| 题名: |
Botnet Host Detection Based on Heartbeat Association |
| 作者: |
丁伟,花子栋,李盼辉,龚秋石,程予希 |
| 杂志/会议: |
ICCSP 2020: Proceedings of the 2020 4th International Conference on Cryptography, Security and Privacy |
| 卷、期、页码: |
Pages 42–46 |
| 时间: |
2020-01 |
| 关键词: |
Heartbeat network; heartbeat association; botnet host; attribute propagation algorithm; |
| 摘要: |
As a common means of communication, heartbeat is often used by the network applications. Hosts with the same heartbeat tend to have the same applications and thus share the homogenous vulnerabilities. Based on the detected heartbeat, the paper designs the heartbeat network, the heartbeat associated graph and an attribute propagation algorithm based on the heartbeat associated graph. The paper takes the distributed denial of service (DDoS) malicious host information provided by the intrusion detection system (IDS) deployed on the boundary of China education and research network (CERNET) Nanjing master node network as attribution, and constructs the associated graph based on the user datagram protocol (UDP) heartbeat detection result at the same location. The attribute propagation algorithm was tested for 17 days. And The result shows that the method can effectively detect DDoS malicious hosts that are not located by IDS. |
| 索引: |
|
|
全文链接
导出
|