[1]王佳佳.基于生存分析的僵尸网络检测方法[J].扬州职业大学学报扬州教育学院学报,2018,(职业01):44-47.
 WANG Jia-jia.Botnet Detection Method Based on Survival Analysis[J].Journal of Yangzhou Polytechnic College,2018,(职业01):44-47.
点击复制

基于生存分析的僵尸网络检测方法()
分享到:

《扬州职业大学学报》《扬州教育学院学报》[ISSN:1008-3693/CN:32-1529/G4]

卷:
期数:
2018年职业01期
页码:
44-47
栏目:
出版日期:
2018-01-30

文章信息/Info

Title:
Botnet Detection Method Based on Survival Analysis
作者:
王佳佳
泰州职业技术学院, 江苏 泰州 225300
Author(s):
WANG Jia-jia
Taizhou Polytechnic College, Taizhou 225300, China
关键词:
僵尸网络 生存分析 寿命表分析法 Mantel-COX分析法
Keywords:
botnet survival analysis life table analysis Mantel-COX analysis
分类号:
TP 393.08
文献标志码:
A
摘要:
对数据流的分析可以判断网络中僵尸的活动情况。在网络核心设备上设置镜像端口,通过抓包工具可以得到数据包的相关信息并进行格式化。对于不同单位时间段数据流,通过寿命表分析法可以得出不同的生存率,然后用Mantel-COX分析法对不同数据流的生存率再做检测。由于僵尸网络在发起攻击之前一定会告知所有的僵尸主机,因此,在网络攻击发生之前一定可以检测出异常情况的存在。
Abstract:
The botnet activities can be judged by the analysis of data flow. The mirror port is set in the network core device. The relevant information about data package can be obtained using WSExplorer and be formatted. Different survival rates for the data flows in different unit time periods can be achieved by life table analysis and then the survival rates of different data flows be reexamined by Mantel-COX analysis. Since all bots are sure to be told before launching an attack, the presence of abnormal conditions can surely be detected before the cyber attack.

参考文献/References:

[1] PROVOS N, HOLZ T. Virtual honeypots: From botnet tracking to intrusion detection[M]. Boston: Addison-Wesley Professional,2007.
[2] SOKOL P, ZUZCA M, SOCHOR T. Definition of attack in the context of low-level interaction server honeypots[C]//Computer Science and its Applications. Springer Berlin Heidelberg, 2015.
[3] GU G, PERDISCI R, ZHANG J, et al. BotMiner: Clustering analysis of network traffic for protocol and structure independent botnet detection[M]. San Jose: Internet Society Press, 2008.
[4] STEVANOVIC M, PEDERSEN J M. On the use of machine learning for identifying botnet network traffic[J]. Journal of Cyber Security, 2016,4(2):1-32.
[5] BINKLEY J R, SINGH S. An algorithm for anomaly-based botnet detection[C]//Conference on Steps To Reducing Unwanted Traffic on the Internet. USENIX Association, 2006.
[6] SAKIB M N, HUANG C T. Using anomaly detection based techniques to detectHTTP-based botnet C&C traffic[C]//IEEE International Conference on Communications. IEEE,2016.
[7] JCMA SIDNEY, BS FRED EDERER. Maximum utilization of the life table methodin analyzing survival[J]. Journal of Chronic Diseases, 1958,8(6):699-712.
[8] NORMAN GR, STREINER DL. Biostatistics: The bare essentials[M]. 3rd ed. Toronto:People's Medical Pub House,2008.
[9] MANTEL, NATHAN. Evaluation of survival data and two new rank order statistics arising in its consideration[J]. Cancer Chemotherapy Reports, 1966,50(3):163-70.

备注/Memo

备注/Memo:
收稿日期:2017-12-10
作者简介:王佳佳(1981—),女,泰州职业技术学院信息技术学院讲师,硕士。
基金项目:泰州职业技术学院硕博基金(TZYBS-17-6)。
更新日期/Last Update: 2018-01-30