[1]蒋鸿玲,邵秀丽.基于神经网络的僵尸网络检测[J].智能系统学报,2013,8(2):113-118.[doi:10.3969/j.issn.1673-4785.201210055]
 JIANG Hongling,SHAO Xiuli.Botnet detection algorithm based on neural network[J].CAAI Transactions on Intelligent Systems,2013,8(2):113-118.[doi:10.3969/j.issn.1673-4785.201210055]
点击复制

基于神经网络的僵尸网络检测

《智能系统学报》[ISSN 1673-4785/CN 23-1538/TP] 卷: 8 期数: 2013年第2期 页码: 113-118 栏目: 学术论文—机器学习 出版日期: 2013-04-25
Title:
Botnet detection algorithm based on neural network
文章编号:
1673-4785(2013)02-0113-06
作者:
蒋鸿玲邵秀丽
南开大学 信息技术科学学院,天津 300071
Author(s):
JIANG Hongling, SHAO Xiuli
College of Information Technical Science, Nankai University, Tianjin 300071, China
关键词:
僵尸网络BP神经网络特征向量网络流量检测算法
Keywords:
botnet BP neural network feature vector network traffic detection algorithm
分类号:
TP393
DOI:
10.3969/j.issn.1673-4785.201210055
文献标志码:
A
摘要:
目前主流的僵尸网络检测方法主要利用网络流量分析技术,这往往需要数据包的内部信息,或者依赖于外部系统提供的信息或僵尸主机的恶意行为,并且大多数方法不能自动存储僵尸网络的流量特征,不具有联想记忆功能.为此提出了一种基于BP神经网络的僵尸网络检测方法,通过大量的僵尸网络和正常流量样本训练BP神经网络分类器,使其学会辨认僵尸网络的流量,自动记忆僵尸流量特征,从而有效检测出被感染的主机.该神经网络分类器以主机对为分析对象,提取2个主机间通信的流量特征,将主机对的特征向量作为输入,有效地区分出正常主机和僵尸主机.实验表明,该方法的检测率达到99%,误报率在1%以下,具有良好的性能.
Abstract:
The most current botnet detection algorithm are typically based on network traffic analyzing technologies that usually need packet payload. The botnet detection algorithm also relies on information obtained by external systems or malicious behaviors of bots that do not automatically store the features of botnet traffic and do not have the ability of associative memory. As a result, this paper proposes a botnet detection algorithm based on BP neural network which trains the BP neural network classifier through a lot of botnet and normal traffic samples and allows it to learn how to identify botnet traffic and automatically remember the features of botnet traffic and therefore, detect the infected hosts effectively. The neural network classifier takes the host-pairs as analysis objects, extracts the traffic features of communications between two hosts and takes the feature vectors of host-pairs as input, thus, effectively distinguishing the normal hosts and bots. The experimental results show that the detection rate of our algorithm can achieve to 99% and the false positive rate is below 1% and the algorithm has a good performance.
参考文献/References:
[1]金鑫,李润恒,甘亮,等. 基于通信特征曲线动态时间弯曲距离的IRC僵尸网络同源判别方法[J]. 计算机研究与发展, 2012, 49(3): 481-490.
JIN Xin, LI Runheng, GAN Liang, et al. IRC botnets’ homology identifying method based on dynamic time warping distance of communication feature curves[J]. Journal of Computer Research and Development, 2012, 49(3): 481-490.
[2]江健, 诸葛建伟, 段海新,等. 僵尸网络机理与防御技术[J]. 软件学报, 2012, 23(1): 82-96.
JIANG Jian, ZHUGE Jianwei, DUAN Haixin, et al. Research on botnet mechanisms and defenses[J]. Journal of Software, 2012, 23(1): 82-96..
[3]GOEBEL J, HOLZ T. Rishi: identify bot contaminated hosts by irc nickname evaluation[C]//Proceedings of USENIX First Workshop on Hot Topics in Understanding Botnets, Cambridge, USA, 2007: 1-12.
[4]FRANCOIS J, WANG S, STATE R, et al. BotTrack: tracking botnets using NetFlow and PageRank[M]//Lecture Notes in Computer Science. Valencia, Spain, 2011: 1-14.
[5]NAGARAJA S, MITTAL P, HONG C, et al. BotGrep: finding P2P bots with structured graph analysis[C]//Proceedings of the 19th USENIX Conference on Security. Washington, DC, USA, 2010: 1-16.
[6]GU G, PERDISCI R, ZHANG J, et al. BotMiner: clustering analysis of network traffic for protocol- and structure-independent botnet detection[C]//Proceedings of the 17th Conference on Security Symposium. San Jose, USA, 2008: 139-154.
[7]GU G, PORRAS P, YEGNESWARAN V, et al. BotHunter: detecting malware infection through IDSdriven dialog correlation[C]//Proceedings of the 16th USENIX Security Symposium. Boston, USA, 2007: 167-182.
