[1]邵秀丽,刘一伟,耿梅洁,等.检测僵尸网络的贝叶斯算法的MapReduce并行化实现[J].智能系统学报,2014,9(1):26-33.[doi:10.3969/j.issn.1673-4785.201305011]
 SHAO Xiuli,LIU Yiwei,GENG Meijie,et al.The parallel implementation of MapReduce for the Bayesian algorithm to detect botnets[J].CAAI Transactions on Intelligent Systems,2014,9(1):26-33.[doi:10.3969/j.issn.1673-4785.201305011]
点击复制

检测僵尸网络的贝叶斯算法的MapReduce并行化实现

《智能系统学报》[ISSN 1673-4785/CN 23-1538/TP] 卷: 9 期数: 2014年第1期 页码: 26-33 栏目: 学术论文—智能系统 出版日期: 2014-02-25
Title:
The parallel implementation of MapReduce for the Bayesian algorithm to detect botnets
作者:
邵秀丽1, 刘一伟2, 耿梅洁1, 韩健斌3
1. 南开大学 计算机与控制工程学院, 天津 300071;
2. 北京大学 数学科学学院, 北京 100871;
3. 武警指挥学院 军事教育训练系, 天津 300250
Author(s):
SHAO Xiuli1, LIU Yiwei2, GENG Meijie1, HAN Jianbin3
1. College of Computer and Control Engineering, Nankai University, Tianjin 300071, China;
2. School of Mathematical Sciences, Peking University, Beijing 100871, China;
3. Department of Education and Training, Armed Police Command College, Tianjin 300250, China
关键词:
僵尸网络检测僵尸网络贝叶斯算法HadoopMapReduce流量
Keywords:
botnetsbotnet detectionBayesian algorithmHadoopMapReduceflow
分类号:
TP311
DOI:
10.3969/j.issn.1673-4785.201305011
摘要:
僵尸网络严重威胁互联网的安全, 目前主流的僵尸网络检测方法准确性较低, 针对此问题, 考虑贝叶斯算法具有较高的准确性, 提出了基于Hadoop平台的MapReduce机制的贝叶斯算法。该方法以主机对作为分析对象, 提取2个主机对通信的流量特征, 将这些特征作为贝叶斯分类算法的输入, 通过并行化计算贝叶斯算法训练阶段的先验概率和条件概率形成贝叶斯分类器, 使其学会辨认僵尸网络的流量。在检测阶段利用训练阶段形成的贝叶斯分类器和并行化计算后验概率, 实现检测僵尸网络。通过实验表明, 该方法检测僵尸网络是有效的, 检测正确率在90%以上, 并且该方法较单机检测僵尸网络的贝叶斯算法效率有了较大的提高。
Abstract:
The botnet network poses a serious threat to the Internet security, and the accuracy of the botnet detection method is low, while the Bayesian algorithm has high accuracy. This paper puts forward a Bayesian algorithm with the mechanism of MapReduce based on the Hadoop platform to achieve botnet detection. Taking the host-pairs as analysis objects, this method extracts the traffic features of communications between two hosts, takes these features as input and trains the Bayesian classifier through parallel calculations of the prior probability and condition probability on the stage of the Bayesian algorithm training to learn to recognize botnet traffic. By using the Bayesian classifier trained on the stage of the Bayesian algorithm training and parallel calculations of the posterior probability on the stage of detecting, the detection of botnets can be achieved. Experiments show that the method for detecting botnets is effective and the correct detection rate is more than 90%. The efficiency of this method is greatly improved as compared with detecting the single Bayesian algorithm of the botnets.
