Online Botnet Detection Algorithm Using MapReduce
-
摘要: 目前僵尸网络主要是通过网络流量分析的方法来进行检测,这往往依赖于僵尸主机的恶意行为,或者需要外部系统提供信息。另外传统的流量分析方法计算量很大,难以满足实时要求。为此该文提出一种基于MapReduce的僵尸网络在线检测算法,该算法通过分析网络流量并提取其内在的关联关系检测僵尸网络,并在云计算平台上进行数据分析,使数据获取和数据分析工作同步进行,实现在线检测。实验结果表明该算法的检测率可达到90%以上,误报率在5%以下,并且数据量较大时加速比接近线性,验证了云计算技术在僵尸网络检测方面的可行性。Abstract: Most current botnet detection approaches are based on analyzing network traffic and they usually rely on malicious behaviors of bots or need information provided by external systems. Besides, the huge computation of traditional approaches is difficult to meet the real time requirement. So an online botnet detection approach is proposed based on MapReduce. The approach detects botnet by analyzing network traffic and extracting intra relationship of flows. The data analysis is carried out in cloud platform which makes the data capture and data analysis working simultaneously and realizes online detection. The experimental results show that the detection rate of the approach can achieve 90% and the false positive rate is below 5%. When the data is large, the speedup is close to linear. It proves the feasibility of applying cloud computing technologies to botnet detection.
-
Key words:
- Cloud computing /
- Botnet /
- Online detection /
- MapReduce
计量
- 文章访问数: 2271
- HTML全文浏览量: 107
- PDF下载量: 1704
- 被引次数: 0