%0 Journal Article
%T Linkage monitoring of cluster for botnet based on relevance of behavior and domain inquiry<br>基于行为与域名查询关联的僵尸网络聚类联动监测
%A YUAN Chun-yang
%A LI Qing-shan
%A WANG Yong-jian
%A <br>袁春阳
%A 李青山
%A 王永建
%J 计算机应用研究
%D 2012
%I 
%X Feature-based monitoring can only monitor known botnet, and monitoring methods depend heavily on the structure and the protocol of botnet used.This paper proposed botnet monitoring methods based on behavior associated with the domain name query to solve the problems. It clustered the behavior and domain name query flow of botnet utilizing related and similar characteristics exist in activities among the various bots on time and space. Proposed a linkage monitoring model on clustering. Through the collection and analysis the feedback data of DNS cache server on the test system deployed operating room in the city, it is proved that the linkage monitoring model on clustering can not only monitor the unknown botnet, but also monitoring process independent of the protocol and structure used. It has a good monitoring efficiency.
%K behavior relevance
%K domain analysis
%K botnet
%K cluster
%K linkage monitoring<br>行为关联
%K 域名分析
%K 僵尸网络
%K 聚类
%K 联动监测
%U http://www.alljournals.cn/get_abstract_url.aspx?pcid=5B3AB970F71A803DEACDC0559115BFCF0A068CD97DD29835&cid=8240383F08CE46C8B05036380D75B607&jid=A9D9BE08CDC44144BE8B5685705D3AED&aid=F950C016BC33E901DBE7CFFFA7417FE6&yid=99E9153A83D4CB11&vid=771469D9D58C34FF&iid=38B194292C032A66&sid=FBF817B1E8A20479&eid=DE3C727FE2D9509D&journal_id=1001-3695&journal_name=计算机应用研究&referenced_num=0&reference_num=13