基于异常行为特征的僵尸网络检测方法研究

摘要/Abstract

摘要：

基于僵尸网络通信及网络流量的异常行为，可以有效检测出僵尸频道。介绍了通过对主机响应信息的异常分析，进而判断出当前IRC频道是否为一个僵尸频道的检测算法。由此引入了基于异常行为的僵尸频道检测模型，该模型分类提取IRC频道的主机响应信息，结合检测算法分析得出结论。实验结果验证了该模型的有效性。

关键词: 僵尸网络, 僵尸频道, 响应集群

Abstract:

The zombie network communications and network traffic based abnormal behavior can detect the botnet channel effectively.This paper describes an algorithm which can determine whether the current IRC channel is a botnet channel or not through the analysis of the information on the response.The Anomaly-based detection model about the botnet channel is introduced,which extracts the information on the response and draws a conclusion by the testing algorithm.The experimental results verify the validity of the model.

Key words: botnet;botnet channel;response clusters

中图分类号:

TP393

杨奇, 何聚厚. 基于异常行为特征的僵尸网络检测方法研究[J]. , 2010, 23(11): 109-112.

YANG Qi, HE Ju-Hou. Abnormal Behavior-Based Botnet Detection Algorithm[J]. , 2010, 23(11): 109-112.

参考文献

［1］杜跃进，崔翔.僵尸网络及其启发
[J].中国数据通信，2005，7（5）：9-13.
［2］诸葛建伟，韩心慧，周勇林,等.HoneyBow:一个基于高交互式蜜罐技术的恶意代码自动捕获器
[J].通信学报，2007，28（12）：8-13.
［3］Malan D J.Rapid Detection of Botnets Through Collaborative Networks of Peers［D］.Cambridge，Massachusetts：Harvard University,2007.
［4］AlHammadi Y,Aickelin U.Detecting Botnets Through Log Correlation
[C].Tuebingen,Germany:Proceedings of the IEEE/IST Workshop on Monitoring,Attack Detection and Mitigation,2006:97-100.
［5］Strayer W T,Walsh.Detecting Botnets with Tight Command and Control［C］.Tampa,FL：Proceedings of the 31st IEEEConference on Local Computer Networks,2006:195-202.
［6］Goebel J.Rishi:Identify bot Contaminated Hosts by IRC Nickname Evaluation
[C].Cambridge,MA:Proceedings of the HotBots07,First Workshop on Hot Topics in Understanding Botnets,2007.
［7］Karasaridis A,Rexroad B.Widescale Botnet Detection and Characterization
[C].Cambridge,MA:Proceedings of the HotBots07,First Workshop on Hot Topics in Understanding Botnets,2007.
［8］Gu G,Porras P,Yegneswaran V.BotHunter:Detecting Malware Infection Through Idsdriven Dialog Correlation
[C].Boston,Massachusetts:Proceedings of the 16th USENIX Security Symposium(Security07),2007:167-182.
［9］Gu G,Zhang J,Lee W.BotSniffer:Detecting Botnet Command and Control Channels in Network Traffic
[C].San Diego,CA:Proceedings of the 15th Annual Network and Distributed System Security Symposium(NDSS08),2008:269-286.
［10］Gu G,Perdisct R,Zhang J,et al.BotMiner:Clustering Analysis of Network Traffic for Protocol and Structureindependent Botnet Detection
[C].San Jose,CA:Proceedings of the 17th USENIX Security Symposium (Security08),2008:139-154.
［11］Ramachandran A,Feamster N,Vempala S.Filtering Spam with Behavioral Blacklisting
[C].In Proc.ACM Conference on Computer and Communications Security (CCS07),2007.
［12］Zhuge J,Holz T,Han X,et al.Characterizing the Ircbased Botnet Phenomenon
[M].Beijing:Peking University & University of Mannheim Technical Report,2007.
［13］Jung J,Paxson V,Berger A W,et al.Fast Portscan Detection Using Sequential Hypothesis Testing
[C].Oakland,CA:In IEEE Symposium on Security and Privacy,2004.
［14］Wald A.Sequential Tests of Statistical Hypotheses
[J].The Annals of Mathematical Statistics,1945,16(2):117-186.
［15］Barford P,Yegneswaran V.An Inside Look at Botnets
[M].Springer Verlag:Special Workshop on Malware Detection,Advances in Information Security,2006.

[1]	廖珊. 基于VPN的机房网络架构及安全体系设计[J]. , 2016, 29(4): 187-.
[2]	徐玉珠,张达敏,曾成,孙雅倩. 改进HK网络演化模型的研究[J]. , 2016, 29(3): 106-.
[3]	王明伟,陈立万,李洪兵,陈强. 基于ZigBee协议WSN在智能家居中的控制实现[J]. , 2016, 29(3): 114-.
[4]	乔玉蓉,张星,程建云. 基于ZigBee的小型温室环境信息控制系统[J]. , 2016, 29(2): 99-.
[5]	陈焕,汪正祥,傅忠云. 基于发射功率自适应调节的无线通信网抗扰研究[J]. , 2016, 29(1): 71-.
[6]	赵文强,杨百龙,王正辉. 车载Ad Hoc网络数据收集方法研究[J]. , 2015, 28(11): 157-.
[7]	徐敏,夏靖波. 基于WinPcap的网络流量监控界面优化设计[J]. , 2015, 28(9): 31-.
[8]	曾成,孙雅倩,徐玉珠,张达敏. 无标度网络的局部搜索策略[J]. , 2015, 28(8): 115-.
[9]	徐源浩,齐焕芳. 基于ELM理论的昆虫分类[J]. , 2015, 28(3): 33-.
[10]	韩震,肖铁军. 基于跳数修正的DV-Hop改进算法[J]. , 2015, 28(1): 158-.
[11]	张雪梅. 基于Quark微处理器X1000的物联网路由器设计[J]. , 2015, 28(1): 164-.
[12]	秦瑞峰. 网络隐写信息传递系统的高效攻击检测[J]. , 2014, 27(11): 176-.
[13]	马力,宫玉龙. 文本情感分析研究综述[J]. , 2014, 27(11): 180-.
[14]	孙宁,阎籽安,王池. 基于Web的网上报修系统设计[J]. , 2014, 27(9): 85-.
[15]	吴跃,陈兵,钱红燕. 一种改进的稀疏自适应压缩感知重构算法[J]. , 2014, 27(8): 173-.