certain range.
基金supported by the National High-Tech Research and Development Plan of China under Grant No.2011AA010702
文摘Detecting traffic anomalies is essential for diagnosing attacks. HighSp eed Backbone Net works (HSBN) require Traffic Anomaly Detection Systems (TADS) which are accurate (high detec tion and low false positive rates) and efficient. The proposed approach utilizes entropy as traffic distributions metric over some traffic dimensions. An efficient algorithm, having low computational and space complexity, is used to estimate entro py. Entropy values over all dimensions are
