一级黄色片免费播放|中国黄色视频播放片|日本三级a|可以直接考播黄片影视免费一级毛片

高級(jí)搜索

留言板

尊敬的讀者、作者、審稿人, 關(guān)于本刊的投稿、審稿、編輯和出版的任何問題, 您可以本頁(yè)添加留言。我們將盡快給您答復(fù)。謝謝您的支持!

姓名
郵箱
手機(jī)號(hào)碼
標(biāo)題
留言內(nèi)容
驗(yàn)證碼

基于流量時(shí)空特征的fast-flux僵尸網(wǎng)絡(luò)檢測(cè)方法

牛偉納 蔣天宇 張小松 謝嬌 張俊哲 趙振扉

牛偉納, 蔣天宇, 張小松, 謝嬌, 張俊哲, 趙振扉. 基于流量時(shí)空特征的fast-flux僵尸網(wǎng)絡(luò)檢測(cè)方法[J]. 電子與信息學(xué)報(bào), 2020, 42(8): 1872-1880. doi: 10.11999/JEIT190724
引用本文: 牛偉納, 蔣天宇, 張小松, 謝嬌, 張俊哲, 趙振扉. 基于流量時(shí)空特征的fast-flux僵尸網(wǎng)絡(luò)檢測(cè)方法[J]. 電子與信息學(xué)報(bào), 2020, 42(8): 1872-1880. doi: 10.11999/JEIT190724
Weina NIU, Tianyu JIANG, Xiaosong ZHANG, Jiao XIE, Junzhe ZHANG, Zhenfei ZHAO. Fast-flux Botnet Detection Method Based on Spatiotemporal Feature of Network Traffic[J]. Journal of Electronics & Information Technology, 2020, 42(8): 1872-1880. doi: 10.11999/JEIT190724
Citation: Weina NIU, Tianyu JIANG, Xiaosong ZHANG, Jiao XIE, Junzhe ZHANG, Zhenfei ZHAO. Fast-flux Botnet Detection Method Based on Spatiotemporal Feature of Network Traffic[J]. Journal of Electronics & Information Technology, 2020, 42(8): 1872-1880. doi: 10.11999/JEIT190724

基于流量時(shí)空特征的fast-flux僵尸網(wǎng)絡(luò)檢測(cè)方法

doi: 10.11999/JEIT190724 cstr: 32379.14.JEIT190724
  • 1.

    電子科技大學(xué)計(jì)算機(jī)科學(xué)與工程學(xué)院/網(wǎng)絡(luò)空間安全研究院 成都 611731

  • 2.

    鵬城實(shí)驗(yàn)室網(wǎng)絡(luò)空間安全研究中心 深圳 518040

  • 3.

    四川大學(xué)網(wǎng)絡(luò)空間安全學(xué)院 成都 610065

基金項(xiàng)目: 國(guó)家重點(diǎn)研發(fā)計(jì)劃(2016QY06X1205, 2018YFB0804050),國(guó)家自然科學(xué)基金(61572115)
詳細(xì)信息
    作者簡(jiǎn)介:

    牛偉納:女,1990年生,博士,講師,研究方向?yàn)榫W(wǎng)絡(luò)安全、軟件安全、AI在網(wǎng)絡(luò)安全安全中的應(yīng)用

    蔣天宇:男,1995年生,碩士生,研究方向?yàn)榫W(wǎng)絡(luò)安全、網(wǎng)絡(luò)攻擊檢測(cè)

    張小松:男,1968年生,博士,教授,研究方向?yàn)榇髷?shù)據(jù)應(yīng)用及安全、人工智能的應(yīng)用與安全、移動(dòng)計(jì)算安全、網(wǎng)絡(luò)攻擊的追蹤溯源

    謝嬌:女,1996年生,碩士生,研究方向?yàn)榫W(wǎng)絡(luò)安全、網(wǎng)絡(luò)攻擊檢測(cè)

    趙振扉:男,1991年生,碩士生,研究方向?yàn)榫W(wǎng)絡(luò)安全、網(wǎng)絡(luò)攻擊檢測(cè)

    通訊作者:

    張小松 johnsonzxs@uestc.edu.cn

  • 中圖分類號(hào): TP309

Fast-flux Botnet Detection Method Based on Spatiotemporal Feature of Network Traffic

  • 1.

    Institute for Cyber Security, School of Computer Science and Engineering, University of Electronic Science and Technology of China, Chengdu 611731, China

  • 2.

    Cyberspace Security Research Center, Peng Cheng Laboratory, Shenzhen 518040, China

  • 3.

