%0 Journal Article %T 基于分形与自适应数据融合的P2P botnet检测方法<br>P2P botnet detection method based on fractal and adaptive data fusion %A 宋元章 %A 李洪雨 %A 陈媛 %A 王俊杰< %A br> %A SONG Yuan-zhang %A LI Hong-yu %A CHEN Yuan %A WANG Jun-jie %J 山东大学学报(理学版) %D 2017 %R 10.6040/j.issn.1671-9352.2.2016.001 %X 摘要: 提出了一种基于分形与自适应数据融合的P2P僵尸网络检测方法。构建单分形特性、多分形特性检测传感器,利用大时间尺度下的自相似性和小时间尺度下的局部奇异性刻画网络流量特征,利用Kalman滤波器检测上述特性是否异常。为获得更精确的检测结果,提出了一种自适应数据融合方法,根据证据冲突程度自适应得选择DST(Dempster-Shafer Theory)、DSmT(Dezert-Smarandache Theory)对上述检测结果进行融合。而且,考虑到了P2P应用对检测的影响。实验结果表明该方法检测准确度较高。<br>Abstract: A novel P2P botnet detection algorithm based on fractal and adaptive data fusion was proposed. Firstly, it built the single-fractal detection sensor and the multi-fractal detection sensor, and they used the self-similarity under the large time scale and the local singularity under the small time scale to describe the characteristics of network. Kalman filter was used to detect abnormalities of the above characteristics. To get the more accurate detection result, an adaptive data fusion method based on DST(Dempster-Shafer Theory)and DSmT(Dezert-Smarandache Theory)was proposed. Depending on the conflict factor of evidences, DST and DSmT were adaptively utilized to fuse the results of two above detection sensors to get the final result. The side effects on detecting P2P botnet which P2P programs generated are considered. The experiments show that the proposed algorithm is able to detect P2P botnet with high accuracy %K P2P僵尸网络 %K Dezert-Smarandache理论 %K 自适应数据融合 %K Dempster-Shafer理论 %K < %K br> %K P2P botnet %K Adaptive Data Fusion %K Dezert-Smarandache Theory %K Dempster-Shafer Theory %U http://lxbwk.njournal.sdu.edu.cn/CN/10.6040/j.issn.1671-9352.2.2016.001