检索规则说明:AND代表“并且”;OR代表“或者”;NOT代表“不包含”;(注意必须大写,运算符两边需空一格)
检 索 范 例 :范例一: (K=图书馆学 OR K=情报学) AND A=范并思 范例二:J=计算机应用与软件 AND (U=C++ OR U=Basic) NOT M=Visual
名 称:
注 释:
机构地区:[1]南开大学信息技术科学学院,天津300071 [2]天津城建大学计算机与信息工程学院,天津300384
出 处:《计算机工程》2014年第5期115-119,共5页Computer Engineering
基 金:国家科技支撑计划基金资助项目(2012BAF12B00);天津市重点基金资助项目(11JCZDJC28100;12ZCDZGX46700)
摘 要:现有僵尸网络检测方法的计算量较大,导致检测效率低,而云计算的强大数据处理和分析能力为僵尸网络的检测提供了新的思路和解决方案。为此,设计并实现一种基于MapReduce模型的并行僵尸网络检测算法,基于云协同和流间关联关系对僵尸网络进行检测。提取流间关联关系,将具有关联关系的流聚集到同一个集合中,计算主机的分数,若分数大于阈值则判断为可疑的僵尸主机。实验结果表明,该算法对P2P僵尸网络的检测率能够达到90%以上,误报率控制在4%以下,并且随着云服务器端计算节点的增多,其处理云客户端上传数据及检测僵尸网络的效率更高。Existing botnet detection methods generally have large amount of computation, which results in low detection efficiency. Cloud computing provides new ideas and solutions for the detection of botnets because of its power capacity of data processing and analysis capabilities. Therefore, this paper designs and implements a parallel botnet detection algorithm based on MapReduce model, which uses cloud collaboration and flow correlation relation to detect botnets. It extracts the relationship between flows, gathers the flows having relationship, and calculates the scores of hosts. The hosts whose score is greater than a threshold are suspicious bots. Experimental results show that this algorithm is effective for detecting botnet. The detection rate of P2P botnet can reach more than 90%, and the false alarm rate belows 4%. With the cloud server-side computing nodes increasing, the process of cloud client to upload data and botnet detection is more efficient.
关 键 词:僵尸网络 云计算 关联关系 MAPREDUCE模型 Hadoop云平台
分 类 号:TP309[自动化与计算机技术—计算机系统结构]
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在链接到云南高校图书馆文献保障联盟下载...
云南高校图书馆联盟文献共享服务平台 版权所有©
您的IP:216.73.216.117