登录 | 注册 | 退出 | 公司首页 | 繁体中文 | 满意度调查
综合馆
一种关联网络和主机行为的延迟僵尸检测方法
  • 摘要

    僵尸网络对现有计算机网络安全构成了巨大的威胁.新型僵尸经常采用隐蔽技术躲避安全系统的检测.采用延迟响应手段的僵尸在网络活动和主机行为之间插入随机时间的延迟,迷惑现有使用关联的检测方法.针对延迟僵尸的网络活动和主机行为,提出了一个新的关联检测方法.针对延迟僵尸的网络活动和主机行为可能分散在不同时间窗口的问题,使用滑动时间窗口迭代算法,提高了检测准确率.针对单纯主机检测方法需要全局部署问题,使用推荐算法关联网络和主机行为,提高了检测的健壮性和准确率.分析了滑动时间窗口大小和主机检测工具部署率对检测准确率的影响.实验结果表明,方法能有效检测延迟僵尸,当网络中主机检测工具的部署率达到80%时,包括未部署检测工具的主机在内,准确率约为88%.

  • 作者

    何毓锟  李强  嵇跃德  郭东  HE Yu-Kun  LI Qiang  JI Yue-De  GUO Dong 

  • 作者单位

    吉林大学计算机科学与技术学院 长春 130012;符号计算与知识工程教育部重点实验室(吉林大学) 长春 130012

  • 刊期

    2014年1期 ISTIC EI PKU

  • 关键词

    僵尸检测  延迟僵尸  滑动时间窗口  关联引擎  僵尸网络  bot detection  response-delayed bot  sliding time window  correlation engine  botnet 

参考文献
  • [1] Ianelli N;Hackworth A. Botnets as a vehicle for online crime. http:www.cert.org/archive/pdf/Botnets.pdf
  • [2] Park Y;Reeves D S. Identification of bot commands by run time execution monitoring. {H}Washington,DC USA, 2009
  • [3] Kolbitsch C;Comparetti P M;Kruegel C. Effective and efficient malware detection at the end host. {H}Montreal,Canada, 2009
  • [4] Al-Hammadi Y A A. Behavioural correlation for malicious bot detection. School of Computer Science,University of Nottingham,Nottingham,United Kingdom, 2010
  • [5] de Castro L R;Timmis J. Articial Immune Systems:A New Computational Intelligence Paradigm. {H}London,UK:Springer-Verlag, 2002
  • [6] Greensmith J;Aickelin U;Feyereisl J. The DCA-SOMe comparison:A comparative study between two biologicallyinspired algorithms. Evolutionary Intelligence, 2008,2
  • [7] Xu Zhaoyan;Chen Lingfeng;Gu Guofei;Kruegel C. PeerPress:Utilizing enemies' P2P strength against them. Raleigh,USA, 2012
  • [8] Tegeler F;Fu Xiaoming;Vigna G;Kruegel C. BotFinder:Finding bots in network traffic without deep packet inspection. {H}Nice,France, 2012
  • [9] Bilge L;Balzarotti D;Robertson W. DISCLOSURE:Detecting botnet command and control servers through large-scale netflow analysis. Orlando,USA, 2012
  • [10] Francois J;Wang S;State R;Engel T. Bottrack:Tracking botnets using netflow and pagerank. {H}Valencia,Spain, 2011
  • [11] Gu Guofei;Perdisci R;Zhang Junjie;Lee Wenke. BotMiner:Clustering analysis of network traffic for protocol-and structure-independent botnet detection. San Jose,USA, 2008
  • [12] Gu Guofei;Zhang Junjie;Lee Wenke. BotSniffer:Detecting botnet command and control channels in network traffic. San Diego,USA, 2008
  • [13] . http://www.kaspersky.com/internet-security-center
  • [14] Gu Guofei. Correlation-based botnet detection in enterprise networks. Georgia Institute of Technology,Atlanta,United States, 2008
  • [15] Park Y H;Zhang Qinghua;Reeves D S. AntiBot:Clustering common semantic patterns for bot detection. Seoul,Korea, 2010
  • [16] Kwon T;Su Zhendong. Modeling high-level behavior patterns for precise similarity analysis of software.University of California Davis,Davis,United States:Technical Reports CSE-2010-16. 2010
  • [17] Wang Xinyuan;Jiang Xuxian. Artificial malware immunization based on dynamically assigned sense of self. Boca Raton,USA, 2010
  • [18] Neil Daswani,Michael Stoppelman,the Google Click Quality and Security Teams. The anatomy of clickbot. Cambridge,Massachusetts,USA, 2007
  • [19] . http://www.bitdefender.com/solutions/free.html
  • [20] . http://fprobe.sourceforge.net/
  • [21] . http://www.splintered.net/sw/flow-tools/docs/flowtools.html
  • [22] . http://develops.google.com./safe-browing/
  • [23] . http://www.alexa.com/topsites
  • [24] . http://stat.ethz.ch/R-manual/R-patched/library/stats/html/hclust.html
  • [25] Stinson E;Mitchell J C. Characterizing bots' remote control behavior. Lucerne,Switzerland, 2007
  • [26] Liu Lei;Chen Songqing;Yan Guanhua;Zhang Zhao. BotTracer:Execution-based bot-like malware detection. Taipei,China, 2008
  • [27] Coskun B;Dietrich S;Memon N. Friends of an enemy:Identifying local members of peer-to-peer botnets using mutual contacts. Austin,Texas,USA, 2010
  • [28] Nagaraja S;Mittal P;Hong Chi-Yao. BotGrep:Finding P2P bots with structured graph analysis. Washington,USA, 2010
  • [29] Collins M P;Reiter M K. Hit-list worm detection and bot identification in large networks using protocol graphs. Gold Goast,Australia, 2007
  • [30] Zeng Yuanyuan;Hu Xin;Shin K G. Detection of botnets using combined host-and network-level information. Chicago,USA, 2010
  • [31] Shin Seungwon;Xu Zhaoyan;Gu Guofei. EFFORT:Efficient and effective bot malware detection. Orlando,FL,USA, 2012
  • [32] Rieck K;Trinius P;Willems C. Automatic analysis of malware behavior using machine learning. Journal of Computer Security, 2011,4
  • [33] Karbalaie F;Sami A;Ahmadi M. Semantic malware detection by deploying graph mining. International Journal of Computer Science Issues, 2012,1
  • [34] . http://windows.microsoft.com/en-hk/windows/securityessentials-download
查看更多︾
相似文献 查看更多>>
18.232.188.251