僵尸网络关系云模型分析算法

臧天宁, 云晓春, 张永铮, 门朝光

臧天宁, 云晓春, 张永铮, 门朝光. 僵尸网络关系云模型分析算法[J]. 武汉大学学报 ( 信息科学版), 2012, 37(2): 247-251.
引用本文: 臧天宁, 云晓春, 张永铮, 门朝光. 僵尸网络关系云模型分析算法[J]. 武汉大学学报 ( 信息科学版), 2012, 37(2): 247-251.
shu
ZANG Tianning, YUN Xiaochun, ZHANG Yongzheng, MEN Chaoguang. A Botnet Relationship Analyzer Based on Cloud Model[J]. Geomatics and Information Science of Wuhan University, 2012, 37(2): 247-251.
Citation: ZANG Tianning, YUN Xiaochun, ZHANG Yongzheng, MEN Chaoguang. A Botnet Relationship Analyzer Based on Cloud Model[J]. Geomatics and Information Science of Wuhan University, 2012, 37(2): 247-251.
shu

僵尸网络关系云模型分析算法

  • 1中国科学院信息工程研究所,北京市海淀区闵庄路27号100097;2哈尔滨工程大学计算机科学与技术学院,哈尔滨市南通大街145号150001;3信息内容安全技术国家工程实验室,北京市海淀区闵庄路27号100097

基金项目: 国家自然科学基金资助项目(60703021,61070185,60873138);;国家863计划资助项目(2007AA010501)
详细信息
    作者简介:

    臧天宁,博士,主要研究方向为僵尸网络、协同分析。

  • 中图分类号: P208;TP393

A Botnet Relationship Analyzer Based on Cloud Model

  • 1 Institute of Information Engineering,Chinese Academy of Sciences,27 Minzhuang Road,Haidian District, Beijing 100097,China;2 College of Computer Science and Technology,Harbin Engineering University,145 Nantong Street,Harbin 150001,China;3 National Engineering Laboratory for Information Security Technologie,27 Minzhuang Road,Haidian District, Beijing 100097,China

Funds: 国家自然科学基金资助项目(60703021,61070185,60873138);;国家863计划资助项目(2007AA010501)

摘要

    摘要
  • 摘要: 通过分析僵尸网络内部的通信行为,提取了相同僵尸网络的通信特征,利用这些特征定义了僵尸网络之间关系的云模型,并设计了基于云模型的僵尸网络关系分析算法。通过典型僵尸程序样本的评测结果表明,即使对采用加密通信和无固定通信时间间隔的僵尸程序,该算法仍然能够有效地识别出这些僵尸网络之间的关系。通过与相关研究工作的对比表明,该算法在分析的准确度、僵尸网络的类型和加密通信等方面均优于相关研究成果。
    Abstract: An approach for analyzing the relationship among botnets was presented.Several botnet communication characteristics were extracted,including the amount of data flows within a botnet,the number of packets per data flow,the payload of communication and data packets in the master hosts.Statistical similarity functions of botnet characteristics were defined.Based on the cloud model and the defined statistical similarity functions,the analysis model of botnet relationship was build,and the similarities of botnet characteristics were synthetically evaluated.The analysis experiments were conducted based on a simulation network environment.The experimental results show that the presented method was valid and efficient,even in the case of encrypted botnet communication messages.The result is better than the research production in the report on the interrelated research achievements.
    • HTML全文
    • 参考文献(0)
    • 相关文章
    • 施引文献
    • 资源附件(0)
计量
  • 文章访问数:  1079
  • HTML全文浏览量:  47
  • PDF下载量:  520
  • 被引次数: 0
出版历程
  • 收稿日期:  2011-12-14
  • 发布日期:  2012-02-04

目录

摘要
HTML全文
    参考文献(0)
    相关文章
    施引文献
    资源附件(0)

    /

    返回文章
    返回

    版权所有 © 2013 《武汉大学学报·信息科学版》编辑部

    地址:武汉大学文理学部本科生院楼北5楼邮政编码:430072

    电话:027-68778465,68788631E-mail:whuxxb@vip.163.com

    我要投稿

    投稿攻略

    联系我们

    二维码

    本系统由北京仁和汇智信息技术有限公司开发  百度统计