| IRC僵尸网络控制端识别系统的设计与实现 | |
| 金双民 ; 段海新 ; 郑辉 ; Jin Shuangmin ; Duan Haixin ; Zheng Hui | |
| 2010-07-15 ; 2010-07-15 | |
| 会议名称 | 全国网络与信息安全技术研讨会论文集(上册) ; Proceedings of China Network & Information Security Technology Conference(Ⅰ) ; 全国网络与信息安全技术研讨会 ; China Network & Information Security Technology Conference ; 中国山东青岛 ; CNKI ; 信息产业部互联网应急处理协调办公室 |
| 关键词 | 僵尸网络 控制端 识别 CERNET botnet control server recognition CERNET TP393.08 |
| 其他题名 | The Design and Implementation of IRC Botnet Server Recognition System |
| 中文摘要 | 僵尸网络是一种恶意攻击平台,在僵尸网络上发起的恶意攻击行为,往往会带来巨大的危害, 发现和阻断僵尸网络已经成为网络安全工作者所面临的问题。本文将模式识别的方法应用到对僵尸网络控制端的识别,通过训练样本僵尸网络的各种特征属性,形成判决决策树,从而对 CERNET 中可能存在的僵尸网络控制端进行检测。本文分析了使用该识别系统检测出的 CERNET 中僵尸网络的特征,给出了僵尸网络控制端地理位置分布和当前教育网内的受害主机情况以及发展变化的规律,为进一步对僵尸网络的研究和跟踪提供了有效依据。; Attacks that started by botnet, which is a kind of malicious attack platform, can often lead to great damage to the internet, thus, the detection and containment of botnets have became an important issue.In this paper, pattern recognition method is applied to the identification of botnet control server and the detection of botnet control server is carried out based on a judgment decision tree which is formed by the training with characters that collected from some sample botnets.Finally, analysis of the botner which are detected by the recognition system in CERNET is performed and geographical distribution is present, and also status of the victims in CERNET and its evolving trends are given, which contributes a lot to the further research and tracking of bornet. |
| 语种 | 中文 ; 中文 |
| 内容类型 | 会议论文 |
| 源URL | [http://hdl.handle.net/123456789/68255]  |
| 专题 | 清华大学 |
| 推荐引用方式 GB/T 7714 | 金双民,段海新,郑辉,等. IRC僵尸网络控制端识别系统的设计与实现[C]. 见:全国网络与信息安全技术研讨会论文集(上册), Proceedings of China Network & Information Security Technology Conference(Ⅰ), 全国网络与信息安全技术研讨会, China Network & Information Security Technology Conference, 中国山东青岛, CNKI, 信息产业部互联网应急处理协调办公室. |
| 个性服务 |
| 查看访问统计 |
| 相关权益政策 |
| 暂无数据 |
| 收藏/分享 |
除非特别说明,本系统中所有内容都受版权保护,并保留所有权利。
修改评论