Method of detecting IRC Botnet based on the multi-features of traffic flow

Method of detecting IRC Botnet based on the multi-features of traffic flow

To resolve the problem of detecting IRC Botnet,a method based on traffic flow characteristics was proposed.The characteristics of Botnet channel traf?cwere analyzed in different periods such as data-clustering,data-similarity,the average length of packet,peak of synchronized traf?c,and peak of colla...

Full description

Saved in:
Bibliographic Details
Main Authors: Jian-en YAN, Chun-yang YUAN, Hai-yan XU, Zhao-xin ZHANG
Format: Article
Language:zho
Published: Editorial Department of Journal on Communications 2013-10-01
Series:Tongxin xuebao
Subjects:
IRC protocol
Botnet
raffic flow
cluster analysis
Online Access:http://www.joconline.com.cn/zh/article/doi/10.3969/j.issn.1000-436x.2013.10.006/
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:To resolve the problem of detecting IRC Botnet,a method based on traffic flow characteristics was proposed.The characteristics of Botnet channel traf?cwere analyzed in different periods such as data-clustering,data-similarity,the average length of packet,peak of synchronized traf?c,and peak of collaborative synchronized traf?c,and these characteristics were used to detect the botnet.In analyzing,improved max-min distance means and k-means cluster analysis algorithm were also presented to promote the efficiency of data clustering.At last,the availability of the method was verified by experiment.
ISSN:1000-436X

Similar Items