基于MapReduce检测僵尸网络的贝叶斯算法的实现

计算机科学 ›› 2014, Vol. 41 ›› Issue (3): 153-158.

基于MapReduce检测僵尸网络的贝叶斯算法的实现

邵秀丽,耿梅洁,蒋鸿玲

南开大学信息技术科学学院天津300071;南开大学信息技术科学学院天津300071;南开大学信息技术科学学院天津300071

出版日期:2018-11-14 发布日期:2018-11-14
基金资助:
本文受天津市重点资助

Realization of Bayesian Algorithm for Detecting Botnets Based on MapReduce

SHAO Xiu-li,GENG Mei-jie and JIANG Hong-ling

Online:2018-11-14 Published:2018-11-14

摘要/Abstract

摘要： 利用贝叶斯算法检测僵尸网络具有较高的准确性,但僵尸网络具有流量大的特征,同时贝叶斯分类训练阶段需要对大量的网络数据集进行训练,用单一结点来检测僵尸网络将会遇到计算时间和计算资源瓶颈。为此设计了基于MapReduce检测僵尸网络的贝叶斯算法,把贝叶斯算法训练阶段的先验概率、条件概率和检测阶段的后验概率的计算并行化处理。通过大量运行在Hadoop平台上的实验表明,该方法提高了检测僵尸网络的效率。

关键词: 僵尸网络,贝叶斯,MapReduce,流量,Hadoop 中图法分类号TP393文献标识码A

Abstract: Although botnets are detected in a more accurate way by using Bayesian algorithm,it has the character of large flow and the training of Bayesian classification needs to train a large number of network datasets．Therefore,it will lead to meet a bottleneck of calculation of the time and resources by using a single node to detect the botnets．To this end,this paper designed a Bayesian algorithm based on the MapReduce to parallely process the calculation of the prior probability and the conditional probability in the training phase,and the posterior probability in the detection phase of Bayesian algorithm．A large number of experiments running on Hadoop platform show that this method improves the efficiency of bonnets detecting.

Key words: Botnets,Bayesian,MapReduce,Flow,Hadoop

邵秀丽,耿梅洁,蒋鸿玲. 基于MapReduce检测僵尸网络的贝叶斯算法的实现[J]. 计算机科学, 2014, 41(3): 153-158. https://doi.org/

SHAO Xiu-li,GENG Mei-jie and JIANG Hong-ling. Realization of Bayesian Algorithm for Detecting Botnets Based on MapReduce[J]. Computer Science, 2014, 41(3): 153-158. https://doi.org/

参考文献

[1] Oikarinen J,Reed D．Internet relay chat protocol[R]．Request forComment s (RFC) 1459,IETF,May 1993
[2] Jiang H,Shao X．Detecting P2P botnets by discovering flow dependency in C&C traffic[J]．Peer-to-Peer Networking and Applications,2012,5:1-12
[3] 李晓桢,程佳,胡军．基于聚类分析的僵尸网络识别系统[J]．计算机系统应用,2009,8:130-135
[4] 王威,方滨兴,崔翔．基于终端行为特征的IRC 僵尸网络检测[J].计算机学报,2009,32(10):1980-1988
[5] 蒋鸿玲,邵秀丽.基于神经网络的僵尸网络检测方法[J].智能系统学报,2013,8(2):113-118
[6] Goebel J,Holz T．Rishi:identify bot contaminated hosts by irc nickname evaluation[C]∥Proceedings of USENIX First Workshop on Hot Topics in Understanding Botnets．Cambridge,USA,2007:1-12
[7] 杜跃进,崔翔．僵尸网络及其启发[J]．中国数据通信,2005,7(5):9-13
[8] Dean J,Ghemawat S．MapReduce:Simplified dtat process-ing on large cluster[J].Communications of the ACM,2005,51(1):107-113
[9] 陶永才,薛正元,石磊．基于MapReduce 的贝叶斯垃圾邮件过滤机制[J].计算机应用,2011,31(9):2412-2416
[10] 张鹏,唐世渭．朴素贝叶斯分类中的隐私保护方法研究[J].计算机学报,2007,0(8):1267-1276

Metrics

Viewed

Full text

Abstract

Cited

Shared

Discussed