【摘要】 作为当今互联网面临的最为严重的安全威胁之一,僵尸网络已从传统的集中式结构演化至更难检测的P2P分布式结构。对P2P僵尸网络实施有效检测是当前网络安全领域的研究热点之一。文中提出一个基于报文大小的P2P僵尸网络检测方法。该方法仅依靠网络报文大小这一统计值即可实现对处于潜伏阶段的P2P僵尸网络的检测,也可对未知类型的P2P僵尸网络实施检测。在大量真实数据集上的实验结果表明,该检测方法可达到较高的准确率,同时仅有较低的误报率。更多还原

【Abstract】 As one of the most serious security threats to Internet nowadays,the botnet has evolved their structure from traditional centralized structure to P2 P distributed structure,which makes them more difficult to be detected. The effective detection of P2 P botnet is one of the research hotspots in the field of network security. A P2 P botnet detection method based on message size is proposed,which can be used to realize the detection of P2 P botnet in the latent stage only by relying on the statistical value of network message size,and detect the unknown type of P2 P botnet. The experiment was carried out with a large number of real datasets. The results show that the detection method can achieve higher accuracy and lower false rate than those of others.更多还原