摘要
僵尸网络作为一种新型的攻击手段对互联网安全产生重大威胁,随着僵尸网络技术的快速发展,基于多种协议的僵尸网络应运而生。针对僵尸网络的特点,将隐马尔可夫模型应用于僵尸网络检测技术中。首先根据当前僵尸网络的发展状况及存在的问题分析了僵尸网络的生命周期和行为特征;然后通过状态划分的方法对僵尸网络进行数学建模,并提出一种基于该模型的僵尸网络的检测方法;最后通过实验,并对实验结果进行分析与总结,验证了检测方法的可靠性和合理性。
Botnet as a new technology of attacks is a serious threat to Intemet security. With the rapid development of the botnet, botnet based several protocols came into being. In accordance with the feature of botnet, the Hidden Markov Model has applied in botnet detection. Firstly, according to the current situation and problems of the botnet, the life cycle and behavior characteristics of the botnet have been analyzed. After that, a mathematical model based on state division has been built to describe the botnet. Meanwhile, a method of botnet detection based on this model has been proposed. Finally, we analyzed and summarized the experimental results, and verified the reliability and rationality of the detection method.
出处
《科研信息化技术与应用》
2012年第2期19-24,共6页
E-science Technology & Application
基金
中国科学院知识创新工程青年人才领域前沿项目(CNIC_QN_11003)
