摘要
目前大多关于P2P僵尸网络检测的研究都采用传统的逆向工程方法,这些方法检测都比较准确,但其工程实施难度太大,效率较低,且对于变种病毒,该类检测方法无能为力。本文尝试通过数据流异常检测技术的应用,找到一种适合数据流应用场景的异常检测方法,并尝试将其应用于P2P僵尸病毒的检测当中,通过监控网络数据流,能够有效地发现P2P僵尸病毒在传播过程当中的特殊行为,并通过捕获这些行为来实现发现僵尸主机的目的。
Most of the current detection of P2P(Peer to Peer) Botnet adopts traditional reverse engineering method,which is very accurate,but difficult to be implemented and shows low efficiency.It becomes ineffective for variants.This paper attempts to find a data stream anomaly detection method suitable to the data stream application cases,and tries to apply it to P2P Zombie Virus detection.By monitoring network data stream,the special behaviors of P2P Zombie Virus in their spreading can be found.The locating of the zombie host can be realized by capturing those behaviors.
出处
《信息与电子工程》
2011年第2期234-237,共4页
information and electronic engineering
关键词
僵尸网络
数据流异常检测
聚类建模
Botnet
data stream anomaly detection
clustering model
