%0 Journal Article
%T 基于命令语法结构特征的IRC僵尸网络频道检测<br>Detection of IRC Botnet C&C channels using the instruction syntax
%A 闫健恩
%A 张兆心
%A 许海燕
%A 张宏莉
%J 清华大学学报（自然科学版）
%D 2017
%R 10.16511/j.cnki.qhdxxb.2017.26.040
%X 僵尸频道是基于因特网在线聊天（Internet relay chat，IRC）协议僵尸网络传递控制命令，操纵整个网络的唯一途径。该文针对IRC僵尸网络频道检测问题，提出一种利用僵尸网络控制命令语法结构特征，实现检测僵尸网络频道的方法。使用可信系数描述频道中的字符串为僵尸网络控制命令的可能性，并结合可信系数，改进阈值随机游走（threshold random walk，TRW）算法，用以加快僵尸网络频道检测速度。实验结果表明：该方法对僵尸频道有很好的识别能力，检测效率明显提高。<br>Abstract：The command and control (C&C) channel is a unique way that a Internet relay chat (IRC) Botnet sends commands to control the Botnet. This study analyzed the syntax characteristics of the control command to develop a method to detect the control command channel. A creditable coefficient was defined to describe the possibility of a sentence in a channel being a Botnet control command. An improved threshold random walk (TRW) algorithm was used with the creditable coefficients to accelerate the C&C channel detection. Tests show that this method can efficiently detect Botnet C&C channels.
%K 僵尸网络
%K 命令语法结构
%K 阈值随机游走(TRW)
%K &lt
%K br&gt
%K Botnet
%K instruction syntax
%K threshold random walk (TRW)
%U http://jst.tsinghuajournals.com/CN/Y2017/V57/I9/914