参考文献/References:
[1] JIANG Hongli, SHAO Xiuli. Detecting P2P botnets by discovering flow dependency in C&C traffic[J]. Peer-to-Peer Networking and Applications, 2012, 5(2): 1-12.
[2] 王威,方滨兴,崔翔.基于终端行为特征的IRC僵尸网络检测[J].计算机学报, 2009, 32(10): 1980-1988.WANG Wei, FANG Binxing, CUI Xiang. IRC botnet detection based on host behavior[J]. Chinese Journal of Computers, 2009, 32(10): 1980-1988.
[3] 蒋鸿玲,邵秀丽.基于神经网络的僵尸网络检测方法[J].智能系统学报, 2013, 8(2): 113-118.JIANG Honglin, SHAO Xiuli. Botnet detection algorithm based on neural network[J]. CAAI Transactions on Intelligent Systems, 2013, 8(2): 113-118.
[4] DEAN J, GHEMAWAT S. MapReduce: simplified data processing on large cluster[J]. Communications of the ACM, 2005, 51(1): 107-113.
[5] 陶永才,薛正元,石磊.基于MapReduce的贝叶斯垃圾邮件过滤机制[J].计算机应用, 2011, 31(9): 2412-2416.TAO Yongcai, XUE Zhengyuan, SHI Lei. MapReduce-based Bayesian anti-spam filtering mechanism[J]. Journal of Computer Applications, 2011, 31(9): 2412-2416.
[6] 杜跃进,崔翔.僵尸网络及其启发[J].中国数据通信, 2005, 7(5): 9-13.DU Yuejin, CUI Xiang. Botnets and its enlightment[J]. China Data Communication, 2005, 7(5): 9-13.
[7] VALIANT L G. A bridging model for parallel computation[J]. Communications of the ACM, 1990, 33(8): 103-111.
[8] 李晓桢,程佳,胡军.基于聚类分析的僵尸网络识别系统[J].计算机系统应用, 2009(8): 130-135.LI Xiaozhen, CHENG Jia, HU Jun. Botnet recognition system based on the clustering technology[J]. Computer System and Application, 2009(8): 130-135.
[9] STONEBRAKER M, ABADI D J, DEWITT D J, et al. MapReduce and parallel DBMSs: friends or foes?[J]. Communication of the ACM, 2010, 53(1): 64-71.
[10] 张鹏,唐世渭.朴素贝叶斯分类中的隐私保护方法研究[J].计算机学报, 2007, 30(8): 1267-1276.ZHANG Peng, TANG Shiwei. Privacy preserving naive Bayesian classification[J]. Chinese Journal of Computers, 2007, 30(8): 1267-1276.
相似文献/References:
[1]蒋鸿玲,邵秀丽.基于神经网络的僵尸网络检测[J].智能系统学报,2013,8(2):113.[doi:10.3969/j.issn.1673-4785.201210055]
 JIANG Hongling,SHAO Xiuli.Botnet detection algorithm based on neural network[J].CAAI Transactions on Intelligent Systems,2013,8():113.[doi:10.3969/j.issn.1673-4785.201210055]

备注/Memo

收稿日期:2013-05-06。
基金项目:天津市科技支撑计划资助项目(13ZCZDZGX02500,12ZCZDZGX49600,12ZCZDZGX46700).
作者简介:刘一伟,女,1992年生,本科生,主要研究方向为应用数学,发表学术论文4篇;耿梅洁,女,1988年生,硕士研究生,主要研究方向为云计算。
通讯作者:邵秀丽,女,1963年生,教授,博士生导师,主要研究方向为云计算与软件工程等。参与或主持国家自然科学基金项目,国家"863"计划项目,天津市青年基金、自然科学基金、重点研究项目、CIMS重点工程项目等多项科研项目。获得省部级科技进步奖、国家档案局二等奖等8项,发表学术论文80余篇.E-mail:shaoxl@nankai.edu.cn.

更新日期/Last Update: 1900-01-01
Copyright © 《 智能系统学报》 编辑部
地址:(150001)黑龙江省哈尔滨市南岗区南通大街145-1号楼 电话:0451- 82534001、82518134 邮箱:tis@vip.sina.com