深度学习在僵尸云检测中的应用研究

寇广; 汤光明; 王硕; 宋海涛; 边媛

doi:10.11959/j.issn.1000-436x.2016228

您当前的位置：

首页 >

文章列表页 >

深度学习在僵尸云检测中的应用研究

学术论文 | 更新时间：2024-06-05

- 深度学习在僵尸云检测中的应用研究
- Using deep learning for detecting BotCloud
- 通信学报 2016年37卷第11期页码：114-128
- 作者机构：
  
  1. 解放军信息工程大学，河南郑州 450001
  2. 信息保障技术重点实验室，北京 100072
- 作者简介：
  
  [ "寇广（1983-），男，河南许昌人，解放军信息工程大学博士生、讲师，主要研究方向为网络安全态势感知、云安全等。" ]
  [ "汤光明（1963-），女，湖南常德人，解放军信息工程大学教授、博士生导师，主要研究方向为信息安全、数据挖掘和体系对抗。" ]
  [ "王硕（1991-），男，河南南阳人，解放军信息工程大学硕士生，主要研究方向为网络安全。" ]
  [ "宋海涛（1990-），男，山东烟台人，解放军信息工程大学博士生，主要研究方向为网络安全。" ]
  [ "边媛（1992-），女，陕西渭南人，解放军信息工程大学硕士生，主要研究方向为网络安全、信息隐藏等。" ]
- 基金信息：
  
  国家自然科学基金资助项目(61303074);信息保障技术重点实验室开放基金资助项目(KJ-14-106)
- DOI：10.11959/j.issn.1000-436x.2016228
  中图分类号： TP309.5
- 网络出版日期：2016-11，
  
  纸质出版日期：2016-11-25
- 稿件说明：
移动端阅览
寇广, 汤光明, 王硕, 等. 深度学习在僵尸云检测中的应用研究[J]. 通信学报, 2016,37(11):114-128.

Guang KOU, Guang-ming TANG, Shuo WANG, et al. Using deep learning for detecting BotCloud[J]. Journal on communications, 2016, 37(11): 114-128.
寇广, 汤光明, 王硕, 等. 深度学习在僵尸云检测中的应用研究[J]. 通信学报, 2016,37(11):114-128. DOI： 10.11959/j.issn.1000-436x.2016228.

Guang KOU, Guang-ming TANG, Shuo WANG, et al. Using deep learning for detecting BotCloud[J]. Journal on communications, 2016, 37(11): 114-128. DOI： 10.11959/j.issn.1000-436x.2016228.

摘要

僵尸云和正常云服务2种环境下的基本网络流特征差异不明显，导致传统的基于网络流特征分析法在检测僵尸云问题上失效。为此，研究利用深度学习技术解决僵尸云检测问题。首先，从网络流中提取基本特征；然后将其映射为灰度图像；最后利用卷积神经网络算法进行特征学习，提取出更加抽象的特征，用以表达网络流数据中隐藏的模式及结构关系，进而用于检测僵尸云。实验结果表明，该方法不仅能够提高检测的准确度，而且能减少检测所用时间。

Abstract

The differences of the basic network flow characteristics between BotCloud and normal cloud services were not obvious

and this led to the inefficiency of the method in BotCloud detection based on network flow characteristics analysis. To solve this problem

a CNN(convolution neural network)-based method for detecting the BotCloud was pro-posed. First

it extracted the basic network flow characteristics from network flow data packets. Second

it mapped the basic network flow characteristics into gray image. Finally

in order to detect BotCloud

it utilized CNN algorithm to learn and extract characteristics that were more abstract to express the hidden model and structural relationship in the network data flow. The experimental results show that the proposed method can not only enhance the accuracy of detec-tion

but also greatly reduce the time required for detecting.

关键词

Keywords

references

江健，诸葛建伟，段海新，等．僵尸网络机理与防御技术 [J ] . 软件学报 , 2012 , 23 ( 1 ): 82 - 96 .

JIANG J , ZHUGE J W , DUAN H X , et al . Research on botnet mecha-nisms and defenses [J ] . Journal of Software , 2012 , 23 ( 1 ): 82 - 96 .

ARTAIL H , MASTRI Z A , SRAJ M , et al . A dynamic honeypot design for intrusion detection [C ] // IEEE/ACS International Conference on Pervasive Services . 2004 . 95 - 104 .

诸葛建伟，韩心慧，周勇林，等． HoneyBow：一个基于高交互式蜜罐技术的恶意代码自动捕获器 [J ] . 通信学报 , 2007 , 28 ( 12 ): 8 - 13 .

ZHUGE J W , HANG X H , ZHOU Y L , et al . HoneyBow: an auto-mated malware collection tool based on the high-interaction honeypot principle [J ] . Journal on Communications , 2007 , 28 ( 12 ): 8 - 13 .

ALHAMMADI Y , AICKELIN U . Detecting botnets through log cor-relation [C ] // The Workshop on Monitoring, Attack Detection and Mi-tigation . 2010 .

STINSON E , MITCHELL J C . Characterizing bots' remote control behavior [C ] // The 4th international conference on Detection of Intru-sions and Malware, and Vulnerability Assessment . 2007 : 89 - 108 .

LIU L , CHEN S , YAN G , et al . Bottracer: Execution-based bot-like malware detection [C ] // The 11th International Conference on Informa-tion Security . 2008 : 97 - 113 .

KOLBITSCH C , COMPARETTI P M , KRUEGEL C , et al . Effective and efficient malware detection at the end host [C ] // The 18th Confer-ence on USENIX Security Symposium . 2009 : 351 - 366 .