    College of Cybersecurity, Sichuan University, Chengdu 610065, China

Funds: The National Key Research and Development Program of China (2016QY06X1205, 2018YFB0804050), The National Natural Science Foundation of China (61572115)
  • 摘要:

    僵尸網(wǎng)絡(luò)已成為網(wǎng)絡(luò)空間安全的主要威脅之一,雖然目前可通過逆向工程等技術(shù)來(lái)對(duì)其進(jìn)行檢測(cè),但是使用了諸如fast-flux等隱蔽技術(shù)的僵尸網(wǎng)絡(luò)可以繞過現(xiàn)有的安全檢測(cè)并繼續(xù)存活。現(xiàn)有的fast-flux僵尸網(wǎng)絡(luò)檢測(cè)方法主要分為主動(dòng)和被動(dòng)兩種,前者會(huì)造成較大的網(wǎng)絡(luò)負(fù)載,后者存在特征值提取繁瑣的問題。因此為了有效檢測(cè)fast-flux僵尸網(wǎng)絡(luò)并解決傳統(tǒng)檢測(cè)方法中存在的問題,該文結(jié)合卷積神經(jīng)網(wǎng)絡(luò)和循環(huán)神經(jīng)網(wǎng)絡(luò),提出了基于流量時(shí)空特征的fast-flux僵尸網(wǎng)絡(luò)檢測(cè)方法。結(jié)合CTU-13和ISOT公開數(shù)據(jù)集的實(shí)驗(yàn)結(jié)果表明,該文所提檢測(cè)方法和其他方法相比,準(zhǔn)確率提升至98.3%,召回率提升至96.7%,精確度提升至97.5%。

    Abstract:

    Botnets have become one of the main threats to cyberspace security. Although they can be detected by techniques such as reverse engineering, botnets using covert technologies such as fast-flux can successfully bypass existing security detection and continue to survive. The existing fast-flux botnet detection methods are mainly divided into active and passive, the former will cause a large network load, and the latter has the problem of cumbersome feature value extraction. In order to effectively detect fast-flux botnets and alleviate the problems in traditional detection methods, a fast-flux botnet detection method based on spatiotemporal features of network traffic is proposed, combined with convolutional neural networks and recurrent neural network models, the fast-flux botnet is detected from both spatial and temporal dimensions. Experiments performed on the CTU-13 and ISOT public data sets show that compared with other methods, the accuracy rate of the proposed method is 98.3%, the recall rate is 96.7%, and the accuracy is 97.5%.

    • HTML全文

  • 圖  1  總體框架設(shè)計(jì)圖

    圖  2  模塊預(yù)處理流程圖

    圖  3  正常流量和fast-flux流量的可視化結(jié)果

    圖  4  Dense block設(shè)計(jì)

    圖  5  DenseNet模型整體結(jié)構(gòu)

    圖  6  BiLSTM模型整體結(jié)構(gòu)

    圖  7  效果準(zhǔn)確率對(duì)比

    圖  8  效果精確率對(duì)比

    圖  9  會(huì)話切割試驗(yàn)效果圖

    圖  10  流切割試驗(yàn)效果圖

    圖  11  圖片大小試驗(yàn)結(jié)果

    圖  12  準(zhǔn)確率對(duì)比圖

    圖  13  召回率對(duì)比圖

    圖  14  精確度對(duì)比圖

    表  1  實(shí)驗(yàn)硬件環(huán)境參數(shù)表

    硬件具體參數(shù)
    服務(wù)器戴爾PowerEdge R730XD
    內(nèi)存4個(gè)金士頓16 GB
    處理器2個(gè)英特爾E5-2630
    硬盤東芝2 TB
    下載: 導(dǎo)出CSV

    表  2  實(shí)驗(yàn)軟件環(huán)境參數(shù)表

    軟件版本
    操作系統(tǒng)Cenos7
    編譯器IntelliJ Idea
    GCC5.2.1
    TensorFlow1.1.1
    下載: 導(dǎo)出CSV

    表  3  數(shù)據(jù)集組成表

    數(shù)據(jù)類型CTU-13ISOT數(shù)據(jù)集自收集
    良性DNS流量513302874
    Fast-FluxDNS流量422940030
    下載: 導(dǎo)出CSV
  • OR K, RAVIV P, and GUY M. Digging deeper-an in-depth analysis of a fast flux network[EB/OL]. https://www.akamai.com/cn/zh/multimedia/documents/white-paper/digging-deeper-in-depth-analysis-of-fast-flux-network.pdf, 2017.
    蔣鴻玲, 邵秀麗, 李耀芳. 基于MapReduce的僵尸網(wǎng)絡(luò)在線檢測(cè)算法[J]. 電子與信息學(xué)報(bào), 2013, 35(7): 1732–1738.

