To solve the problem of detection of an IRC Botnet's control commands,a syntax feature-based identification method is presented.The method,firstly,analyzes the lexical features of keywords and parameters of IRC Botnet control commands,and then unifies them for input processing.Secondly,starting from the features of syntax structures such as the type and amount of parameters,three kinds of control commands' formalized grammar descriptions are defined to fit different syntax structures,furthermore a prototype system based on the LR parsing technique is designed and implemented.The availability of the method was verified by experiment and the experimental results showed that the grammar had the good ability in recognizing the Botnet control commands,and its performance met the pactical requirement.%通过分析僵尸网络控制命令的语法结构特征,提出一种基于语法结构特征识别IRC僵尸网络控制命令的方法.该方法首先分析命令关键字和命令参数的词法特征,对其进行归一化处理,其次从参数的类型和数量等语法结构特征出发,定义三种僵尸网络控制命令的文法形式化描述,以适合不同的命令语法结构,并基于LR语法分析技术实现识别原型系统.最后经过实验测试,结果表明文法对僵尸网络控制命令有很好的识别能力,从而验证了方法的有效性,且性能能够满足实际的需要.
展开▼
