利用C-F模型识别僵尸网络迁移

A Botnet Migration Analyzer Based on the C-F Model

  • 摘要: 基于C-F模型识别僵尸网络的迁移,以僵尸网络迁移过程中表现出的多个特征为基础,提出了一种识别僵尸网络迁移的方法,能够协同多个特征判断给定的两批僵尸主机是否具有迁移关系。通过几个典型僵尸样本的评测,有效地识别了僵尸网络的迁移行为。与单纯采用IP地址重合度的方法进行了对比,在僵尸网络成员数量动态变化的情况下,仍然保持了理想的识别结果。

     

    Abstract: This paper analyzes several features in the progress of botnet migration and proposes a botnet migration analyzer for analyzing botnet migration based on C-F model.The analyzer fuses these features to decide whether a botnet migrates to another one.Several typical bot samples have been used to evaluate the mothed,most of these bot migration behavior have been identified.Such result is better than the method of decide botnet migration only by the size of duplicated IP addresses.

     

/

返回文章
返回