Botnets’ similarity analysis based on communication features and D-S evidence theory
A potential hidden relationship may exist among different zombie groups.A method to analyze the relationship among botnets was proposed based on the communication activities.The method extracted several communication fea-tures of botnet,including the number of flows per hour,the number of packets pe...
Saved in:
| Main Authors: | , , , , |
|---|---|
| Format: | Article |
| Language: | zho |
| Published: |
Editorial Department of Journal on Communications
2011-01-01
|
| Series: | Tongxin xuebao |
| Subjects: | |
| Online Access: | http://www.joconline.com.cn/zh/article/74419087/ |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| Summary: | A potential hidden relationship may exist among different zombie groups.A method to analyze the relationship among botnets was proposed based on the communication activities.The method extracted several communication fea-tures of botnet,including the number of flows per hour,the number of packets per flow,the number of flows per IP and the packet payloads.It defined similarity statistical functions of the communication features,and built the analysis model of botnets relationship based on the advanced dempster-shafer(D-S) evidence theory to synthetically evaluate the simi-larities between different zombie groups.The experiments were conducted using several botnet traces.The results show that the method is valid and efficient,even in the case of encrypted botnet communication messages.Moreover,the ideal processing results is achieved by applying our method to analyze the data captured from the security monitoring platform of computer network,as well as compare with similar work. |
|---|---|
| ISSN: | 1000-436X |