僵尸网络检测技术研究.docx

学 术 . 技 术
僵尸网络检测技术研究
王钟梅 1，殷新春 2 ，袁秋宇 3
(1．连云港师范高等专科学校，江苏 连云港 222006 ；2．扬州大学 信息工程学院，江苏 扬州 225009 ；3．连云港第七一六研究所，江苏 连云港 222006)
摘 要 ：由于全球网络都在遭受日益广泛的僵尸网络所带来的威胁，因此，必须加大对其防治。僵尸网络检测的方法分为三个部分 ：“ 僵尸网络静态特征检测技术”、“僵尸网络动态特征检测技术”、“僵尸网络混合特征检测技术”，分别指出了僵尸网络静态特征检测技术的缺陷就是误报率高、僵尸网络动态特征检测技术缺乏先验性和处理数据量大等缺点，最后指出，把这两种方法结合起来，就能够更好地减少数据处理量和提高检测的准确率。
关键词 ：僵尸网络 ；检测 ；静态特征 ；动态特征 ；混合特征
Study on the Technology for Detecting the Botnet
WANG Zhong-mei1,YIN Xin-chun2,YUAN Qiu-yu3
（ of computer, LianYunGang teacher’s School,Lianyungang,Jiangsu 222006,China;
of Information Engineering,YangZhou university,Yangzhou,Jiangsu 225009,China;
716th institute of LianYunGang, Lianyungang,Jiangsu 222006,China）
Abstract:As the threat on global network by the botnet becomes more and more widespreading,we must increase the prevention .In this article,there’re three parts for the methods to test the botnet:botnet detection technology of static features,botnet detection technology of
dynamic features,botnet detection technology of mix features, these parts respectively point out that the defect of the static features inspection technology is the high error reports、lack of previous forecast and excessive data processing of the Zombies network detection technology of
dynamic features;At last ,summarize that the two mechods must be combined which can better reduc