通信学报
通信學報
통신학보
JOURNAL OF CHINA INSTITUTE OF COMMUNICATIONS
2013年
10期
49-55,64
,共8页
闫健恩%袁春阳%许海燕%张兆心
閆健恩%袁春暘%許海燕%張兆心
염건은%원춘양%허해연%장조심
IRC协议%僵尸网络%数据流%聚类分析
IRC協議%僵尸網絡%數據流%聚類分析
IRC협의%강시망락%수거류%취류분석
IRC protocol%Botnet%traffic flow%cluster analysis
针对IRC僵尸网络频道的检测问题,提出一种基于流量特征的检测方法。分析了僵尸网络频道数据流在不同周期内流量的聚类性、相似性、平均分组长度、流量高峰和协同流量高峰等特征,并以此作为僵尸网络频道检测的依据。检测过程中,采用改进的最大最小距离和k-means聚类分析算法,改善了数据聚类的效果。最后经过实验测试,验证了方法的有效性。
針對IRC僵尸網絡頻道的檢測問題,提齣一種基于流量特徵的檢測方法。分析瞭僵尸網絡頻道數據流在不同週期內流量的聚類性、相似性、平均分組長度、流量高峰和協同流量高峰等特徵,併以此作為僵尸網絡頻道檢測的依據。檢測過程中,採用改進的最大最小距離和k-means聚類分析算法,改善瞭數據聚類的效果。最後經過實驗測試,驗證瞭方法的有效性。
침대IRC강시망락빈도적검측문제,제출일충기우류량특정적검측방법。분석료강시망락빈도수거류재불동주기내류량적취류성、상사성、평균분조장도、류량고봉화협동류량고봉등특정,병이차작위강시망락빈도검측적의거。검측과정중,채용개진적최대최소거리화k-means취류분석산법,개선료수거취류적효과。최후경과실험측시,험증료방법적유효성。
To resolve the problem of detecting IRC Botnet, a method based on traffic flow characteristics was pro-posed. The characteristics of Botnet channel traffic were analyzed in different periods such as da-ta-clustering, data-similarity, the average length of packet, peak of synchronized traffic, and peak of collaborative syn-chronized traffic, and these characteristics were used to detect the botnet. In analyzing, improved max-min distance means and k-means cluster analysis algorithm were also presented to promote the efficiency of data clustering. At last, the availability of the method was verified by experiment.
