基于MapReduce的僵尸网络在线检测算法
发布时间:2018-11-15 14:52
【摘要】:目前僵尸网络主要是通过网络流量分析的方法来进行检测,这往往依赖于僵尸主机的恶意行为,或者需要外部系统提供信息。另外传统的流量分析方法计算量很大,难以满足实时要求。为此该文提出一种基于MapReduce的僵尸网络在线检测算法,该算法通过分析网络流量并提取其内在的关联关系检测僵尸网络,并在云计算平台上进行数据分析,使数据获取和数据分析工作同步进行,实现在线检测。实验结果表明该算法的检测率可达到90%以上,误报率在5%以下,并且数据量较大时加速比接近线性,验证了云计算技术在僵尸网络检测方面的可行性。
[Abstract]:At present botnets are mainly detected by network traffic analysis which often depends on the malicious behavior of zombie hosts or requires information from external systems. In addition, the traditional flow analysis method is difficult to meet the real-time requirements. In this paper, a botnet online detection algorithm based on MapReduce is proposed. The algorithm detects botnet by analyzing network traffic and extracting its inherent correlation relationship, and analyzes the data on cloud computing platform. Data acquisition and data analysis are synchronized to achieve online detection. The experimental results show that the detection rate of the algorithm can reach more than 90%, the false alarm rate is less than 5%, and the acceleration ratio is close to linear when the data is large, which verifies the feasibility of cloud computing technology in botnet detection.
【作者单位】: 南开大学信息技术科学学院;天津城市建设大学计算机与信息工程学院;
【基金】:天津市重点项目(11jczdjc28100) 国家科技支撑计划(2012BAF12B00)资助课题
【分类号】:TP393.08
[Abstract]:At present botnets are mainly detected by network traffic analysis which often depends on the malicious behavior of zombie hosts or requires information from external systems. In addition, the traditional flow analysis method is difficult to meet the real-time requirements. In this paper, a botnet online detection algorithm based on MapReduce is proposed. The algorithm detects botnet by analyzing network traffic and extracting its inherent correlation relationship, and analyzes the data on cloud computing platform. Data acquisition and data analysis are synchronized to achieve online detection. The experimental results show that the detection rate of the algorithm can reach more than 90%, the false alarm rate is less than 5%, and the acceleration ratio is close to linear when the data is large, which verifies the feasibility of cloud computing technology in botnet detection.
【作者单位】: 南开大学信息技术科学学院;天津城市建设大学计算机与信息工程学院;
【基金】:天津市重点项目(11jczdjc28100) 国家科技支撑计划(2012BAF12B00)资助课题
【分类号】:TP393.08
【参考文献】
相关期刊论文 前2条
1 方滨兴;崔翔;王威;;僵尸网络综述[J];计算机研究与发展;2011年08期
2 江健;诸葛建伟;段海新;吴建平;;僵尸网络机理与防御技术[J];软件学报;2012年01期
【共引文献】
相关期刊论文 前10条
1 许力文;乔丽娟;李壮;;P2P僵尸网络安全机制研究[J];计算机安全;2013年01期
2 陈向东;李静蕾;;僵尸网络攻击原理及检测技术研究[J];济南职业学院学报;2012年01期
3 冯丽萍;韩琦;王鸿斌;康苏明;;P2P僵尸网络的有效免疫措施[J];计算机应用;2012年09期
4 冯丽萍;韩琦;王鸿斌;;具有变化感染率的僵尸网络传播模型[J];计算机科学;2012年11期
5 李跃;翟立东;王宏霞;时金桥;;一种基于社交网络的移动僵尸网络研究[J];计算机研究与发展;2012年S2期
6 李世淙;云晓春;张永铮;;一种基于分层聚类方法的木马通信行为检测模型[J];计算机研究与发展;2012年S2期
7 欧阳赔;苏璞睿;和亮;;僵尸网络仿真系统设计与实现[J];计算机应用与软件;2013年01期
8 吴e,
本文编号:2333613
本文链接:https://www.wllwen.com/guanlilunwen/ydhl/2333613.html
