重庆邮电大学学报(自然科学版)2017,Vol.29Issue(2):240-244,5.DOI:10.3979/j.issn.1673-825X.2017.02.015
基于SVM的木马流量特征检测方法
Trojan traffic characteristic detection methods based on SVM
摘要
Abstract
Trojans can steal sensitive user information or file resources,or remotely monitor of user behavior in a hidden way,which poses a great threat to network security,therefore,the Trojan detection methods based on traffic characteristics is proposed,and the support vector machine (SVM) algorithm was used (for classification by statistically analyzing such characteristics as the ports' order of a server,the client's port number used by server,the data packets number from client,and the of data packets number from server,etc.The optimal detection parameters are obtained and the traffic-based Trojan monitoring model is built according to the training results.Because of the generalization and universality of traffic characteristics,the proposed methods also have some effects on those unknown Trojans.The simulation results show that the proposed methods have good detection ability for either common Trojans or unknown Trojans,and the blind detection accuracy rate can be up to 96.61% under certain experiment conditions.关键词
木马检测/流量特征/SVM/特征分析Key words
Trojan detection/traffic characteristic/support vector machine/feature analysis分类
信息技术与安全科学引用本文复制引用
胡向东,白银,张峰,林家富,李林乐..基于SVM的木马流量特征检测方法[J].重庆邮电大学学报(自然科学版),2017,29(2):240-244,5.基金项目
教育部-中国移动联合研究基金(MCM20150202) (MCM20150202)
重庆市教委科研项目(KJ1602201) (KJ1602201)
The Joint Research Foundation of the Ministry of Education of the People's Republic of China and China Mobile(MCM20150202) (MCM20150202)
The Science and Technology Project Affiliated to Chongqing Education Commission(KJ1602201) (KJ1602201)
