摘要翻译:
在过去的几年里,攻击者通过IRC服务器远程控制的恶意程序IRC bots已经成为互联网和用户的主要威胁。这些机器人可以以不同的恶意方式使用,如发出分布式拒绝服务攻击以关闭其他网络和服务,击键日志记录,垃圾邮件,流量嗅探,对网络和用户造成严重破坏。由于P2P机器人没有一个集中的关机点或回溯点,使用P2P协议的新型机器人开始出现,对互联网安全构成了威胁,从而使得对P2P机器人的检测成为一个现实的挑战。针对这些威胁,我们提出了一种通过关联P2P bot的活动来检测系统上运行的单个P2P bot的算法。我们的评估表明,关联P2P机器人在特定时间段内产生的不同活动可以检测出这类机器人。
---
英文标题:
《Behavioural Correlation for Detecting P2P Bots》
---
作者:
Yousof Al-Hammadi, Uwe Aickelin
---
最新提交年份:
2010
---
分类信息:
一级分类:Computer Science 计算机科学
二级分类:Artificial Intelligence 人工智能
分类描述:Covers all areas of AI except Vision, Robotics, Machine Learning, Multiagent Systems, and Computation and Language (Natural Language Processing), which have separate subject areas. In particular, includes Expert Systems, Theorem Proving (although this may overlap with Logic in Computer Science), Knowledge Representation, Planning, and Uncertainty in AI. Roughly includes material in ACM Subject Classes I.2.0, I.2.1, I.2.3, I.2.4, I.2.8, and I.2.11.
涵盖了人工智能的所有领域,除了视觉、机器人、机器学习、多智能体系统以及计算和语言(自然语言处理),这些领域有独立的学科领域。特别地,包括专家系统,定理证明(尽管这可能与计算机科学中的逻辑重叠),知识表示,规划,和人工智能中的不确定性。大致包括ACM学科类I.2.0、I.2.1、I.2.3、I.2.4、I.2.8和I.2.11中的材料。
--
一级分类:Computer Science 计算机科学
二级分类:Cryptography and Security 密码学与安全
分类描述:Covers all areas of cryptography and security including authentication, public key cryptosytems, proof-carrying code, etc. Roughly includes material in ACM Subject Classes D.4.6 and E.3.
涵盖密码学和安全的所有领域,包括认证、公钥密码系统、携带证明的代码等。大致包括ACM主题课程D.4.6和E.3中的材料。
--
一级分类:Computer Science 计算机科学
二级分类:Neural and Evolutionary Computing 神经与进化计算
分类描述:Covers neural networks, connectionism, genetic algorithms, artificial life, adaptive behavior. Roughly includes some material in ACM Subject Class C.1.3, I.2.6, I.5.
涵盖神经网络,连接主义,遗传算法,人工生命,自适应行为。大致包括ACM学科类C.1.3、I.2.6、I.5中的一些材料。
--
---
英文摘要:
In the past few years, IRC bots, malicious programs which are remotely controlled by the attacker through IRC servers, have become a major threat to the Internet and users. These bots can be used in different malicious ways such as issuing distributed denial of services attacks to shutdown other networks and services, keystrokes logging, spamming, traffic sniffing cause serious disruption on networks and users. New bots use peer to peer (P2P) protocols start to appear as the upcoming threat to Internet security due to the fact that P2P bots do not have a centralized point to shutdown or traceback, thus making the detection of P2P bots is a real challenge. In response to these threats, we present an algorithm to detect an individual P2P bot running on a system by correlating its activities. Our evaluation shows that correlating different activities generated by P2P bots within a specified time period can detect these kind of bots.
---
PDF链接:
https://arxiv.org/pdf/1004.2860