P2P botnet detection method based on fractal and self-adaptation fusion
What is Al technical title?
Al technical title is built by PatSnap Al team. It summarizes the technical point description of the patent document.
A detection method and adaptive technology, applied in the field of computer security, can solve the problems of low detection efficiency and complex detection process, and achieve the effect of reducing the hypothesis set
Active Publication Date: 2016-04-20
CHANGCHUN INST OF OPTICS FINE MECHANICS & PHYSICS CHINESE ACAD OF SCI
View PDF2 Cites 5 Cited by
Summary
Abstract
Description
Claims
Application Information
AI Technical Summary
This helps you quickly interpret patents by identifying the three key elements:
Problems solved by technology
Method used
Benefits of technology
Problems solved by technology
[0006] The present invention provides a P2Pbotnet detection method based on fractal and adaptive data fusion in order to solve the problems of complex detection process and low detection efficiency of the existing P2Pbotnet detection method
Method used
the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more
Image
Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
Click on the blue label to locate the original text in one second.
Reading with bidirectional positioning of images and text.
Smart Image
Examples
Experimental program
Comparison scheme
Effect test
specific Embodiment approach 1
[0034] Specific implementation mode 1. Combination figure 1 with figure 2 Describe this embodiment, the P2Pbotnet detection method based on fractal and self-adaptive fusion, the specific implementation steps are:
[0035] Step 1: Network traffic data collection.
[0036] Use tools such as Wireshark to collect network traffic as the original input data of the detection method.
[0037] Step 2: Construct two network traffic detection sensors using fractal theory to detect whether the characteristics of network traffic at different time scales are abnormal.
[0038] 1) Use the monofractal characteristic detection sensor to detect whether there is anomaly in the self-similarity of network traffic on a large time scale: estimate the Hurst exponent, input it into the Kalman filter as a system measurement value, and establish a Kalman filter model to detect The abnormality of the network traffic self-similarity feature is obtained to obtain the detection result.
[0039] 2) Use ...
specific Embodiment approach 2
[0042] Specific embodiment two, combine figure 1 with figure 2 Describe this embodiment, this embodiment is the embodiment of the P2Pbotnet detection method based on fractal and adaptive fusion described in the specific embodiment one:
[0043] Step A, network traffic data collection, use tools such as Wireshark to collect network traffic, as the original input data of the detection method, calculate the network traffic in a fixed time window, and normalize it to obtain the traffic F k , assuming that the current is the kth time window;
[0044] Step B. Construct two network traffic detection sensors to detect whether the characteristics under different time scales are abnormal.
[0045] 1. Use monofractal characteristics to detect sensors to detect whether there is anomaly in the self-similarity of network traffic on a large time scale: use the rescaled range (R / S, RescaledRange) method to estimate the Hurst exponent in the current time window to obtain Hurst k , which is...
the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more
PUM
Login to view more
Abstract
The invention provides a P2P botnet detection method based on fractal and self-adaptation fusion, which relates to the field of computer security and solves problems that the existing P2P botnet detection method has a complex detection process and low detection efficiency. The P2P botnet detection method based on the fractal and self-adaptation fusion comprises the steps: constructing a single-fractal characteristic detection sensor and a multi-fractal characteristic detection sensor, which respectively utilize self similarity in large time scale and local singularity in small time scale to express network flow characteristics; utilizing a Kalman filter to detect whether the characteristics are abnormal. A self-adaptation data fusion method is provided to obtain a more precise data fusion result; according to difference of evidential confliction degrees, DST or DSmT is selected by self adaptation to fuse the detection results of the detection sensors, thereby obtaining a final result. According to the P2P botnet detection method based on the fractal and self-adaptation fusion, quick and universal detection is performed on P2P botnet, and the precision and real-time performance are excellent.
Description
technical field [0001] The invention relates to the field of computer security, in particular to a P2Pbotnet detection method based on fractal and adaptive data fusion. Background technique [0002] A botnet (botnet) is a malicious host group. Attackers can use secondary injection to change the load of bot nodes, so as to quickly and easily change the type of attack to be sent, such as distributed denial of service attacks, phishing and Spam attacks, etc. The current new P2Pbotnet uses the decentralized structure of the P2P network to build its command and control mechanism (C&C, Command and Control). Because the structure has no control center, it effectively avoids single point failure, and is more robust and reliable. [0003] At present, the research on P2Pbotnet analysis and detection is in the rising stage, and the analysis shows that there are mainly the following problems: [0004] 1. Most detection methods mainly start with some unique and detailed features of P2P...
Claims
the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more
Application Information
Patent Timeline
Application Date:The date an application was filed.
Publication Date:The date a patent or application was officially published.
First Publication Date:The earliest publication date of a patent with the same application number.
Issue Date:Publication date of the patent grant document.
PCT Entry Date:The Entry date of PCT National Phase.
Estimated Expiry Date:The statutory expiry date of a patent right according to the Patent Law, and it is the longest term of protection that the patent right can achieve without the termination of the patent right due to other reasons(Term extension factor has been taken into account ).
Invalid Date:Actual expiry date is based on effective date or publication date of legal transaction data of invalid patent.
Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): H04L29/06
CPCH04L63/1475
Inventor 宋元章哈清华王安邦刘逻
Owner CHANGCHUN INST OF OPTICS FINE MECHANICS & PHYSICS CHINESE ACAD OF SCI
Login to view more 
Login to view more