«上一篇/Previous Article|本期目录/Table of Contents|下一篇/Next Article»

j. issn. 1673-629X. 2019. 08. 022]
点击复制

物联网僵尸网络的恶意域名检测技术研究()

分享到：

《计算机技术与发展》[ISSN:1006-6977/CN:61-1281/TN]

卷:: 29
期数:: 2019年08期

页码:: 113-118

栏目:: 安全与防范

出版日期:: 2019-08-10

文章信息/Info

Title:: Research on Malicious Domain Name Detection Technology in IoT Botnet

文章编号:: 1673-629X(2019)08-0113-06

作者:: 李雪妍; 陈伟; 杜俊雄; 南京邮电大学计算机学院,江苏南京 210023

Author(s):: LI Xue-yan; CHEN Wei; DU Jun-xiong; School of Computer,Nanjing University of Posts and Telecommunications,Nanjing 210023,China

关键词:: 物联网; 僵尸网络; 恶意域名; 自动评分算法; 信誉特征

Keywords:: IoT; Botnet; malicious domain name; automatic scoring algorithm; reputation

分类号:: TP301

DOI:: 10. 3969 / j. issn. 1673-629X. 2019. 08. 022

摘要:: 随着物联网智能设备的普及,所带来的社会安全隐患也越来越多。正如 2016 年爆发的 Mirai 恶意软件,它正是由物联网智能设备中漏洞的入侵和渗透形成的一个大型僵尸网络。其变种内置的域名生成算法大大增强了自身的健壮性,极大程度上延长了其自身的生命周期。域名系统作为互联网重要资源,也带来了很大的安全威胁。文中分析研究了现有的恶意域名识别技术,并提出一种基于信誉评分体制的全新检测系统。选取了基于域名维度与 IP 维度的特征集,同时设计并实现了异常值自动评分算法,算法可以自动选择最可疑的恶意域名事件且无需已标记数据集。实验结果表明,将文中采用的自动评分技术与标准异常检测技术相比较,误报率低至 0.003%,该系统的准确率比标准检测技术平均提升 5 ~10 倍。

Abstract:: With the popularization of Internet of things devices,there exists more and more security risks. Like the Mirai malware outbreak in 2016,it is a large Botnet created by the intrusion and penetration of vulnerabilities in smart devices in the Internet of things. The Mirai variant built-in domain name generation algorithm greatly enhances its robustness and extends its life cycle. As an important resource of Internet,DNS (domain name system) also brings great security threat. We analyze the existing malicious domain name recognition technology,and propose a new detection system based on the credit rating system. The feature set based on domain name dimension and IP dimension is selected, and the outliers automatic scoring algorithm is designed and implemented, which can automatically select the most suspect malicious domain name events through unmarked datasets. The experiment shows that compared with the standard abnormal detection technology,the false alarm rate of the proposed automatic scoring technology is as low as 0.003%.The accuracy of the system is 5 ~10 times higher than that of the standard detection technology.

相似文献/References:

[1]刘旭勇.DDoS攻击及主动防御模型研究[J].计算机技术与发展,2008,(07):143.
　LIU Xu-yong.Research on DDoS Attacks and Proactive Defense Model[J].,2008,(08):143.
[2]郭苑张顺颐孙雁飞.物联网关键技术及有待解决的问题研究[J].计算机技术与发展,2010,(11):180.
　GUO Yuan,ZHANG Shun-yi,SUN Yan-fei.Research of Key Technologies and Unresolved Questions of Internet of Things[J].,2010,(08):180.
[3]于群英李媛杨文荣.基于轻量级J2EE的网站群管理系统开发架构[J].计算机技术与发展,2011,(04):48.
　YU Qun-ying,LI Yuan,YANG Wen-rong.Research of Development Framework of Multi-Websites Management System Based on Lighter J2EE[J].,2011,(08):48.
[4]张捍东朱林.物联网中的RFID技术及物联网的构建[J].计算机技术与发展,2011,(05):56.
　ZHANG Han-dong,ZHU Lin.RFID Technology and Structure of Internet of Things[J].,2011,(08):56.
[5]任长城马雏.智能家居中基于认知无线电的通信协议设计[J].计算机技术与发展,2011,(08):14.
　REN Chang-cheng,MA Chu.A Design of Cognitive Radio Communication Protocol in Smart Home[J].,2011,(08):14.
[6]蔡晓骆德汉郑魏余庆悦.基于RFID的家电监控追踪系统的设计实现[J].计算机技术与发展,2011,(10):176.
　CAI Xiao,LUO De-han,ZHENG Wei,et al.Design and Implementation of Household Appliance ts Monitoring and Tracking System[J].,2011,(08):176.
[7]孙文歌魏振方江俊斌.IPv6链路本地地址安全技术研究[J].计算机技术与发展,2011,(10):237.
　SUN Wen-ge,WEI Zhen-fang,JIANG Jun-bin.Study of Link-Local Address Security in IPv6[J].,2011,(08):237.
[8]赵旭秦雅娟.泛在绿色社区控制网络协议研究与分析[J].计算机技术与发展,2011,(12):13.
　ZHAO Xu,QIN Ya-juan.Study on Ubiquitous Green Community Control Network Protocol[J].,2011,(08):13.
[9]李园园毕晓冬张永胜韩贝贝[].物联网框架安全威胁及相应策略研究[J].计算机技术与发展,2011,(12):148.
　LI Yuan-yuan,BI Xiao-dong,ZHANG Yong-sheng,et al.Framework and Security Threats on Internet of Things and Survey of Corresponding Strategies[J].,2011,(08):148.
[10]周天剑王震姚沁许鸿锦.基于RFID盲人导航系统[J].计算机技术与发展,2011,(12):217.
　ZHOU Tian-jian,WANG Zhen,YAO Qin,et al.Blind Navigation System Based on RFID[J].,2011,(08):217.

常用功能

工具/Tools

统计/Statistics

摘要浏览/Viewed939
全文下载/Downloads564
评论/Comments