This paper proposes a new method of identifying Bot based on DNS query activities. Firstly, as Bots usually run automatically, detection rage is narrowed down from the point of view of DNS query. Secondly, a Bot-DNS detection model is created on differences of DNS reaction behavior between Bots and normal processes, to judge whether the suspi-cious process is Bot. The experimental results show that the method can detect Bots in the early stage. It is independent of protocol and structure, and has a better detection effect.%提出一种基于DNS查询行为的检测方法。根据Bot的自动运行特性,从DNS查询的角度对主机中的进程进行初步过滤,缩小检测范围;分析Bot与其他进程的DNS反应行为模式的异同,构建Bot-DNS检测模型,在此基础上判断可疑进程是否为Bot。实验结果表明,该方法能够检测出处于生命周期早期阶段的Bot,且检测过程与Bot采用的协议结构无关,具有较好的检测效果。
展开▼
机译:Beapaling van DNa-schade in aan Ioniserende straling Blootgestel - de Cellen遇到了Behulp van monoklonale antilichamen Gericht Tegen Enkelstrengig DNa(通过使用抗单链DNa单克隆抗体检测暴露于电离辐射的细胞中的DNa损伤)