首页|期刊导航|通信学报|基于通信特征和D-S证据理论分析僵尸网络相似度

基于通信特征和D-S证据理论分析僵尸网络相似度

臧天宁云晓春张永铮门朝光崔翔

通信学报2011，Vol.32Issue(4)：66-76,11.

基于通信特征和D-S证据理论分析僵尸网络相似度

Botnets' similarity analysis based on communication features and D-S evidence theory

臧天宁 ¹云晓春 ¹张永铮 ²门朝光 ³崔翔²

作者信息

1. 哈尔滨工程大学计算机科学与技术学院,黑龙江哈尔滨,150001
2. 中国科学院计算技术研究所,北京,100190
3. 信息内容安全技术国家工程实验室,北京,100190
折叠

摘要

Abstract

A potential hidden relationship may exist among different zombie groups. A method to analyze the relationship among botnets was proposed based on the communication activities. The method extracted several communication features of botnet, including the number of flows per hour, the number of packets per flow, the number of flows per IP and the packet payloads. It defined similarity statistical functions of the communication features, and built the analysis model of botnets relationship based on the advanced dempster-shafer (D-S) evidence theory to synthetically evaluate the similarities between different zombie groups. The experiments were conducted using several botnet traces. The results show that the method is valid and efficient, even in the case of encrypted botnet communication messages. Moreover, the ideal processing results is achieved by applying our method to analyze the data captured from the security monitoring platform of computer network, as well as compare with similar work.

关键词

僵尸网络/D-S证据理论/数据流/相似度

Key words

botnet/ D-S evidence theory/ data flow/ similarity

分类

信息技术与安全科学

引用本文复制引用

臧天宁,云晓春,张永铮,门朝光,崔翔..基于通信特征和D-S证据理论分析僵尸网络相似度[J].通信学报,2011,32(4):66-76,11.

基金项目

国家自然科学基金资助项目(60703021,61070185,60873138) （60703021,61070185,60873138）

国家高技术研究发展计划("863"计划)基金资助项目(2007AA010501,2009AA01Z431) （"863"计划）

通信学报

OA北大核心CSCDCSTPCD

ISSN：1000-436X

访问量0

下载量0

段落导航