共查询到18条相似文献,搜索用时 93 毫秒
1.
近年来,随着对等技术(Peer-to-Peer,P2P)应用的日益广泛,其安全问题也愈显突出.由于P2P网络的去中心化、动态性且网络规模较大,使得传统的互联网安全技术不再适用于P2P网络.目前,对等网络安全机制的研究主要集中在信任管理和认证问题上,而作为另一个重要的安全保障机制———访问控制,则一直没有得到应有的重视.鉴于此,将基于角色的访问控制模型与P2P信任机制相融合,提出基于角色信任的P2P网络访问控制模型(Trust&Role-Based Access Control Model for P2P Networks,TRACM).最后,在P2P文件共享的应用场景下,设计和实现了P2P网络访问控制模型的原型系统.实验结果表明TRACM模型既能很好地适应去中心化及动态性强的P2P网络环境,又能高效地保障资源和用户的安全. 相似文献
2.
P2P软件在网络中应用广泛,如何快速有效地识别P2P数据流成为十分重要的问题。传统的P2P识别方法对当前P2P动态端口以及内容加密无能为力。文章根据P2P流包括IP包数目、UDP比例以及连接数指标等动态行为特征,结合数据挖掘分类算法,提出了一种基于距离判决函数的判决算法,并对该算法进行实验验证。实验证明这种算法能对数据流进行高效的判决和预测。通过该方法,对网络中用户使用P2P软件可以进行有效的快速识别,达到对P2P监控的目的。 相似文献
3.
基于隐马尔科夫模型的P2P流识别技术 总被引:1,自引:0,他引:1
为了实时、准确地识别多种P2P应用流,提出了基于隐马尔科夫模型(HMM,hidden Markov model)的P2P流识别技术。该技术利用分组大小、到达时间间隔和到达顺序等特征构建流识别模型,采用离散型随机变量刻画HMM状态特征;提出了能同时识别多种P2P应用流的架构HMM-FIA,设计了HMM的状态个数选择算法。在校园网中架设可控实验环境,使用HMM-FIA识别多种P2P流,并与已有识别方法进行比较,结果表明采用离散型随机变量能降低模型建立时间,提高识别未知流的实时性和准确性;HMM-FIA能同时识别多种P2P协议产生的分组流,并能较好地适应网络环境变化。 相似文献
4.
5.
基于双重特征的P2P流量检测方法 总被引:4,自引:0,他引:4
P2P流量逐渐成为了互联网流量的重要组成部分,精确地识别P2P流量对于有效地管理网络和合理地利用网络资源都具有重要意义.首先提出了在特定网络拓扑结构下的P2P流量表现出的流量特征,然后结合P2P流量的payload特征,设计了一种基于双重特征的P2P流量检测方法.该方法既克服了基于流量特征的检测方法应用级分类能力弱的缺点,又克服了基于payload特征的方法不能检测加密和未知P2P应用且检测效率不高的缺点.实验结果显示该方法比传统的基于payload特征的方法具有较高检测效率和合适的检测精度. 相似文献
6.
针对基于神经网络的P2P流量检测问题面临检测精度与样本训练时间相互矛盾的问题,提出了基于自适应的神经网络检测模型。通过对神经网络训练过程中的误差分析,改进神经网络的学习,动态调整神经网络的学习速率,以满足神经网络对预期结果的快速收敛性。详细阐述了应用于P2P流量检测的自适应神经网络构建过程,给出了自适应学习速率的相关计算公式。通过实验测试,结果表明采用自适应的神经网络具有训练速度快,检测精度高的特点,对7种典型P2P的识别精度基本达到了90%以上。 相似文献
7.
8.
9.
基于主动识别技术的网关P2P流量检测 总被引:2,自引:0,他引:2
P2P流量在对Internet起巨大推动作用的同时,也带来了因资源过度占用而引起的网络拥塞以及安全隐患等问题,妨碍了正常网络业务的开展.文中介绍了目前主流的网关P2P流量检测技术并分析了这些技术的优缺点,提出了一种基于主动识别技术来检测和控制P2P流量的方法,以便对P2P流量进行识别和有效控制. 相似文献
10.
