计算机科学 ›› 2016, Vol. 43 ›› Issue (4): 150-154.doi: 10.11896/j.issn.1002-137X.2016.04.030
白虹,庞建民,戴超,岳峰
BAI Hong, PANG Jian-min, DAI Chao and YUE Feng
摘要: 通常的木马心跳行为检测方法利用的是聚类的思想,很难避免木马自身传输数据包的干扰,导致误报。为此,提出基于小波变换的木马心跳行为检测方法。该方法首先将TCP数据包流表示成包长度信号,然后用基于Mallat的强制阈值除噪算法对信号进行处理,最后通过基于包速率的行为详细信息判定算法得出检测结果。实验表明,该检测方法能有效地检测出心跳行为并具有较强的抗干扰性。
| [1] Scarfone K,Mell P.Guide to intrusion detection and prevention systems (idps)[J].National Institute of Standards and Techno-logy Special Publication,2007,2007(800):94 [2] Ding Wei-qiu,A detection technology based on network beha-vioral characteristics of Trojan [D].Nanjing:Nanjing University of Posts and Telecommunications,2013(in Chinese) 丁卫球.基于网络行为特征的木马检测技术[D].南京:南京邮电大学,2013 [3] Xia Ai-min,Zhang Hong-zhi,Yang Wei-feng.Trojan Horse Detection Technology based on Characteristics of Comprehensive Behavior[J].Information Security and Communications Privacy,2014(6):109-113(in Chinese) 夏爱民,张宏志,杨伟锋.基于综合行为特征的木马检测技术研究[J].信息安全与通信保密,2014(6):109-113 [4] Ma Li-jun.The survey of theft Trojan Detection based on behavior detection[J].Journal of Guangxi University for Nationali-ties(Natural Science Edition),2014,20(2):70-74(in Chinese) 马立军.基于行为检测的窃密型木马检测研究[J].广西民族大学学报(自然科学版),2014,20(2):70-74 [5] Tao He,Hao Zhong.Network heartbeat packets recognition basedon DTW and HC-FCM algorithm[C]∥2010 Sixth International Conference on Natural Computation (ICNC).IEEE,2010,6:3190-3193 [6] Yi Jun-kai,Chen Li,Sun Jian-wei.Data flow clustering detection approach of network heartbeat packet sequence[J].Computer Engineering,2011,37(24):61-63 [7] Pu Yi-guo,Chen Xiao-jun,Cui Xu,et al.Data Stolen Trojan Detection based on Network Behaviors[J].Procedia Computer Science,2013,17:828-835 [8] Meng Lei,Liu Sheng-li,Liu Long,et al.Trojan Rapid Detection Method Based on Heartbeat Behavior Analysis[J].Computer Engineering 2012,38(14):13-16(in Chinese) 孟磊,刘胜利,刘龙,等.基于心跳行为分析的木马快速检测方法[J].计算机工程,2012,38(14):13-16 [9] Wu Xiao-pei,Song Jun-ke,Guo Xiao-jing,et al.The Online Envelope Detection Based on Sliding Window ICA and Its Application to Brain-Computer Interface[J].Acta Biophysica Sinica,2012,28(11):896-909(in Chinese) 吴小培,宋俊可,郭晓静,等.基于滑动窗独立分量分析的在线包络检测新方法及其在脑-机接口中的应用[J].生物物理学报,2012,28(11):896-909 [10] Oppenheim A V,Willsky A S,Nawab S H.Signals and systems[M].Englewood Cliffs,NJ:Prentice-Hall,1983 [11] Yang Yue-xiang.The Research on the Algorithms of Information Hiding and Network Traffic Detection Based on Wavelet Analysis[D].Changsha:National University of Defense Technology,2008(in Chinese) 杨岳湘.基于小波变换的信息隐藏与网络流量检测方法研究[D].长沙:国防科学技术大学,2008 [12] Yang Ji-peng,Liu Xue-cheng.Study of The NetWork Abnormal Detection Based on The Wavelet Transforms[J].Journal of Shanghai Agicultural University(Natural Science),2011(1):95-99(in Chinese) 杨继鹏,刘学诚.基于小波变换的网络异常检测研究[J].山东农业大学学报(自然科学版),2011(1):95-99 |
| No related articles found! |
|
||
首页