康健, 宋元章. 利用多维观测序列的KCFM混合模型检测新型P2P botnet[J]. 武汉大学学报 ( 信息科学版), 2010, 35(5): 520-523.
引用本文: 康健, 宋元章. 利用多维观测序列的KCFM混合模型检测新型P2P botnet[J]. 武汉大学学报 ( 信息科学版), 2010, 35(5): 520-523.
shu
KANG Jian, SONG Yuanzhang. Application KCFM to Detect New P2P Botnet Based on Multi-Observed Sequence[J]. Geomatics and Information Science of Wuhan University, 2010, 35(5): 520-523.
Citation: KANG Jian, SONG Yuanzhang. Application KCFM to Detect New P2P Botnet Based on Multi-Observed Sequence[J]. Geomatics and Information Science of Wuhan University, 2010, 35(5): 520-523.
shu

利用多维观测序列的KCFM混合模型检测新型P2P botnet

Application KCFM to Detect New P2P Botnet Based on Multi-Observed Sequence

    摘要
  • 摘要: 提出了一种新颖的综合考虑多维观测序列的实时检测模型——KCFM。通过抽取新型分散式P2Pbotnet的多个特征构成多维观测序列,使用离散Kalman滤波算法发现流量异常变化,将Multi-chart CUSUM作为差异放大器提高检测精度。实验表明,基于多维观测序列的KCFM模型能够有效地检测新型P2Pbotnet。

     

    Abstract: We propose a novel real-time detecting model-KCFM(Kalman filter and multi-chart CUSUM fused model) based on multi-observed sequence,which consists of several extracted the new P2P botnet characteristic properties.The KCFM finds the abnormal traffic by the discrete Kalman filter,and improves the detection precision by using the Multi-chart CUSUM as an amplifier.The experiments show that our approach can detect new decentralized botnet with a relatively high precision.

     

    • HTML全文
    • 参考文献(0)
    • 相关文章
    • 施引文献
  • 资源附件(0)

/

返回文章
返回