Detecting Encrypted Botnet Traffic Using Spatial-Temporal Correlation  被引量:3

Detecting Encrypted Botnet Traffic Using Spatial-Temporal Correlation

在线阅读下载全文

作  者:Chen Wei Yu Le Yang Geng 

机构地区:[1]College of Computer, Nanjing University of Posts and Telecommunications, Nanjing 210003, P. R. China [2]Jiangsu High Technology Research Key Laboratory for Wireless Sensor Networks, Nanjing 210003, P. R. China [3]Key Laboratory of Broadband Wireless Communication and Sensor Network Technology, Ministry of Education, Nanjing210003, P. R. China

出  处:《China Communications》2012年第10期49-59,共11页中国通信(英文版)

基  金:supported by the National Basic Research Program of China(973 Program)under Grant No.2011CB302903;the Priority Academic Program Development of Jiangsu Higher Education Institutions under Grant No.YX002001

摘  要:In this paper, we to detect encrypted botnet propose a novel method traffic. During the traffic preprocessing stage, the proposed payload extraction method can identify a large amount of encrypted applications traffic. It can filter out a large amount of non-malicious traffic, greatly in, roving the detection efficiency. A Sequential Probability Ratio Test (SPRT)-based method can find spatialtemporal correlations in suspicious botnet traffic and make an accurate judgment. Experimental resuks show that the false positive and false nega- tive rates can be controlled within a certain range.In this paper, we propose a novel method to detect encrypted botnet traffic. During the traffic preprocessing stage, the proposed payload extraction method can identify a large amount of encrypted applications traffic. It can filter out a large amount of non-malicious traffic, greatly improving the detection efficiency. A Sequential Probability Ratio Test (SPRT)-based method can find spatial-temporal correlations in suspicious botnet traffic and make an accurate judgment. Experimental results show that the false positive and false negative rates can be controlled within a certain range.

关 键 词:BOTNET encrypted traffic spatial-tenmporal correlation 

分 类 号:TP393[自动化与计算机技术—计算机应用技术] TP301.6[自动化与计算机技术—计算机科学与技术]

 

参考文献:

正在载入数据...

 

二级参考文献:

正在载入数据...

 

耦合文献:

正在载入数据...

 

引证文献:

正在载入数据...

 

二级引证文献:

正在载入数据...

 

同被引文献:

正在载入数据...

 

相关期刊文献:

正在载入数据...

相关的主题
相关的作者对象
相关的机构对象