计算机与数字工程2011,Vol.39Issue(3):90-91,159,3.
基于流量分析的P2P僵尸网络检测
Detection of P2P Botnet Based on Analysis of Flow
摘要
Abstract
Through the research on the mechanism of the P2P botnet, this paper proposes algorithm based on the analysis of flow. After the preprocessing of flow grasped from layer 3 switches, it gets three vectors, such as source IP, destination IP and package size, then defines reasonable sliding window of time, does dynamic analysis based on the algorithm of connection rate. So that it could locate the position of P2P botnet accurately, which could provide the gist for detecting botnets.关键词
僵尸网络/流量/连接成功率/动态检测/滑动窗口分类
信息技术与安全科学引用本文复制引用
刘建波..基于流量分析的P2P僵尸网络检测[J].计算机与数字工程,2011,39(3):90-91,159,3.基金项目
国家自然科学基金(编号:60603070)资助. (编号:60603070)
