ANALYSIS OF BOTNET CLUSTERING MONITORING BASED ON THE EIGENVALUES OF THE DNS FLOW
This paper puts forward five DNS flow botnet domain name detect feature,and according to the real network data content to the DNS the test,to the testing results and the characteristics of various characteristics are analyzed and summarized.This method can break the zombie network used by different agreement the limits of the structure.At the same time,because of DNS flow will be far less network data flow,so this method is more suitable for deployment in the core network to large botnets state real time monitoring perception.On this basis,the botnet behavior flow and domain name inquires the flow clustering,given a cluster of joint monitoring model.Through the collection,analysis the deployment in some city operating room on the DNS cache experiment system of feedback data,that the clustering linkage monitoring model can not only monitoring unknown botnet,and monitoring process and the structure of the botnet agreement has nothing to do,have good monitoring efficiency.
Botnet DNS Cluster Linkage monitoring
Chunyang Yuan Wenjie Liu Bin Feng
National Computer network Emergency Response Technical Team/Coordination Center of China,Beijing 100 School of Software of Dalian University of Technology,Dalian 116024,China
国际会议
杭州
英文
874-879
2012-10-30(万方平台首次上网日期,不代表论文的发表时间)