检索规则说明:AND代表“并且”;OR代表“或者”;NOT代表“不包含”;(注意必须大写,运算符两边需空一格)
检 索 范 例 :范例一: (K=图书馆学 OR K=情报学) AND A=范并思 范例二:J=计算机应用与软件 AND (U=C++ OR U=Basic) NOT M=Visual
作 者:臧天宁[1,2,3] 云晓春[1,2,3] 张永铮[1,3] 门朝光[2]
机构地区:[1]中国科学院信息工程研究所,北京市100097 [2]哈尔滨工程大学计算机科学与技术学院,哈尔滨市150001 [3]信息内容安全技术国家工程实验室,北京市100097
出 处:《武汉大学学报(信息科学版)》2012年第2期247-251,共5页Geomatics and Information Science of Wuhan University
基 金:国家自然科学基金资助项目(60703021,61070185,60873138);国家863计划资助项目(2007AA010501)
摘 要:通过分析僵尸网络内部的通信行为,提取了相同僵尸网络的通信特征,利用这些特征定义了僵尸网络之间关系的云模型,并设计了基于云模型的僵尸网络关系分析算法。通过典型僵尸程序样本的评测结果表明,即使对采用加密通信和无固定通信时间间隔的僵尸程序,该算法仍然能够有效地识别出这些僵尸网络之间的关系。通过与相关研究工作的对比表明,该算法在分析的准确度、僵尸网络的类型和加密通信等方面均优于相关研究成果。An approach for analyzing the relationship among botnets was presented.Several botnet communication characteristics were extracted,including the amount of data flows within a botnet,the number of packets per data flow,the payload of communication and data packets in the master hosts.Statistical similarity functions of botnet characteristics were defined.Based on the cloud model and the defined statistical similarity functions,the analysis model of botnet relationship was build,and the similarities of botnet characteristics were synthetically evaluated.The analysis experiments were conducted based on a simulation network environment.The experimental results show that the presented method was valid and efficient,even in the case of encrypted botnet communication messages.The result is better than the research production in the report on the interrelated research achievements.
分 类 号:P208[天文地球—地图制图学与地理信息工程] TP393[天文地球—测绘科学与技术]
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在链接到云南高校图书馆文献保障联盟下载...
云南高校图书馆联盟文献共享服务平台 版权所有©
您的IP:3.22.42.249
