Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

A p2p botnet detection method based on fractal and adaptive fusion

A detection method and self-adaptive technology, applied in transmission systems, electrical components, etc., can solve the problems of low detection efficiency and complex detection process, and achieve the effect of reducing the hypothesis set

Active Publication Date: 2018-11-27
CHANGCHUN INST OF OPTICS FINE MECHANICS & PHYSICS CHINESE ACAD OF SCI
View PDF2 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0006] The present invention provides a P2P botnet detection method based on fractal and adaptive data fusion in order to solve the problems of complex detection process and low detection efficiency of the existing P2P botnet detection method

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • A p2p botnet detection method based on fractal and adaptive fusion
  • A p2p botnet detection method based on fractal and adaptive fusion
  • A p2p botnet detection method based on fractal and adaptive fusion

Examples

Experimental program
Comparison scheme
Effect test

specific Embodiment approach 1

[0034] Specific implementation mode 1. Combination figure 1 with figure 2 Describe this embodiment, the P2Pbotnet detection method based on fractal and self-adaptive fusion, the specific implementation steps are:

[0035] Step 1: Network traffic data collection.

[0036] Use tools such as Wireshark to collect network traffic as the original input data of the detection method.

[0037] Step 2: Construct two network traffic detection sensors using fractal theory to detect whether the characteristics of network traffic at different time scales are abnormal.

[0038] 1) Use the monofractal characteristic detection sensor to detect whether there is anomaly in the self-similarity of network traffic on a large time scale: estimate the Hurst exponent, input it into the Kalman filter as a system measurement value, and establish a Kalman filter model to detect The abnormality of the network traffic self-similarity feature is obtained to obtain the detection result.

[0039] 2) Use ...

specific Embodiment approach 2

[0042] Specific embodiment two, combine figure 1 with figure 2 Describe this embodiment, this embodiment is the embodiment of the P2P botnet detection method based on fractal and self-adaptive fusion described in specific embodiment one:

[0043] Step A, network traffic data collection, use tools such as Wireshark to collect network traffic, as the original input data of the detection method, calculate the network traffic in a fixed time window, and normalize it to obtain the traffic F k , assuming that the current is the kth time window;

[0044] Step B. Construct two network traffic detection sensors to detect whether the characteristics under different time scales are abnormal.

[0045] 1. Use monofractal characteristics to detect whether the sensor detects whether there is anomaly in the self-similarity of network traffic on a large time scale: use the rescaled range (R / S, Rescaled Range) method to estimate the Hurst index in the current time window to get Hurst k , wh...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

A P2P botnet detection method based on fractal and self-adaptive fusion, which relates to the field of computer security. To solve the problems of complex detection process and low detection efficiency of existing P2P botnet detection methods, the method of the present invention is to construct a single-fractal characteristic detection sensor and a multi-fractal characteristic detection sensor, which utilize self-similarity and small-time The local singularity at the scale characterizes the network traffic characteristics, and the Kalman filter is used to detect whether the above characteristics are abnormal. In order to obtain more accurate data fusion results, an adaptive data fusion method is proposed. According to the different degrees of evidence conflicts, DST and DSmT are adaptively selected to fuse the detection results of the above detection sensors to obtain the final result. The invention performs fast and universal detection on the P2P botnet, and has better accuracy and real-time performance.

Description

technical field [0001] The invention relates to the field of computer security, in particular to a P2P botnet detection method based on fractal and adaptive data fusion. Background technique [0002] A botnet (botnet) is a malicious host group. Attackers can use secondary injection to change the load of bot nodes, so as to quickly and easily change the type of attack to be sent, such as distributed denial of service attacks, phishing and Spam attacks, etc. The current new P2P botnet uses the decentralized structure of the P2P network to build its command and control mechanism (C&C, Command and Control). Because the structure has no control center, it effectively avoids single point failure, and is more robust and reliable. [0003] At present, the research on P2P botnet analysis and detection is in the rising stage, and the analysis shows that there are mainly the following problems: [0004] 1. Most detection methods mainly start with some specific and detailed features o...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Patents(China)
IPC IPC(8): H04L29/06
CPCH04L63/1475
Inventor 宋元章哈清华王安邦刘逻
Owner CHANGCHUN INST OF OPTICS FINE MECHANICS & PHYSICS CHINESE ACAD OF SCI
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com