基于通信相似度的僵尸网络节点检测方法

doi:10.11959/j.issn.2096-109x.2018078

Abstract

Abstract:

At present,the botnet detection method mostly relies on the analysis of the network communication activity or the communication content.The former carries on the statistical analysis to the characteristic of the data flow,does not involve the content in the data flow,has the strong superiority in the detection encryption type aspect,but the accuracy is low.The latter relies on the prior knowledge to examine,has the strong accuracy,but the generality of detection is low.The communication similarity was defined according to Jaccard similarity coefficient,and a method of calculating communication similarity based on user request DNS (domain name system) was proposed,which was used for botnet node detection based on network traffic.Finally,based on the spark framework,the experimental results show that the proposed method can be used in the detection of botnet nodes effectively.

Key words: botnet, similarity detection, DNS flow detection, network security

CLC Number:

TP393

Yuquan JIN, Bin XIE, Yi ZHU. Method of botnet network nodes detection base on communication similarity[J]. Chinese Journal of Network and Information Security, 2018, 4(10): 31-38.

Figures/Tables 10

References 13

[1]	FALLIERE N , CHIEN E . Zeus:king of the bots,2009[EB/OL]. . 2014: 07-30.
[2]	方滨兴, 崔翔, 王威 . 僵尸网络综述[J]. 计算机研究与发展, 2011,48(8): 1315-1331.
	FANG B X , CUI X , WANG W . Survey of botnets[J]. Journal of Computer Research and Development, 2011,48(8): 1315-1331.
[3]	诸葛建伟, 韩心慧, 周勇林 ,等. 僵尸网络研究[J]. 软件学报, 2008,19(3): 702-715.
	ZHUGE J W , HAN X H , ZHOU Y L ,et al. Research and Development of Botnets[J]. Journal of Software, 2008,19(3): 702-715
[4]	HOQUE N , BHATTACHaryya D K , KALITA J K . Botnet in DDoS attacks:trends and challenges[J]. IEEE Communications Surveys ＆Tutorials, 2015,17(4): 2242-2270.
[5]	IRC Eggdrop:open source bot[EB/OL]. , 1993.
[6]	李可 . 基于行为分析的僵尸网络对抗技术研究[D]. 北京邮电大学, 2017.
	LI K . Research on botnet countermeasure technology based on behavior analusis[D]. Beijing University of Posts and Telecommunications, 2017.
[7]	ZEIDANLOO H R , MANAF A B A . Botnet detection by monitoring similar communication patterns[J]. International Journal of Computer Science ＆ Information Security, 2010,7(3): 88-96.
[8]	GU G , ZHANG J , LEE W . BotSniffer:detecting botnet command and control channels in network traffic[J]. Computer Science and Engineering, 2008.
[9]	邓国强 . Spamming botnet网络行为分析及检测算法设计与实现[D]. 华中科技大学, 2013.
	DENG G Q . Network behavior analysis of the spamming botnet and the design and implementation of spamming botnet detection algorithms[D]. Huazhong University of Science and Technology, 2013.
[10]	NARANG P , RAY S , HOTA C ,et al. PeerShark:detecting peer-to-peer botnets by tracking conversations[J]. Medical ＆ Biological Engineering ＆ Computing, 2014,51(10): 1105-1119.
[11]	张维维, 龚俭, 刘尚东 ,等. 面向主干网的DNS流量监测[J]. 软件学报, 2017,28(9): 2370-2387.
	ZHANG W W , GONG J , LIU S D ,et al. DNS surveillance on backbone[J]. Journal of Software, 2017,28(9): 2370-2387
[12]	嵇威华, 吕国芳 . 基于广义 Jaccard 系数处理冲突证据方法[J]. 控制工程, 2015(1): 98-101.
	JI W H , LV G F . Conflicting evidence combination method based on generalized Jaccard coefficient[J]. Control Engineering of China, 2015(1): 98-101
[13]	王煜骢, 陈兴蜀, 罗永刚 ,等. NTCI-Flow:一种可扩展的高速网络流量处理框架[J]. 四川大学学报(工程科学版), 2017(s1): 168-174.
	WANGY C , CHEN X S , LUOY G ,et al. NTCI-Flow:a scalable high-speed network traffic processing framework[J]. Journal Sichuan University (Adanced Engineering Sciences), 2017(1): 168-174.

