计算机工程与设计
計算機工程與設計
계산궤공정여설계
COMPUTER ENGINEERING AND DESIGN
2010年
1期
45-47
,共3页
僵尸网络%垃圾邮件%邮件内容%特征分析%海林格距离
僵尸網絡%垃圾郵件%郵件內容%特徵分析%海林格距離
강시망락%랄급유건%유건내용%특정분석%해림격거리
Botnet%spare%Email content%characteristic analysis%Hellinger distance
为降低特征提取的复杂度,提高分类速度,提出了一种基于邮件特征匹配的僵尸网络检测方法.不依赖于邮件具体内容和网络流量分析,通过对原始邮件进行概化,进而得到邮件特征值,然后利用海林格距离在僵尸网络邮件特征库中找到最匹配的值,从而检测发送垃圾邮件的僵尸网络类型.实验结果表明,该方法在预构建特征库的情况下对大量邮件进行分析,具有较高的效率和正确率.
為降低特徵提取的複雜度,提高分類速度,提齣瞭一種基于郵件特徵匹配的僵尸網絡檢測方法.不依賴于郵件具體內容和網絡流量分析,通過對原始郵件進行概化,進而得到郵件特徵值,然後利用海林格距離在僵尸網絡郵件特徵庫中找到最匹配的值,從而檢測髮送垃圾郵件的僵尸網絡類型.實驗結果錶明,該方法在預構建特徵庫的情況下對大量郵件進行分析,具有較高的效率和正確率.
위강저특정제취적복잡도,제고분류속도,제출료일충기우유건특정필배적강시망락검측방법.불의뢰우유건구체내용화망락류량분석,통과대원시유건진행개화,진이득도유건특정치,연후이용해림격거리재강시망락유건특정고중조도최필배적치,종이검측발송랄급유건적강시망락류형.실험결과표명,해방법재예구건특정고적정황하대대량유건진행분석,구유교고적효솔화정학솔.
To decrease the complexity of Botnet characteristic extraction and improve the speed of elassification,a Bomct deteetion method based on Email characteristic match,which relies on neither Email detailed contents nor traffic analysis is presenmd.Raw emails arc abstracted and Email characteristics are generated.Hellinger distance is used to find the most mamh characteristic in Botnet Email characteristic repository,then the Botnet that send the spare is classified.Experimental results show that the proposed method gained good accuracy and high efficeney if enough spam Emails are trained and Bomet Email charaeteristic repository is well generated.
