高技术通讯2013,Vol.23Issue(6):571-577,7.DOI:10.3772/j.issn.1002-0470.2013.06.004
基于命令语法结构特征的IRC僵尸网络控制命令识别方法
A method for identification of IRC botnets'control commands based on syntax features
摘要
Abstract
To solve the problem of detection of an IRC Botnet's control commands,a syntax feature-based identification method is presented.The method,firstly,analyzes the lexical features of keywords and parameters of IRC Botnet control commands,and then unifies them for input processing.Secondly,starting from the features of syntax structures such as the type and amount of parameters,three kinds of control commands' formalized grammar descriptions are defined to fit different syntax structures,furthermore a prototype system based on the LR parsing technique is designed and implemented.The availability of the method was verified by experiment and the experimental results showed that the grammar had the good ability in recognizing the Botnet control commands,and its performance met the pactical requirement.关键词
僵尸网络/控制命令/语法结构/形式化Key words
Botnet/control command/syntax structure/formalization引用本文复制引用
闫健恩,张兆心,许海燕..基于命令语法结构特征的IRC僵尸网络控制命令识别方法[J].高技术通讯,2013,23(6):571-577,7.基金项目
863计划(2007AA010503),国家自然科学基金(61100189),山东省中青年科学家奖励基金(BS2011DX001),威海市科技攻关(2010-3-96)和哈尔滨工业大学科研创新基金(HIT.HSRIF.2011119)资助项目. (2007AA010503)