ROESCH M . Snort: lightweight intrusion detection for networks [C ] // The 13th USENIX Conference on System Administration . 1999 : 229 - 238 .

GOEBEL J , HOLZ T . Rishi: identify bot contaminated hosts by IRC nickname evaluation [C ] // The first conference on First Workshop on Hot Topics in Understanding Botnets . 2007 .

LIVADS C , WALSH R , LAPSLEY D , et al . Using machine learning techniques to identify botnet traffic [C ] // 31th IEEE Conference on Lo-cal Computer Networks . 2006 : 967 - 974 .

STRAYER W T , LAPSELY D , WALSH R , et al . Botnet detection based on network behavior [C ] // 2006 ARO Workshop on Botnets . 2007 : 1 - 24 .

ZENG Y , HU X , SHIN K . Detection of botnets using combined host and network-level information [C ] // International Conference on De-pendable Systems and Networks (DSN) . 2010 : 291 - 300 .

WANG H , HOU J , GONG Z . Botnet detection architecture based on heterogeneous multi-sensor information fusion [J ] . Journal of Networks , 2011 , 6 ( 12 ): 1655 - 1661 .

GU G , ZHANG J , LEE W . BotSniffer: detecting botnet command and control channels in network traffic [C ] // The 15th Annual Network and Distributed System Security Symposium . 2008 : 269 - 286 .

BEIGI E B , JAZ H H STAKHANOVA N , et al . Towards effective feature selection in machine learning-based botnet detection ap-proaches [C ] // International Conference on Communications and Net-work Security . 2014 : 247 - 255 .

ZHAO D , TRAORE I , SAYED B , et al . Botnet detection based on traffic behavior analysis and flow intervals [J ] . Computers ＆ Security , 2013 , 4 ( 7 ): 2 - 16 .

闫健恩，袁春阳，许海燕，等．基于多维流量特征的 IRC 僵尸网络频道检测 [J ] . 通信学报 , 2013 , 34 ( 10 ): 49 - 64 .

YAN J E , YUAN C Y , XU H Y , et al . Method of detecting IRC botnet based on the multi-features of traffic flow [J ] . Journal on Communica-tions , 2013 , 34 ( 10 ): 49 - 64 .

YAMAUCHI K , HORI Y , SAKURAI K , et al . Detecting HTTP-based bot-net based on characteristic of the C＆C session using by SVM [C ] // 8th Asia Joint Conference on Information Security . 2013 : 63 - 68 .

BADIS H , DOYEN G , KHATOUN R . Toward a source detection of botclouds: a PCA-based approach [C ] // International Conference on Au-tonomous Infrastructure, Management, and Security . 2014 : 105 - 117 .

TULASIRAM N , ANUSHUA K , BHANU SMS , et al . An extrusion detection system against botclouds [C ] // Seventh International Confer-ence on Communication Networks (ICCN-2013) . 2013 : 207 - 215 .

BADIS H , DOYEN G , KHATOUN R . A collaborative approach for a source based detection of botclouds [C ] // International Symposium on Integrated Network Management . 2015 : 906 - 909 .

JADHAV S , DUTIA S , CALANGUTKAR K , et al . Cloud-based android botnet malware detection system [C ] // 17th International Con-ference on Advanced Communication Technology . 2015 : 347 - 352 .

HINTION G E , SALAKHUTDINOV R R . Reducing the dimensional-ity of data with neural networks [J ] . Science , 2006 , 313 ( 28 ): 504 - 507 .

TAN Z Y . Detection of denial-of-service attacks based on computer vision techniques [D ] . Sydney: University of Technology , 2013 .

FANG Z J , FEI F C , FANG Y M , et al . Abnormal event detection in crowded scenes based on deep learning [J ] . Multimedia Tools ＆ Ap-plications , 2016 : 1 - 23 .

YUAN Z L , LU Y Q , XUE Y B . Droid detector: Android malware characterization and detection using deep learning [J ] . Tsinghua Sci-ence ＆ Technology , 2016 , 21 ( 1 ): 114 - 123 .

WANG Y , CAI W D , WEI P C . A deep learning approach for detecting malicious javascript code [J ] . Security ＆ Communication Networks , 2016 , 51 ( 8 ): 28656 - 28667 .

韩晓光，曲武，姚宣霞，等．基于纹理指纹的恶意代码变种检测方法研究 [J ] . 通信学报 , 2014 , 35 ( 8 ): 125 - 136 .

HAN X G , QU W , YAO X X , et al . Research on malicious code vari-ants detection based on texture fingerprint [J ] . Journal on Communica-tions , 2014 , 35 ( 8 ): 125 - 136 .

LECUN Y , BOTTOU L , BENGIO Y , et al . Gradient-based learning applied to document recognition [C ] // The IEEE . 1998 : 1 - 46 .

敖道敢 . 无监督特征学习结合神经网络应用于图像识别 [D ] . 广州：华南理工大学 , 2014 .

AO D G . Integration of unsupervised feature learning and neural net-works applied to image recognition [D ] . Guangzhou: South China University of Technology , 2014 .

JIA Y Q , SHELHAMER E , DONAHUE J , et al . Caffe: convolutional architecture for fast feature embedding [C ] // The 22nd ACM interna-tional conference on Multimedia . 2014 : 675 - 678 .

浏览量

1519

下载量

CSCD

文章被引用时，请邮件提醒。

提交

工具集

关联资源

超大规模太赫兹系统深度学习信道估计算法

基于机器学习的加密流量分类研究综述

基于深度学习的SDN异常流量分布式检测方法

基于Ngram-TFIDF的深度恶意代码可视化分类方法

基于后门攻击的恶意流量逃逸方法