    JIANG Hongling, SHAO Xiuli, and LI Yaofang. Online botnet detection algorithm using MapReduce[J]. Journal of Electronics &Information Technology, 2013, 35(7): 1732–1738.
    ZANG Xiaodong, GONG Jian, MO Shaohuang, et al. Identifying fast-flux botnet with AGD names at the upper DNS hierarchy[J]. IEEE Access, 2018, 6: 69713–69727. doi: 10.1109/ACCESS.2018.2880884
    AL-DUWAIRI B, AL-HAMMOURI A, ALDWAIRI M, et al. GFlux: A google-based system for Fast Flux detection[C]. 2015 IEEE Conference on Communications and Network Security (CNS), Florence, Italy, 2015: 755–756. doi: 10.1109/CNS.2015.7346920.
    ALIEYAN K, ANBAR M, ALMOMANI A, et al. Botnets detecting attack based on DNS features[C]. 2018 International Arab Conference on Information Technology (ACIT), Werdanye, Lebanon, 2018: 1–4. doi: 10.1109/ACIT.2018.8672582.
    ALMOMANI A. Fast-flux hunter: A system for filtering online fast-flux botnet[J]. Neural Computing and Applications, 2018, 29(7): 483–493. doi: 10.1007/s00521-016-2531-1
    Al NAWASRAH A. Fast flux botnet detection based on adaptive dynamic evolving spiking neural network[D]. [Ph.D. dissertation], University of Salford, 2018.
    JIANG Cibin and LI J S. Exploring global IP-usage patterns in fast-flux service networks[J]. Journal of Computers, 2017, 12(4): 371–380.
    WANG Zhi, QIN Meilin, CHEN Mengqi, et al. Hiding fast flux botnet in plain email sight[C]. SecureComm 2017 International Workshops on Security and Privacy in Communication Networks, Niagara Falls, Canada, 2017: 182–197.
    REIMERS A C, BRUGGEMAN F J, OLIVIER B G, et al. Fast flux module detection using matroid theory[J]. Journal of Computational Biology, 2015, 22(5): 414–424. doi: 10.1089/cmb.2014.0141
    ERQUIAGA M J, CATANIA C, and GARCíA S. Detecting DGA malware traffic through behavioral models[C]. 2016 IEEE Biennial Congress of Argentina (ARGENCON), Buenos Aires, Argentina, 2016: 1–6. doi: 10.1109/ARGENCON.2016.7585238.
    TORABI S, BOUKHTOUTA A, ASSI C, et al. Detecting internet abuse by analyzing passive DNS traffic: A survey of implemented systems[J]. IEEE Communications Surveys & Tutorials, 2018, 20(4): 3389–3415. doi: 10.1109/COMST.2018.2849614
    HSU F H, WANG C S, HSU C H, et al. Detect fast-flux domains through response time differences[J]. IEEE Journal on Selected Areas in Communications, 2014, 32(10): 1947–1956. doi: 10.1109/JSAC.2014.2358814
    CELIK Z B and MCDANIEL P. Extending detection with privileged information via generalized distillation[C]. 2018 IEEE Security and Privacy Workshops (SPW), San Francisco, USA, 2018: 83–88. doi: 10.1109/SPW.2018.00021.
    CHEN Wenlin, CHEN Yixin, and WEINBERGER K Q. Fast flux discriminant for large-scale sparse nonlinear classification[C]. The 20th ACM SIGKDD International Conference on Knowledge Discovery and Data Mining, New York, 2014: 621–630.
    田生偉, 周興發(fā), 禹龍, 等. 基于雙向LSTM的維吾爾語(yǔ)事件因果關(guān)系抽取[J]. 電子與信息學(xué)報(bào), 2018, 40(1): 200–208. doi: 10.11999/JEIT170402

    TIAN Shengwei, ZHOU Xingfa, YU Long, et al. Causal relation extraction of Uyghur events based on bidirectional Long Short-term Memory model[J]. Journal of Electronics &Information Technology, 2018, 40(1): 200–208. doi: 10.11999/JEIT170402
    CTU University. MCFP Dataset-Malware Capture facility project[EB/OL]. https://mcfp.weebly.com/mcfp-dataset.html, 2018.
    University of Victoria. ISOT Botnet dataset[EB/OL]. https://www.uvic.ca/engineering/ece/isot/datasets/index.php, 2010.
    LOMBARDO P, SAELI S, BISIO F, et al. Fast flux service network detection via data mining on passive DNS traffic[C]. The 21st International Conference on Information Security, Guildford, UK, 2018: 463–480. doi: 10.1007/978-3-319-99136-8_25.
    CHAHAL P S and KHURANA S S. TempR: Application of stricture dependent intelligent classifier for fast flux domain detection[J]. International Journal of Computer Network and Information Security, 2016, 8(10): 37–44. doi: 10.5815/ijcnis.2016.10.05
  • 加載中
圖(14) / 表(3)
計(jì)量
  • 文章訪問數(shù):  3035
  • HTML全文瀏覽量:  1937
  • PDF下載量:  147
  • 被引次數(shù): 0
出版歷程
  • 收稿日期:  2019-09-19
  • 修回日期:  2020-04-18
  • 網(wǎng)絡(luò)出版日期:  2020-05-12
  • 刊出日期:  2020-08-18

目錄

    /

    返回文章
    返回