Method of botnet network nodes detection base on communication similarity
At present,the botnet detection method mostly relies on the analysis of the network communication activity or the communication content.The former carries on the statistical analysis to the characteristic of the data flow,does not involve the content in the data flow,has the strong superiority in th...
Saved in:
| Main Authors: | , , |
|---|---|
| Format: | Article |
| Language: | English |
| Published: |
POSTS&TELECOM PRESS Co., LTD
2018-10-01
|
| Series: | 网络与信息安全学报 |
| Subjects: | |
| Online Access: | http://www.cjnis.com.cn/thesisDetails#10.11959/j.issn.2096-109x.2018078 |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| _version_ | 1841530132372652032 |
|---|---|
| author | Yuquan JIN Bin XIE Yi ZHU |
| author_facet | Yuquan JIN Bin XIE Yi ZHU |
| author_sort | Yuquan JIN |
| collection | DOAJ |
| description | At present,the botnet detection method mostly relies on the analysis of the network communication activity or the communication content.The former carries on the statistical analysis to the characteristic of the data flow,does not involve the content in the data flow,has the strong superiority in the detection encryption type aspect,but the accuracy is low.The latter relies on the prior knowledge to examine,has the strong accuracy,but the generality of detection is low.The communication similarity was defined according to Jaccard similarity coefficient,and a method of calculating communication similarity based on user request DNS (domain name system) was proposed,which was used for botnet node detection based on network traffic.Finally,based on the spark framework,the experimental results show that the proposed method can be used in the detection of botnet nodes effectively. |
| format | Article |
| id | doaj-art-63dffcbb406b4d238e4cbca6d38eddc2 |
| institution | Kabale University |
| issn | 2096-109X |
| language | English |
| publishDate | 2018-10-01 |
| publisher | POSTS&TELECOM PRESS Co., LTD |
| record_format | Article |
| series | 网络与信息安全学报 |
| spelling | doaj-art-63dffcbb406b4d238e4cbca6d38eddc22025-01-15T03:13:05ZengPOSTS&TELECOM PRESS Co., LTD网络与信息安全学报2096-109X2018-10-014313859554397Method of botnet network nodes detection base on communication similarityYuquan JINBin XIEYi ZHUAt present,the botnet detection method mostly relies on the analysis of the network communication activity or the communication content.The former carries on the statistical analysis to the characteristic of the data flow,does not involve the content in the data flow,has the strong superiority in the detection encryption type aspect,but the accuracy is low.The latter relies on the prior knowledge to examine,has the strong accuracy,but the generality of detection is low.The communication similarity was defined according to Jaccard similarity coefficient,and a method of calculating communication similarity based on user request DNS (domain name system) was proposed,which was used for botnet node detection based on network traffic.Finally,based on the spark framework,the experimental results show that the proposed method can be used in the detection of botnet nodes effectively.http://www.cjnis.com.cn/thesisDetails#10.11959/j.issn.2096-109x.2018078botnetsimilarity detectionDNS flow detectionnetwork security |
| spellingShingle | Yuquan JIN Bin XIE Yi ZHU Method of botnet network nodes detection base on communication similarity 网络与信息安全学报 botnet similarity detection DNS flow detection network security |
| title | Method of botnet network nodes detection base on communication similarity |
| title_full | Method of botnet network nodes detection base on communication similarity |
| title_fullStr | Method of botnet network nodes detection base on communication similarity |
| title_full_unstemmed | Method of botnet network nodes detection base on communication similarity |
| title_short | Method of botnet network nodes detection base on communication similarity |
| title_sort | method of botnet network nodes detection base on communication similarity |
| topic | botnet similarity detection DNS flow detection network security |
| url | http://www.cjnis.com.cn/thesisDetails#10.11959/j.issn.2096-109x.2018078 |
| work_keys_str_mv | AT yuquanjin methodofbotnetnetworknodesdetectionbaseoncommunicationsimilarity AT binxie methodofbotnetnetworknodesdetectionbaseoncommunicationsimilarity AT yizhu methodofbotnetnetworknodesdetectionbaseoncommunicationsimilarity |