| 摘 要: 通过综述僵尸网络的相关知识,提出基于行为与域关联的检测方法。对僵尸网络的行为流和域名查询流进 行类聚,建立一种聚类联动的检测模型,以期突破基于特征的监测的局限性。本文分析了僵尸网络的相关知识和工作原 理,重点分析基于Behavior-domain模型的僵尸网络检测方法。 |
| 关键词: 僵尸网络;域名特征;检测 |
|
中图分类号: TP393
文献标识码: A
|
|
| An Exploration of the Technology that Detect Botnet |
|
NIU Jinping,YUAN Lin
|
( Xinjiang Light Industry Vocational Technical College of Information, Urumqi 830021, China)
|
| Abstract: Review of relevant knowledge botnet,we proposed detection method based on the behavior associated with the domain.Cluster the flow behavior of botnets and domain query stream,build a linkage clustering model to detect in order to break through the limitations of feature-based monitoring.This paper analyzes the related knowledge and working principle of botnets,key analyzes the botnet detection method focuses on Behavior-domain Model. |
| Keywords: botnet;domain feature;detection |