详细分析了P2P僵尸网络的生命周期以及网络特征,从P2P软件和P2P僵尸病毒的网络行为相异性出发,提取其特征向量,并结合三种著名的数据挖掘算法,提出一种基于终端网络行为特征的P2P僵尸主机检测模型——Bot_Founder,并论述了虚拟机环境搭建和实验结果分析.实验结果表明,该模型能高效准确地区分出正常的P2P进程与P2P僵尸进程,检测出处于潜伏阶段的僵尸主机,具有较低的漏判率. 相似文献
11.
Fateme Faraji Daneshgar Maghsoud Abbaspour 《International Journal of Communication Systems》2019,32(13)
Botnet is a distributed platform for illegal activities severely threaten the security of the Internet. Fortunately, although their complicated nature, bots leave some footprints during the C&C communication that have been utilized by security researchers to design detection mechanisms. Nevertheless, botnet designers are always trying to evade detection systems by leveraging the legitimate P2P protocol as C&C channel or even mimicking legitimate peer‐to‐peer (P2P) behavior. Consequently, detecting P2P botnet in the presence of normal P2P traffic is one of the most challenging issues in network security. However, the resilience of P2P botnet detection systems in the presence of normal P2P traffic is not investigated in most proposed schemes. In this paper, we focused on the footprint as the most essential part of a detection system and presented a taxonomy of footprints utilized in behavioral P2P botnet detection systems. Then, the resilience of mentioned footprints is analyzed using three evaluation scenarios. Our experimental and analytical investigations indicated that the most P2P botnet footprints are not resilient to the presence of legitimate P2P traffic and there is a pressing need to introduce more resilient footprints. 相似文献
12.
Jie He Yuexiang Yang Xiaolei Wang Zhiguo Tan 《International Journal of Network Management》2017,27(5)
Peer‐to‐peer (P2P) botnets have become one of the major threats to network security. Most existing botnet detection systems detect bots by examining network traffic. Unfortunately, the traffic volumes typical of current high‐speed Internet Service Provider and enterprise networks are challenging for these network‐based systems, which perform computationally complex analyses. In this paper, we propose an adaptive traffic sampling system that aims to effectively reduce the volume of traffic that P2P botnet detectors need to process while not degrading their detection accuracy. Our system first identifies a small number of potential P2P bots in high‐speed networks as soon as possible, and then samples as many botnet‐related packets as possible with a predefined target sampling rate. The sampled traffic then can be delivered to fine‐grained detectors for further in‐depth analysis. We evaluate our system using traffic datasets of real‐world and popular P2P botnets. The experiments demonstrate that our system can identify potential P2P bots quickly and accurately with few false positives and greatly increase the proportion of botnet‐related packets in the sampled packets while maintain the high detection accuracy of the fine‐grained detectors. 相似文献
13.
14.
线速采集全部数据包,进行协议分析和业务类型识别,是实现P2P检测控制系统的基础。本文主要介绍P2P检测控制系统中协议分析的方法和流程,包括数据链路层到传输层的基本报文解析和应用层的协议识别,为各种P2P业务检测系统和网管系统提供参考。 相似文献
15.
Machine learning technology has wide application in botnet detection.However,with the changes of the forms and command and control mechanisms of botnets,selecting features manually becomes increasingly difficult.To solve this problem,a botnet detection system called BotCatcher based on deep learning was proposed.It automatically extracted features from time and space dimension,and established classifier through multiple neural network constructions.BotCatcher does not depend on any prior knowledge which about the protocol and the topology,and works without manually selecting features.The experimental results show that the proposed model has good performance in botnet detection and has ability to accurately identify botnet traffic . 相似文献
16.
17.