[8]PRASAD K, REDDY A, KARTHIK M. Flooding attacks to internet threat monitors (ITM): modeling and counter measures using botnet and honeypots[J]. International Journal of Computer Science and Information Technology, 2011, 3(6): 159-172.
[9]ZHANG J, PERDISCI R, LEE W, et al. Detecting stealthy P2P Botnets using statistical traffic fingerprints[C]//Proceedings of IEEE/IFIP 41st International Conference on Dependable Systems and Networks. Hong Kong, China, 2011: 121-132.
[10]方滨兴,崔翔,王威. 僵尸网络综述[J]. 计算机研究与发展, 2011, 48(8): 1315-1331.
FANG binxing, CUI Xiang, WANG Wei. Survey of botnets [J]. Journal of Computer Research and Development, 2011, 48(8): 1315-1331.
[11]WANG P, WU L, ASLAM B, et al. A systematic study on peer-to-peer botnets[C]//Proceedings on Computer Communications and Networks. San Francisco, USA, 2009: 1-8.
[12]飞思科技产品研发中心.神经网络理论与MATLAB7实现[M].北京: 电子工业出版社, 2005: 1-108.
相似文献/References:
[1]何世钊,杨宣访,陈晓娟.支持向量机与BP网络在火灾图像探测上的比较[J].智能系统学报,2011,6(4):339.
 HE Shizhao,YANG Xuanfang,CHEN Xiaojuan.Comparisons between a support vector machine and BP neural network for video image fire detection[J].CAAI Transactions on Intelligent Systems,2011,6():339.
[2]王尔申,李兴凯,庞涛.基于BP神经网络的粒子滤波算法[J].智能系统学报,2014,9(6):709.[doi:10.3969/j.issn.1673-4785.201310057]
 WANG Ershen,LI Xingkai,PANG Tao.A particle filtering algorithm based on the BP neural network[J].CAAI Transactions on Intelligent Systems,2014,9():709.[doi:10.3969/j.issn.1673-4785.201310057]
[3]王伟,周新志.ANFIS微波加热过程分段温度预测模型[J].智能系统学报,2016,11(1):61.[doi:10.11992/tis.201501028]
 WANG Wei,ZHOU Xinzhi.Temperature-sectioned prediction model for microwave heating process based on adaptive network-based fuzzy inference system[J].CAAI Transactions on Intelligent Systems,2016,11():61.[doi:10.11992/tis.201501028]
[4]邵秀丽,刘一伟,耿梅洁,等.检测僵尸网络的贝叶斯算法的MapReduce并行化实现[J].智能系统学报,2014,9(1):26.[doi:10.3969/j.issn.1673-4785.201305011]
 SHAO Xiuli,LIU Yiwei,GENG Meijie,et al.The parallel implementation of MapReduce for the Bayesian algorithm to detect botnets[J].CAAI Transactions on Intelligent Systems,2014,9():26.[doi:10.3969/j.issn.1673-4785.201305011]
[5]雷森,史振威,石天阳,等.基于递归神经网络的风暴潮增水预测[J].智能系统学报,2017,12(5):640.[doi:10.11992/tis.201706015]
 LEI Sen,SHI Zhenwei,SHI Tianyang,et al.Prediction of storm surge based on recurrent neural network[J].CAAI Transactions on Intelligent Systems,2017,12():640.[doi:10.11992/tis.201706015]
[6]尤波,李忠杰,黄玲.基于改进型BP神经网络的手部动作识别[J].智能系统学报,2018,13(5):848.[doi:10.11992/tis.201703018]
 YOU Bo,LI Zhongjie,HUANG Ling.Hand-motion recognition based on improved BP neural network[J].CAAI Transactions on Intelligent Systems,2018,13():848.[doi:10.11992/tis.201703018]
[7]赵文清,严海,王晓辉.BP神经网络和支持向量机相结合的电容器介损角辨识[J].智能系统学报,2019,14(1):134.[doi:10.11992/tis.201805034]
 ZHAO Wenqing,YAN Hai,WANG Xiaohui.Capacitor dielectric loss angle identification based on a BP neural network and SVM[J].CAAI Transactions on Intelligent Systems,2019,14():134.[doi:10.11992/tis.201805034]
[8]武加文,李光辉.基于GABP-KF的WSN数据漂移盲校准算法[J].智能系统学报,2019,14(2):254.[doi:10.11992/tis.201712003]
 WU Jiawen,LI Guanghui.GABP-KF-based blind calibration algorithm of data drift in wireless sensor networks[J].CAAI Transactions on Intelligent Systems,2019,14():254.[doi:10.11992/tis.201712003]

备注/Memo

收稿日期:2012-10-26.
网络出版日期:2013-04-09.
基金项目:国家科技支撑计划基金资助项目(2012BAF12B00);天津市重点基金资助项目(11jczdjc28100).
通信作者:邵秀丽.
E-mail:shaoxl@nankai.edu.cn.
作者简介:
蒋鸿玲,女,1986年生,博士研究生,主要研究方向为网络安全与云计算等,发表学术论文7篇.
邵秀丽,女,1963年生,教授,博士生导师,主要研究方向为云计算与软件工程等,发表学术论文80余篇.

更新日期/Last Update: 2013-05-26
Copyright © 《 智能系统学报》 编辑部
地址:(150001)黑龙江省哈尔滨市南岗区南通大街145-1号楼 电话:0451- 82534001、82518134 邮箱:tis@vip.sina.com