计算机工程

• 安全技术 • 上一篇    下一篇

基于网络流量的僵尸网络动态检测模型

成淑萍1,谭 良2,3   

  1. (1. 四川文理学院计算机学院,四川达州635001; 2. 四川师范大学计算机学院,成都610068;3. 中国科学院计算技术研究所,北京100190)
  • 收稿日期:2013-09-12 出版日期:2014-11-15 发布日期:2014-11-13
  • 作者简介:成淑萍(1988 - ),女,助教、硕士,主研方向:网络安全;谭 良,教授、博士。

Dynamic Detection Model in Botnet Based on Network Traffic

CHENG Shuping 1,TAN Liang 2,3   

  1. (1. College of Computer,Sichuan University of Arts and Science,Dazhou 635001,China;2. College of Computer,Sichuan Normal University,Chengdu 610068,China;3. Institute of Computing Technology,Chinese Academy of Sciences,Beijing 100190,China)
  • Received:2013-09-12 Online:2014-11-15 Published:2014-11-13

摘要: 针对利用先验知识不能检测新型或变异僵尸网络(Botnet)的现状,提出一种基于网络流量的Botnet 动态 检测模型。通过聚类分析通信流量并完成关联分析,以鉴定bot 之间的类似通信和恶意行为模式。该模型具有特 征库更新和检测模型生成的动态性,并且可以处理来自不同僵尸网络的数据,其检测体系结构与协议和Botnet 的 先验知识无关。实验结果验证了该模型的有效性和准确性。

关键词: 网络安全, 僵尸网络, 恶意代码, 网络流量, 动态检测

Abstract: For the status quo that the Botnet detection of a priori knowledge to get the matching and protocol-related are unable to be suitable for new or mutated Botnet detection,this paper proposes a dynamic Botnet detection model based on network traffic. By using clustering,it analyzes traffic and completes the correlation analysis to identify similar between bot communication and malicious behavior patterns. The test architecture has nothing to do with the agreement and Botnet prior knowledge. The model has three dynamic characteristics,such as the characteristics of library updated,detection model generation,and handling the network traffic from the dynamic Botnet. Finally,the effectiveness and the accuracy are verified by the experimental data.

Key words: network security, Botnet, malicious code, network flow, dynamic detection

中图分类号: