检索规则说明:AND代表“并且”;OR代表“或者”;NOT代表“不包含”;(注意必须大写,运算符两边需空一格)
检 索 范 例 :范例一: (K=图书馆学 OR K=情报学) AND A=范并思 范例二:J=计算机应用与软件 AND (U=C++ OR U=Basic) NOT M=Visual
名 称:
注 释:
作 者:徐婷 郭春[1] 申国伟 周雪梅 XU Ting;GUO Chun;SHEN Guowei;ZHOU Xuemei(State Key Laboratory of Public Big Data,College of Computer Science and Technology,Guizhou University,Guiyang 550025)
机构地区:[1]贵州大学计算机科学与技术学院公共大数据国家重点实验室,贵阳550025
出 处:《计算机与数字工程》2022年第10期2246-2251,2296,共7页Computer & Digital Engineering
基 金:国家自然科学基金项目(编号:62162009);贵州省科学技术基金项目(编号:黔科合基础[2020]1Y268);贵州省科技支撑计划(编号:黔科合支撑[2022]一般071)资助。
摘 要:当前主流基于主机行为特征的间谍软件检测方法存在难以获取间谍软件的全部主机行为、漏报率较高等问题。重点关注间谍软件传输所窃取数据的网络行为,明确“间谍软件网络通信阶段”的概念,提出了基于网络通信行为特征的间谍软件检测方法(Spyware Detection Method based on Network Communication Behavior Characteristics,SDMNC)。SDMNC以间谍软件网络通信阶段的通信会话为检测对象,提取会话持续时间、上行/下行数据包数量比、上行/下行数据量比等通信行为特征,运用机器学习算法训练检测模型以判别间谍软件流量和正常软件流量。实验结果显示,SDMNC在使用随机森林算法时,能以99.2%、97.4%的准确率分别检测出实验数据集中已知和未知间谍软件样本的流量。The current mainstream spyware detection methods are host behavior feature-based. However,these methods have problems such as the difficulty of acquiring the complete host behavior of spyware and a high false-negative rate. This paper focuses on the network behaviors that transmit the stolen data of spyware,defines the concept of the "spyware network communication stage"(SNCS),and further proposes a spyware detection method based on network communication behavior characteristics(SDMNC). SDMNC uses the communication sessions in SNCS as its detection object,extracts several communication behavioral features of spyware in SNCS,including the session duration time,uplink/downlink packet ratio,and uplink/downlink amount ratio,and then machine learning algorithms are used to train a detection model to distinguish spyware and normal software traffic. Experimental results show that when using a random forest algorithm,SDMNC achieves the accuracies of 99.2% and 97.4% for detecting the known and unknown network traffics of spyware samples,respectively.
分 类 号:TP390[自动化与计算机技术—计算机应用技术]
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在链接到云南高校图书馆文献保障联盟下载...
云南高校图书馆联盟文献共享服务平台 版权所有©
您的IP:216.73.216.7