Metrics

Recommended 0

No Suggested Reading articles found!

DNS流量	数据规模
总DNS回执信息数	220 308 358
总DNS数据存储量	约15 GB
请求IP数	94 965

运行的项目	规模
driver个数	1
driver内存	4 GB
driver内核数	3
executor个数	6
单个executor内存	13 GB
单个executor内核数	3

[1]	Heli WANG, Qiao YAN. Selfish mining detection scheme based on the characters of transactions [J]. Chinese Journal of Network and Information Security, 2023, 9(2): 104-114.
[2]	Qiang LIU, Pengfei LI, Zhangjie FU. Secure controlling method for scalable botnets [J]. Chinese Journal of Network and Information Security, 2023, 9(1): 42-55.
[3]	Dong LI, Yanni HAO, Shenghui PENG, Ruijie ZI, Ximeng LIU. Network security of the National Natural Science Foundation of China: today and prospects [J]. Chinese Journal of Network and Information Security, 2022, 8(6): 92-101.
[4]	Fukang XING, Zheng ZHANG, Ran SUI, Sheng QU, Xinsheng JI. Qualitative modeling and analysis of attack surface for process multi-variant execution software system [J]. Chinese Journal of Network and Information Security, 2022, 8(5): 121-128.
[5]	Zenan WANG, Jiahao LI, Chaohong TAN, Dechang PI. Design and analysis of intelligent service chain system for network security resource pool [J]. Chinese Journal of Network and Information Security, 2022, 8(4): 175-181.
[6]	Xinya WANG, Guang HUA, Hao JIANG, Haijian ZHANG. Survey on intellectual property protection for deep learning model [J]. Chinese Journal of Network and Information Security, 2022, 8(2): 1-14.
[7]	Yang WANG, Guangming TANG, Shuo WANG, Jiang CHU. Defense mechanism of SDN application layer against DDoS attack based on API call management [J]. Chinese Journal of Network and Information Security, 2022, 8(2): 73-87.
[8]	Hao ZHAO, Hui SHU, Fei KANG, Ying XING. High resistance botnet based on smart contract [J]. Chinese Journal of Network and Information Security, 2021, 7(4): 30-41.
[9]	Tao WANG, Hongchang CHEN. Multi-objective optimization placement strategy for SDN security controller considering Byzantine attributes [J]. Chinese Journal of Network and Information Security, 2021, 7(3): 72-84.
[10]	Chenglei ZHANG, Yulong FU, Hui LI, Jin CAO. Research on security scenarios and security models for 6G networking [J]. Chinese Journal of Network and Information Security, 2021, 7(1): 28-45.
[11]	QIN Yuhai,LIU Luyuan,GAO Haohang,LIU Shengqiao,DONG Han. Innovative professional skills competition to create a police practice talents [J]. Chinese Journal of Network and Information Security, 2019, 5(3): 75-80.
[12]	Hao HU, Yuling LIU, Yuchen ZHANG, Hongqi ZHANG. Survey of attack graph based network security metric [J]. Chinese Journal of Network and Information Security, 2018, 4(9): 1-16.
[13]	Juntai HU,Zhenyu WU,Xiao FU,Yichao WANG. Game model based security strategy of heterogeneous controllers in the cloud [J]. Chinese Journal of Network and Information Security, 2018, 4(9): 52-59.
[14]	Binghao YAN,Guodong HAN. Combinatorial intrusion detection model based on deep recurrent neural network and improved SMOTE algorithm [J]. Chinese Journal of Network and Information Security, 2018, 4(7): 48-59.
[15]	Wenyan LIU,Shumin HUO,Qing TONG,Miao ZHANG,Chao QI. Research on models of network security evaluation and analysis [J]. Chinese Journal of Network and Information Security, 2018, 4(4): 1-11.

Method of botnet network nodes detection base on communication similarity

RichHTML

PDF下载

Knowledge

Abstract

Cite this article

share this article

Figures/Tables 10

References 13

Related Articles 15

Metrics

Recommended 0