利用确定性树突状细胞算法在线检测僵尸网络

吉林大学学报(理学版)

利用确定性树突状细胞算法在线检测僵尸网络

董刚, 滕云, 姜鑫阳, 郭东, 李强

吉林大学计算机科学与技术学院, 符号计算与知识工程教育部重点实验室, 长春 130012

收稿日期:2017-01-04 出版日期:2017-11-26 发布日期:2017-11-29
通讯作者: 郭东 E-mail:guodong@jlu.edu.cn

Deterministic Dendritic Cell Algorithm for Online Detection of Botnet

DONG Gang, TENG Yun, JIANG Xinyang, GUO Dong, LI Qiang

Key Laboratory of Symbolic Computation and Knowledge Engineering of Ministry of Education, College of Computer Science and Technology, Jilin University, Changchun 130012, China

Received:2017-01-04 Online:2017-11-26 Published:2017-11-29
Contact: GUO Dong E-mail:guodong@jlu.edu.cn

摘要/Abstract

摘要： 将人工免疫系统算法应用于对僵尸网络的实时监测, 提出一种基于确定性树突状细胞算法的在线检测模型. 通过结合僵尸网络的特征定义行为信号, 基于启发信息实现僵尸网络的主机端实时监测. 使用标准数据集对模型的有效性进行实验验证, 实验结果表明, 该模型具有实时性、行为定义简单、可接受多种启发式信息定义的优势, 且检测僵尸网络系统的漏报率与误报率均较低.

关键词: 僵尸网络检测, 危险理论, 树突细胞算法, 人工免疫系统

Abstract: We applied artificial immune system algorithm to the real-time detection of botnet, and proposed an online detection model based on deterministic dendritic cell algorithm. Combining the characteristics of botnets, the behavior signals were defined, and the real\|time detection of the host of botnet based on the heuristic information was realized. The validity of the model was experimentally verified by using standard data sets. Experimental results show that this model has the advantages of real-time, simple behavior definition and accepting the definition of multiple kinds of heuristic information. Moreover, the false negative rate and false positive rate of detection of botnet are low.

Key words: dendritic cell algorithm, artificial immune system, botnet detection, danger theory

中图分类号:

TP393

董刚, 滕云, 姜鑫阳, 郭东, 李强. 利用确定性树突状细胞算法在线检测僵尸网络[J]. 吉林大学学报(理学版), 2017, 55(06): 1485-1490.

DONG Gang, TENG Yun, JIANG Xinyang, GUO Dong, LI Qiang. Deterministic Dendritic Cell Algorithm for Online Detection of Botnet[J]. Journal of Jilin University Science Edition, 2017, 55(06): 1485-1490.