基于数据挖掘策略的P2P僵尸网络检测方法研究
    点此下载全文
引用本文:王宇科,王子荣,胡浩.基于数据挖掘策略的P2P僵尸网络检测方法研究[J].计算技术与自动化,2012,(2):133-137
摘要点击次数: 1464
全文下载次数: 115
作者单位
王宇科,王子荣,胡浩 (湖南大学 网络信息中心湖南 长沙410082) 
中文摘要:僵尸网络由一群被病毒感染的计算机组成,它严重的威胁着Internet的安全。其原理是黑客把病毒植入到目标计算机,然后黑客通过Internet控制这些计算机来实施DDoS攻击、盗取认证信息、分发垃圾邮件和其他恶意行为。通过仿P2P软件,P2P僵尸网络用多个主控制器来避免单点丢失(single point of failure),并且使用加密技术使得各种各样的misuse detection技术失效。与正常网络行为不同的是,P2P僵尸网络建立了大量不占用带宽的会话,这就使它不会暴露在异常检测技术下。本文采用P2P僵尸网络不同于正常网络行为的特征作为数据挖掘的参数,然后对这些参数进行聚类并加以区分来获得可接受精度范围内可信任的结果。为了证明该方法在发现僵尸网络主机上的有效性,我们在实际的网络环境中进行了验证测试。
中文关键词:僵尸网络  数据挖掘  P2P
 
Research of P2P Botnet Detection Based on Data Mining Scheme
Abstract:Botnet was composed of the virus-infected computers severely threaten the security of Internet. Its principle is that hackers implanted virus in targeted computers, which were then commanded and controlled by them via the Internet to operate distributed denial of services(DDoS), steal confidential information, distribute junk mails and other malicious acts. By imitating P2P software, P2P botnet used multiple main controller to avoid single point of failure, and failed various misuse detecting technologies together with encryption technologies. Differentiating from the normal network behavior, P2P botnet sets up numerous sessions without consuming bandwidth substantially, causing itself exposed to the anomaly detection technology. Crucially, the research applied the original dissimilarity of P2P botnet differing from normal Internet behaviors as parameters of data mining, which were then clustered and distinguished to obtain reliable results with acceptable accuracy.
keywords:botnet  data mining  P2P
查看全文   查看/发表评论   下载pdf阅读器