期刊文献+
任意字段
题名或关键词
题名
关键词
文摘
作者
第一作者
机构
刊名
分类号
参考文献
作者简介
基金资助
栏目信息

基于组行为特征的恶意域名检测 被引量:10

Malware Domains Detection by Monitoring Group Activities
在线阅读 下载PDF
导出
摘要 目前,僵尸网络广泛采用域名变换技术,以避免域名黑名单的封堵,为此提出一种基于组行为特征的恶意域名检测方法。该方法对每个检测周期内网络中主机请求的新域名集合、失效域名集合进行聚类分析,并将请求同一组新域名的主机集合作为检测对象,通过分析集合内主机在请求失效域名、新域名行为上是否具有组特性,提取出网络中的感染主机集合、C&C服务器使用的IP地址集合。对一ISP域名服务器监测的结果表明,该方法可准确提取出感染主机、C&C服务器IP地址。 At present,many botnets adopt Domain Flux techniques to avoid the block of domain blacklists. A new tech- nique was proposed to detect malicious domain by analyzing group-behavior o{ compromised hosts on DNS queries. The method clusters new domains and Non-Existent domains queried by hosts in each epoch, groups these hosts by new do- main names, and identifies that if the hosts within the same set have group activities when querying Non-Existent do- mains, to detect compromised hosts and IP addresses of Cb-C servers. The monitoring results for an ISP DNS show that compromised hosts and IP addresses of C&C servers are detected accurately.
作者 张永斌 陆寅 张艳宁
机构地区 西北工业大学计算机学院
出处 《计算机科学》 CSCD 北大核心 2013年第8期146-148,185,共4页 Computer Science
基金 国家自然科学基金(60903126 60872145)资助
关键词 网络安全 僵尸网络 域名生成算法 域名变换 Network security Botnet Domain name generation algorithms(DGA) Domain flux
分类号 TP393 [自动化与计算机技术—计算机应用技术]
作者简介 张永斌(1976-),男,博士,主要研究方向为信息安全,E-mail:zhangybmail@163.com。
  • 相关文献

参考文献13

  • 1Leder W. Know Your Enemy: Containing Conficker [R]. The Honeynet Project Research Alliance, University of Bonn, Germany, 2009.
  • 2Royal P. On the kraken and bobax bomets[R/OL], http://www.damballa, com/downloads/r_pubs/Kraken Respons pdf, 2009.
  • 3Stone-Gross ],Cova M,Vigna G. Your Botnet is My Botnet:A- nalysis of A Botnet Takeover [C]//ACM Conference on Com- puter and Communications Security(CCS). 2009:635-647.
  • 4Yadav S, Reddy A, Ranjan S. Detecting Algorithmically Genera- ted Malicious Domain Names [A]//10th Annual ACM Confer- ence on Internet Measurement[C]. New York,USA, 2010:48-61.
  • 5Stalmans E, Irwin B. A Framework for DNS Based Detection and Mitigation of Malware Infections on a Network [A]//lnfor- mation Security South Africa(ISSA)[C]. 2011:76-83.
  • 6Jiang N, Zhang Z. Identifying Suspicious Activities through DNS Failure Graph Analysis [A]//Network Protocols (ICNP), the 18th IEEE International Conference [C]. 2010:144-153.
  • 7Yadav S, Reddy A N. Winning with DNS Failures: Strategies for Faster Botnet Detection [A]// 7th International ICST Confe- rence on Security and Privacy in Communication Networks [C]. 2011:133-145.
  • 8Hao S, Feamster N, Pandrangi. An Internet Wide View into DNS Lookup Patterns[R/OL] http://labs, verisignine, corn/ projects/malicious-domain-names, html, 2010.
  • 9Antonakakis M,Perdisci R, Dagon D, et al. Building A Dynamic Reputation System for DNS[A]//the Proceedings of 19th USENIX Security Symposium ( USENIX Security ' 10 ) [ C]. 2010 : 273-289.
  • 10Antonakakis M, Lee R, Dagon D. Detecting Malware Domains at the Upper DNS Hierarchy [A]//the Proceedings of 20th USE- NIX Security Symposium(USENIX Security 11)[C]. 2011:23- 46.

二级参考文献28

  • 1Barabasi A L, Albert R. Emergence of Scaling in Random Net- works[J]. Science Magazine, 1999,286(5439) :509-512.
  • 2Watts D J, Strogatzx S H. Collective Dynamics of"Small-World" Networks[J]. Nature, 1998,393 (6684) : 440-442.
  • 3Liu Li-juan. Research on Dyamic Etworking of Scale-Free Net- work[R]. TP393. Harbin Institute of Technology,2007.
  • 4张伟.僵尸网络综述[J].软件导刊,2008,7(9):188-189.
  • 5http://www, isc. org. cn/20020417/ca290326, htm.
  • 6Symantec Inc. Symantec Internet security threat report: Trends for July 06 - December06. VolumeXL 2007 [OL]. http://eval. symantee, com/mktginfo/enterprise/white_ papers/ent-whitepa- per_symantec_internet_security_threat_report x 09 2006. en- us. pdf.
  • 7Streftaris G,Gibson G J. Statistical Inference for Stochastic Epi- demic Models[C]//Proe. of the 17th 1WSM. Chania: [s. n. ], 2002 : 609-616.
  • 8Frauenthal J C. Mathematical Modeling in Epidemiology[M]. New York: Springer-Verlag, 1980.
  • 9Zou C C, Gong W, Towsley D. Worm propagation modeling and analysis under dynamic quarantine defense[C]// Proceedings of the ACM CCS Workshop on Rapid Malcode. 2003:51-6.
  • 10Dagon D, Zou C C, Lee W. Modeling botnet propagation using time zones[C]//Proc, of the 13th Annual Network and Distri- buted System Security Syrnp(NDSS 2006). 2006.

共引文献13

同被引文献41

引证文献10

二级引证文献27

计算机科学
2013年 第8期

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
关于我们 | 版权声明 | 联系我们 | 帮助中心| 意见反馈
主办单位:上海市教育委员会
技术支持:重庆维普资讯有限公司
渝公网安备 50019002500403号
使用帮助 返回顶部